51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package options
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
// SecretSource references an individual secret value.
|
|
// Only one source within the struct should be defined at any time.
|
|
type SecretSource struct {
|
|
// Value expects a base64 encoded string value.
|
|
Value []byte `yaml:"value,omitempty"`
|
|
|
|
// FromEnv expects the name of an environment variable.
|
|
FromEnv string `yaml:"fromEnv,omitempty"`
|
|
|
|
// FromFile expects a path to a file containing the secret value.
|
|
FromFile string `yaml:"fromFile,omitempty"`
|
|
}
|
|
|
|
func (ss *SecretSource) GetSecretValue() ([]byte, error) {
|
|
if len(ss.Value) > 0 {
|
|
var decoded []byte
|
|
if _, err := base64.StdEncoding.Decode(decoded, ss.Value); err != nil {
|
|
return nil, fmt.Errorf("error decoding secret value: %w", err)
|
|
}
|
|
return decoded, nil
|
|
}
|
|
|
|
if ss.FromEnv != "" {
|
|
envValue := os.Getenv(ss.FromEnv)
|
|
return []byte(envValue), nil
|
|
}
|
|
|
|
if ss.FromFile != "" {
|
|
fileData, err := os.ReadFile(ss.FromFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error reading secret from file %q: %w", ss.FromFile, err)
|
|
}
|
|
return fileData, nil
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
// EnsureDefaults sets any default values for SecretSource fields.
|
|
func (ss *SecretSource) EnsureDefaults() {
|
|
// No defaults to set currently
|
|
}
|