/
credentials.go
51 lines (40 loc) · 1.35 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package s3
import (
"os"
"time"
"github.com/minio/minio-go/v7/pkg/credentials"
)
// FileSecretsCredentials is an implementation of Minio's credentials.Provider,
// allowing to read credentials from Kubernetes or Docker secrets, as described in
// https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure
// and https://docs.docker.com/engine/swarm/secrets.
type FileSecretsCredentials struct {
credentials.Expiry
// Path to the file containing the access key,
// e.g. /etc/s3-secrets/access-key.
AccessKeyFile string
// Path to the file containing the secret key,
// e.g. /etc/s3-secrets/secret-key.
SecretKeyFile string
// Time between each secrets retrieval.
RefreshInterval time.Duration
}
// Retrieve implements credentials.Provider.
// It reads files pointed to by p.AccessKeyFilename and p.SecretKeyFilename.
func (c *FileSecretsCredentials) Retrieve() (credentials.Value, error) {
keyId, err := os.ReadFile(c.AccessKeyFile)
if err != nil {
return credentials.Value{}, err
}
secretKey, err := os.ReadFile(c.SecretKeyFile)
if err != nil {
return credentials.Value{}, err
}
creds := credentials.Value{
AccessKeyID: string(keyId),
SecretAccessKey: string(secretKey),
}
c.SetExpiration(time.Now().Add(c.RefreshInterval), -1)
return creds, err
}
var _ credentials.Provider = new(FileSecretsCredentials)