/
secret.go
63 lines (50 loc) · 1.62 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
// SPDX-License-Identifier: Apache-2.0
package main
import (
"github.com/go-vela/server/database"
"github.com/go-vela/server/secret"
"github.com/go-vela/types/constants"
"github.com/sirupsen/logrus"
"github.com/urfave/cli/v2"
)
// helper function to setup the secrets engines from the CLI arguments.
func setupSecrets(c *cli.Context, d database.Interface) (map[string]secret.Service, error) {
logrus.Debug("Creating secret clients from CLI configuration")
secrets := make(map[string]secret.Service)
// native secret configuration
_native := &secret.Setup{
Driver: constants.DriverNative,
Database: d,
}
// setup the native secret service
//
// https://pkg.go.dev/github.com/go-vela/server/secret?tab=doc#New
native, err := secret.New(_native)
if err != nil {
return nil, err
}
secrets[constants.DriverNative] = native
// check if the vault driver is enabled
if c.Bool("secret.vault.driver") {
// vault secret configuration
_vault := &secret.Setup{
Driver: constants.DriverVault,
Address: c.String("secret.vault.addr"),
AuthMethod: c.String("secret.vault.auth-method"),
AwsRole: c.String("secret.vault.aws-role"),
Prefix: c.String("secret.vault.prefix"),
Token: c.String("secret.vault.token"),
TokenDuration: c.Duration("secret.vault.renewal"),
Version: c.String("secret.vault.version"),
}
// setup the vault secret service
//
// https://pkg.go.dev/github.com/go-vela/server/secret?tab=doc#New
vault, err := secret.New(_vault)
if err != nil {
return nil, err
}
secrets[constants.DriverVault] = vault
}
return secrets, nil
}