# README
Secure Session Agent Client Libraries
The Secure Session Agent is a service that enables a workload to offload select operations from the mTLS handshake and protects a workload's private key material from exfiltration. Specifically, the workload asks the Secure Session Agent for the TLS configuration to use during the handshake, to perform private key operations, and to validate the peer certificate chain. The Secure Session Agent's client libraries enable applications to communicate with the Secure Session Agent during the TLS handshake, and to encrypt traffic to the peer after the TLS handshake is complete.
This repository contains the source code for the Secure Session Agent's Go client libraries, which allow gRPC and HTTP Go applications to use the Secure Session Agent.
# Packages
No description provided by the author
Package fallback provides default implementations of fallback options when S2A fails.
Package retry provides a retry helper for talking to S2A gRPC server.
Package stream provides an interface for bidirectional streaming to the S2A server.
No description provided by the author
# Functions
AuthInfoFromContext extracts the authinfo.S2AAuthInfo object from the given context, if it exists.
AuthInfoFromPeer extracts the authinfo.S2AAuthInfo object from the given peer, if it exists.
DefaultClientOptions returns the default client options.
DefaultServerOptions returns the default server options.
NewClientCreds returns a client-side transport credentials object that uses the S2A to establish a secure connection with a server.
NewHostname creates a hostname from name.
NewS2ADialTLSContextFunc returns a dialer which establishes an MTLS connection using S2A.
NewServerCreds returns a server-side transport credentials object that uses the S2A to establish a secure connection with a client.
NewSpiffeID creates a SPIFFE ID from id.
NewTLSClientConfigFactory returns an instance of s2aTLSClientConfigFactory.
NewUID creates a UID from name.
# Constants
Three types of verification modes.
Three types of verification modes.
Three types of verification modes.
Three types of verification modes.
Three types of verification modes.
Three types of verification modes.
# Structs
ClientOptions contains the client-side options used to establish a secure channel using the S2A handshaker service.
FallbackDialer contains a fallback tls.Dialer and a server address to connect to.
FallbackOptions prescribes the fallback logic that should be taken if the application fails to connect with S2A.
ServerOptions contains the server-side options used to establish a secure channel using the S2A handshaker service.
TLSClientConfigOptions specifies parameters for creating client TLS config.
# Interfaces
AuthInfo exposes security information from the S2A to the application.
Identity is the interface for S2A identities.
TLSClientConfigFactory defines the interface for a client TLS config factory.
# Type aliases
VerificationModeType specifies the mode that S2A must use to verify the peer certificate chain.