Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.

GetFingerprint returns the fingerprint of a credential.

Int converts an int into a *int.

IntValue safely converts a *int into an int.

IsErrDisabled returns whether the given error is caused because the feature is disabled.

IsErrNotFound returns whether the given error is caused by a un-existing resource.

IsKnownError returns whether the given error is a known SecretHub error.

JoinPaths joins any number of path elements into a single path.

NewAccountName validates an account's name and returns it as a typed AccountName when valid.

NewAuthRequestAWSSTS returns a new AuthRequest for authentication using AWS STS.

NewAuthRequestGCPServiceAccount returns a new AuthRequest for authentication using a GCP Service Account.

NewDirPath formats a RepoPath from an owner, repo string.

NewEncryptedDataAESGCM creates a new EncryptedData with the AES-GCM algorithm.

NewEncryptedDataAWSKMS creates a new EncryptedData with the AWS-KMS algorithm.

NewEncryptedDataAWSKMS creates a new EncryptedData with the GCP-KMS algorithm.

NewEncryptedDataRSAOAEP creates a new EncryptedData with the RSA-OAEP algorithm.

NewEncryptionKeyAccountKey creates a EncryptionKeyAccountKey.

NewEncryptionKeyAWS creates a EncryptionKeyAWS.

NewEncryptionKeyLocal creates a EncryptionKeyBootstrapCode.

NewEncryptionKeyDerivedScrypt creates a EncryptionKeyDerived with scrypt as key derivation algorithm.

NewEncryptionKeyEncrypted creates a EncryptionKeyEncrypted.

NewEncryptionKeyGCP creates a EncryptionKeyGCP.

NewEncryptionKeyLocal creates a EncryptionKeyLocal.

NewEncryptionKeySecretKey creates a EncryptionKeySecretKey.

NewPath creates a new Path and validates whether it is valid.

NewRepoPath formats a RepoPath from an owner and repo.

NewSecretPath formats a SecretPath from an owner, repo, and a secret.

NewSessionHMAC returns a HMAC type api.Session.

ProjectIDFromGCPEmail returns the project ID included in the email of a GCP Service Account.

String converts a string into a *string.

StringValue safely converts a *string into a string.

ValidateAccountName validates an AcccountName.

ValidateBlindName validates a blind name.

ValidateCredentialDescription validates the description for a credential.

ValidateCredentialFingerprint validates whether the given string is a valid credential fingerprint.

ValidateDirPath validates a dir path of form :owner/:repo_name/[parents/]*:directory.

ValidateEmail validates an email address.

ValidateFullName validates a user's full name.

ValidateGCPKMSKeyResourceID validates whether the given string is potentially a valid resource ID for a GCP KMS key The function does a best-effort check.

ValidateGCPProjectID returns an error if the provided value is not a valid GCP project ID.

ValidateGCPUserManagedServiceAccountEmail validates whether the given string is potentially a valid email for a user-managed GCP Service Account.

ValidateLinkedID calls the validation function corresponding to the link type and returns the corresponding result.

ValidateNamespace validates a username.

ValidateOrgDescription validates an organization description.

ValidateOrgName validates an organization name.

ValidateOrgRole validates an organization role.

ValidateRepoName validates a repo name.

ValidateRepoPath validates a repo path of form :owner/:repo_name.

ValidateSecretName validates a secret name.

ValidateSecretPath validates a secret path of form :owner/:repo_name/:secretname.

ValidateServiceDescription validates a service description.

ValidateServiceID validates a service id.

ValidateSetupCode checks whether the given string has the format of a valid setup code.

ValidateShortCredentialFingerprint validates whether the given string can be used as a short version of a credential fingerprint.

ValidateUsername validates a username.

AuditAction values.

AuditAction values.

AuditAction values.

AuditAction values.

AuditAction values.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

The different options for an AuditSubjectType.

AuthMethod options.

AuthMethod options.

Credential metadata keys.

Credential metadata keys.

Credential metadata keys.

Credential metadata keys.

CredentialProofPrefixAWS is the prefix to use in AWS STS proof plaintext.

Credential types.

Credential types.

Credential types.

Credential types.

Supported values for EncryptionAlgorithm.

Supported values for EncryptionAlgorithm.

Supported values for EncryptionAlgorithm.

Supported values for EncryptionAlgorithm.

Supported values for EncryptionAlgorithm.

Options for KeyDerivationAlgorithm.

Options for KeyType.

Options for KeyType.

Options for KeyType.

Options for KeyType.

Options for KeyType.

Options for KeyType.

Options for KeyType.

Options for KeyType.

512 KiB corrected for base64 overhead (4/3) and metadata.

Roles.

Roles.

The different Permission options.

The different Permission options.

The different Permission options.

The different Permission options.

SessionType options.

StatusFailed signals that revocation cannot complete.

StatusFlagged signals that a resource should be considered compromised and should be rotated/no longer used.

StatusOK signals everything is in order.

Errors.

Error.

Errors.

Errors.

Auth.

Errors returned by the SecretHub API.

Errors.

Account.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

AWS IdP.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Dirs.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors returned by the SecretHub API.

Errors.

Credential.

Errors returned by the SecretHub API.

DB.

Dirs.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors returned by the SecretHub API.

GCP IdP.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors These will be removed after the next server-release, as they are then no longer returned from the server.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors These will be removed after the next server-release, as they are then no longer returned from the server.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors.

Errors returned by the SecretHub API.

Namespaces.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors.

General.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors.

Organization.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors returned by the SecretHub API.

Account key.

Errors returned by the SecretHub API.

Errors.

Repos.

Errors returned by the SecretHub API.

Errors.

Secrets.

Secret Keys.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Service.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

Errors.

no status error because it is an internal error.

Errors These will be removed after the next server-release, as they are then no longer returned from the server.

Errors.

Errors returned by the SecretHub API.

no status error because it is an internal error.

User.

Errors returned by the SecretHub API.

Errors.

Errors.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors returned by the SecretHub API.

Errors.

AccessLevel defines the permissions of an account on a directory and is the effect of one or more access rules on the directory itself or its parent(s).

AccessRule defines the permission of an account on a directory and its children.

Account represents an account on SecretHub.

Audit represents an AuditEvent in SecretHub.

AuditActor represents the Account of an AuditEvent.

AuditSubject represents the Subject of an AuditEvent.

AuthPayloadAWSSTS is the authentication payload used for authenticating with AWS STS.

AuthPayloadGCPServiceAccount is the authentication payload used for authenticating with a GCP Service Account.

AuthRequest is a request to authenticate and request a session.

CreateAccessRuleRequest contains the request fields for creating an AccessRule.

CreateAccountKeyRequest contains the fields to add an account_key encrypted for a credential.

CreateCredentialRequest contains the fields to add a credential to an account.

CreateDirRequest contains the request fields for creating a new directory.

CreateOrgMemberRequest contains the required fields for creating a user's organization membership.

CreateOrgRequest contains the required fields for creating an organization.

CreateRepoMemberRequest contains the required fields for adding a user to a repo.

CreateRepoRequest contains the required fields for a Repo.

CreateSecretKeyRequest contains the request fields for creating a new secret key.

CreateSecretRequest contains the request fields for creating a new secret, together with its first version, encrypted for accounts that need access.

CreateSecretVersionRequest contains the request fields for creating a secret version with a secret key.

CreateServiceRequest contains the required fields for creating an Service.

Credential is used to authenticate to the API and to encrypt the account key.

CredentialProofAWS is proof for when the credential type is AWSSTS.

CredentialProofBackupCode is proof for when the credential type is backup key.

CredentialProofKey is proof for when the credential type is GCPServiceAccount.

CredentialProofKey is proof for when the credential type is RSA.

Dir represents an directory.

EncryptedAccountKey represents an account key encrypted with a credential.

EncryptedData contains data that is encrypted with an algorithm described by Algorithm.

EncryptedDataAESGCM is a typed EncryptedData for the AESGCM algorithm.

EncryptedDir represents an encrypted Dir.

EncryptedKeyRequest contains the request fields for re-encrypted for an account.

EncryptedNameForNodeRequest contains an EncryptedName for an Account and the corresponding NodeID.

EncryptedNameRequest contains an EncryptedName for an Account.

EncryptedSecret represents an encrypted Secret It does not contain the encrypted data.

EncryptedSecretKey represents a secret key, encrypted for a specific account.

EncryptedSecretVersion represents a version of an encrypted Secret.

EncryptedTree can construct a full tree at a certain path.

EncryptionKey specifies the common fields for all types of encryption keys.

EncryptionKeyAccountKey is an account's master key that is used to encrypt data and/or keys specifically for an account.

EncryptionKeyAWS is a key that is stored in the AWS KMS service and which can be used for encryption by calling the AWS KMS API.

EncryptionKeyBootstrapCode is an encryption key that is stored as a code memorized by the user.

EncryptionKeyDerived is an encryption key that can be derived from a passphrase.

EncryptionKeyEncrypted is an encryption key that has been encrypted by another key.

EncryptionKeyGCP is a key that is stored in the GCP KMS service and which can be used for encryption by calling the GCP KMS API.

EncryptionKeyLocal is an encryption key that has is stored locally by the user.

EncryptionKeySecretKey is a key that is used to encrypt secrets.

EncryptionMetadataAESGCM is the metadata used by the AES-GCM encryption algorithm.

EncryptionParametersAESGCM are the parameters used by the AES-GCM encryption algorithm.

EncryptionParametersRSAOAEP are the parameters used by the RSA-OAEP encryption algorithm.

IdentityProviderLink is a prerequisite for creating some identity provider backed service accounts.

InviteUserRequest contains the required fields for inviting a user to a repo.

KeyDerivationMetadataScrypt is the metadata used by the scrypt key derivation algorithm.

KeyDerivationParametersScrypt are the parameters used by the scrypt key derivation algorithm.

NamespaceDetails defines a user or organization namespace.

Org represents an organization account on SecretHub.

OrgMember represents a user's membership of an organization.

Repo represents a repo on SecretHub.

RepoKeys contains the response with the repo key.

RepoMember represents a member of a SecretHub repo.

RevokeOpts contains optional query parameters for revoke requests.

RevokeOrgResponse is returned as the effect of revoking an account from a repository.

RevokeRepoResponse is returned as the effect of revoking an account from a repo.

RevokeResponse is returned when a revoke command is executed.

Secret represents a decrypted secret in SecretHub.

SecretAccessRequest contains the request fields to grant an account access to a secret.

SecretKey represents a secret key that is intended to be used by a specific account.

SecretKeyMemberRequest contains the request fields to grant access to a secret key.

SecretVersion represents a version of a Secret without any encrypted data.

Service represents a service account on SecretHub.

Session represents a session that can be used for authentication to the server.

SessionHMAC is a session that uses the HMAC algorithm to verify the authentication.

SessionPayloadHMAC is the payload of a HMAC typed session.

Tree contains a full tree from the RootDir and all dirs and secrets.

UpdateAccessRuleRequest contains the request fields for updating an AccessRule.

UpdateCredentialRequest contains the fields of a credential that can be updated.

UpdateOrgMemberRequest contains the required fields for updating a user's organization membership.

User represents a SecretHub user.

BlindNamePath represents a path that can be converted into a BlindName and exposes the necessary functions.

AccountName represents the name of either a user or a service.

AuditAction represents the action that was performed to create this audit event.

AuditSubjectType represents the type of an audit subject.

AuditSubjectTypeList represents a list of AuditSubjectTypes.

CredentialType is used to identify the type of algorithm that is used for a credential.

DirPath is a parse for dir paths of form :owner/:repo_name/[parents/]*:directory.

EncryptionAlgorithm specifies the encryption algorithm used for EncryptedData.

HashingAlgorithm specifies the hashing algorithm used for any encryption algorithm using hasing.

KeyDerivationAlgorithm specifies the key derivation algorithm used for a derived key.

KeyType specifies the type of key used for EncryptedData.

Namespace represents a namespace.

OrgName is the name of an organization.

ParentPath is a path to a namespace, repo or directory.

Path represents a path to either a namespace, a repo, a directory, or a secret.

Permission defines what kind of access an access rule grants or a access level has.

RepoPath is a parse for repo paths of form :owner/:repo_name.

SecretPath is a custom type for secret paths of form :owner/:repo_name/:secret.

SessionType defines how a session can be used.

SortAccessLevels sorts a list of AccessLevels first by the permission and then by the account name.

SortAccessRules makes a list of AccessRules sortable.

SortDirByName makes a list of Dir sortable.

SortDirPaths makes a slice of dir paths sortable.

SortOrgByName makes a list of orgs sortable.

SortOrgMemberByUsername makes a list of org members sortable.

SortRepoByName makes a list of repos sortable.

SortSecretByName makes a list of Secret sortable.