Secret Store

Gofer provides a secret store as a way to enable users to pass secrets into pipeline configuration files.

The secrets included in the pipeline file use a special syntax so that Gofer understands when it is given a secret value instead of a normal variable.

...
env_vars = {
  "SOME_SECRET_VAR" = "secret{{my_key_here}}"
}
...

Supported Secret Stores

The only currently supported secret store is the sqlite object store. Reference the configuration reference for a full list of configuration settings and options.

How to add new Secret Stores?

Secret stores are pluggable! Simply implement a new secret store by following the given interface.

type Engine interface {
    GetSecret(key string) (string, error)
    PutSecret(key string, content string, force bool) error
    ListSecretKeys(prefix string) ([]string, error)
    DeleteSecret(key string) error
}