go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/vault/vault.proto

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/vault/vault.proto (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  syntax = "proto3";
     5  
     6  package cnquery.providers.v1;
     7  option go_package = "go.mondoo.com/cnquery/providers-sdk/v1/vault";
     8  
     9  message SecretID {
    10    string key = 1;
    11  }
    12  
    13  message Secret {
    14    string key = 1;
    15    string label = 2;
    16    bytes data = 3;
    17    SecretEncoding encoding = 4;
    18  }
    19  
    20  service Vault {
    21    rpc About(Empty) returns (VaultInfo);
    22    rpc Get(SecretID) returns (Secret);
    23    rpc Set(Secret) returns (SecretID);
    24  }
    25  
    26  enum CredentialType {
    27    undefined = 0;
    28    password = 1;
    29    private_key = 2;
    30    ssh_agent = 3;
    31    bearer = 4;
    32    credentials_query = 5;
    33    json = 6;
    34    aws_ec2_instance_connect = 7;
    35    aws_ec2_ssm_session = 8;
    36    pkcs12 = 9;
    37  }
    38  
    39  enum SecretEncoding {
    40    encoding_undefined = 0;
    41    encoding_json = 1;
    42    encoding_proto = 2;
    43    encoding_binary = 3;
    44  }
    45  
    46  message Empty {}
    47  
    48  message VaultInfo {
    49    string name = 1;
    50  }
    51  
    52  // Credential holds authentication information
    53  message Credential {
    54    string secret_id = 1;
    55    CredentialType type = 2;
    56    string user = 3;
    57    bytes secret = 4;
    58    reserved 5;
    59  
    60    // the following are optional and sugar for defining a secret
    61    // those values are only allowed for reading in yaml values but not via API calls
    62    string password = 21; // optional, could also be the password for the private key
    63  
    64    // for user convenience we define private_key, this allows yaml/json writers
    65    // to just embed the string representation, otherwise it would need to be base64 encoded
    66    string private_key = 22;
    67  
    68    // for user convenience we define private_key_path which loads a local file into the
    69    // secret
    70    string private_key_path = 23;
    71  }
    72  
    73  enum VaultType {
    74    None = 0;
    75    KeyRing = 1;
    76    LinuxKernelKeyring = 2;
    77    EncryptedFile = 3;
    78    HashiCorp = 4;
    79    GCPSecretsManager = 5;
    80    AWSSecretsManager = 6;
    81    AWSParameterStore = 7;
    82    GCPBerglas = 8;
    83    Memory = 9;
    84  }
    85  
    86  message VaultConfiguration {
    87    string name = 1;
    88    VaultType type = 2;
    89    map <string, string> options = 3;
    90  }