2024-10-27 19:50:39 +01:00
|
|
|
export interface ISecretBundle {
|
|
|
|
id: string;
|
|
|
|
data: {
|
|
|
|
name: string;
|
|
|
|
description: string;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* determines if the secret is a service or an external secret
|
|
|
|
* if external secret additional checks are put in place to protect the secret
|
2024-12-20 02:13:50 +01:00
|
|
|
*
|
|
|
|
* * service:
|
|
|
|
* the bundle belongs to a service and can only be used by that service
|
|
|
|
* * npmci:
|
|
|
|
* the bundle is a secret bundle that is used by an npmci pipeline
|
|
|
|
* production secrets will be omitted in any case
|
|
|
|
* * gitzone:
|
|
|
|
* the bundle is a secret bundle that is used by a gitzone.
|
|
|
|
* Only local environment variables are allowed
|
|
|
|
* * external:
|
|
|
|
* the bundle is a secret bundle that is used by an external service
|
2024-10-27 19:50:39 +01:00
|
|
|
*/
|
|
|
|
type: 'service' | 'npmci' | 'gitzone' | 'external';
|
|
|
|
|
2025-01-20 02:11:12 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* set this if the secretBundle belongs to a service
|
|
|
|
*/
|
|
|
|
serviceId?: string;
|
|
|
|
|
2024-10-27 19:50:39 +01:00
|
|
|
/**
|
|
|
|
* You can add specific secret groups using this
|
|
|
|
*/
|
|
|
|
includedSecretGroupIds: string[];
|
|
|
|
|
|
|
|
/**
|
2025-01-20 02:11:12 +01:00
|
|
|
* access to this secretBundle also grants access to resources with matching tags
|
2024-10-27 19:50:39 +01:00
|
|
|
*/
|
|
|
|
includedTags: {
|
|
|
|
key: string;
|
|
|
|
value?: string;
|
|
|
|
}[];
|
|
|
|
|
|
|
|
/**
|
2025-01-20 02:11:12 +01:00
|
|
|
* access to this secretBundle also grants access to the images
|
2024-10-27 19:50:39 +01:00
|
|
|
*/
|
2025-01-20 02:11:12 +01:00
|
|
|
imageClaims: {
|
2024-10-27 19:50:39 +01:00
|
|
|
imageId: string;
|
|
|
|
permissions: ('read' | 'write')[];
|
2025-01-20 02:11:12 +01:00
|
|
|
}[];
|
2024-10-27 19:50:39 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* authrozations select a specific environment of a config bundle
|
|
|
|
*/
|
2024-12-28 19:50:29 +01:00
|
|
|
authorizations: Array<ISecretBundleAuthorization>;
|
2024-10-27 19:50:39 +01:00
|
|
|
};
|
|
|
|
}
|
2024-12-28 19:50:29 +01:00
|
|
|
|
|
|
|
export interface ISecretBundleAuthorization {
|
|
|
|
secretAccessKey: string;
|
|
|
|
environment: string;
|
|
|
|
}
|