|
| 1 | +// Package realms exposes the canonical set of Docker realm patterns that |
| 2 | +// clients use to scope secret queries. |
| 3 | +// |
| 4 | +// A realm is a path-pattern contract - not a permission boundary. Clients use |
| 5 | +// realms to declare which set of secrets they care about (e.g. Hub auth, |
| 6 | +// registry auth, MCP OAuth). Once a realm is established its pattern MUST NOT |
| 7 | +// change; clients may pin to a realm and treat it as a stable interface. |
| 8 | +// |
| 9 | +// The Docker realm hierarchy is: |
| 10 | +// |
| 11 | +// docker/ – all Docker secrets |
| 12 | +// docker/auth/hub/** – Docker Hub authentication (OAuth login) |
| 13 | +// docker/auth/hub-staging/** – Docker Hub staging authentication |
| 14 | +// docker/auth/registry/docker/** – Docker Registry authentication |
| 15 | +// docker/auth/metadata/hub/** – metadata for the default Hub user |
| 16 | +// docker/mcp/** – MCP-related secrets |
| 17 | +// docker/mcp/oauth/** – MCP OAuth credentials |
| 18 | +// docker/mcp/oauth-dcr/** – MCP Dynamic Client Registration configs |
| 19 | +// docker/sandbox/** – Sandbox-related secrets |
| 20 | +// docker/sandbox/oauth/** – Sandbox third-party OAuth tokens |
| 21 | +// |
| 22 | +// All variables in this package are re-exported from |
| 23 | +// github.com/docker/secrets-engine/x/realms and are provided here as a |
| 24 | +// stable, versioned surface for external consumers. |
| 25 | +package realms |
| 26 | + |
| 27 | +import xrealms "github.com/docker/secrets-engine/x/realms" |
| 28 | + |
| 29 | +// Docker realms all start with `docker/` as the prefix. |
| 30 | +// |
| 31 | +// Authentication flows done by the Docker CLI, Docker Desktop and Docker related |
| 32 | +// products must go through `docker/auth`. |
| 33 | +// |
| 34 | +// Docker Hub authentication (browser based OAuth login) will be prefixed |
| 35 | +// with `docker/auth/hub/<username>`. |
| 36 | +// |
| 37 | +// Docker Registry authentication will be prefixed with |
| 38 | +// `docker/auth/registry/docker/<username>`. |
| 39 | +var ( |
| 40 | + DockerHubAuthentication = xrealms.DockerHubAuthentication |
| 41 | + DockerHubStagingAuthentication = xrealms.DockerHubStagingAuthentication |
| 42 | + DockerRegistryAuthentication = xrealms.DockerRegistryAuthentication |
| 43 | + DockerRegistryStagingAuthentication = xrealms.DockerRegistryStagingAuthentication |
| 44 | +) |
| 45 | + |
| 46 | +var ( |
| 47 | + // DockerHubAuthenticationMetadata is a pointer to the default user signed in to Docker |
| 48 | + DockerHubAuthenticationMetadata = xrealms.DockerHubAuthenticationMetadata |
| 49 | + // DockerHubStagingAuthenticationMetadata is a pointer to the default staging user signed in to Docker |
| 50 | + DockerHubStagingAuthenticationMetadata = xrealms.DockerHubStagingAuthenticationMetadata |
| 51 | +) |
| 52 | + |
| 53 | +var ( |
| 54 | + // DockerMCPDefault is the default realm used for MCP related secrets |
| 55 | + DockerMCPDefault = xrealms.DockerMCPDefault |
| 56 | + // DockerMCPOAuth is the realm used for all MCP OAuth credentials retrieved by Docker. |
| 57 | + DockerMCPOAuth = xrealms.DockerMCPOAuth |
| 58 | + // DockerMCPOAuthDCR is the realm used to hold Dynamic Client Registered (DCR) |
| 59 | + // OAuth configurations for supported MCP servers. |
| 60 | + DockerMCPOAuthDCR = xrealms.DockerMCPOAuthDCR |
| 61 | +) |
| 62 | + |
| 63 | +var ( |
| 64 | + // DockerSandbox is the default realm used for Sandbox related secrets |
| 65 | + DockerSandbox = xrealms.DockerSandbox |
| 66 | + // DockerSandboxOAuth is the realm used for all Sandbox OAuth credentials |
| 67 | + // such as third-party tokens - this does not store the Docker Auth tokens. |
| 68 | + DockerSandboxOAuth = xrealms.DockerSandboxOAuth |
| 69 | +) |
0 commit comments