added placeholder folders for sdks

.gitignore

@@ -47,7 +47,7 @@ vendor
 /vsecm-sidecar
 /example-using-init-container
 /example-using-sidecar
-/example-using-sdk
+/example-using-sdk-go
 /example-multiple-secrets
 /vsecm-ist-init-container
 /vsecm-ist-safe

README.md

@@ -181,18 +181,26 @@ of **VMware Secrets Manager** system design and how each component fits together
 Here are the important folders and files in this repository:
 
 * `./app`: Contains core **VSecM** components' source code.
- * `./app/init-container`: Contains the source code for the **VSecM Init Container**.
+ * `./app/init_container`: Contains the source code for the **VSecM Init Container**.
+ * `./app/inspector`: Contains the source code for the **VSecM Inspector**.
+ * `./app/keygen`: Contains the source code for the **VSecM Keygen**.
  * `./app/safe`: Contains the **VSecM Safe** source code.
  * `./app/sentinel`: Contains the source code for the **VSecM Sentinel**.
  * `./app/sidecar`: Contains the source code for the **VSecM Sidecar**.
+* `./ci`: Automation and CI/CD scripts.
 * `./helm-charts`: Contains **VSecM** helm charts.
 * `./core`: Contains core modules shared across **VSecM** components.
+* `./dockerfiles`: Contains Dockerfiles for building **VSecM** container images.
 * `./examples`: Contains the source code of example use cases.
 * `./hack`: Contains scripts for building, publishing, development
  , and testing.
 * `./k8s`: Contains Kubernetes manifests that are used to deploy **VSecM** and
  its use cases.
-* `./sdk`: Contains the source code of the **VSecM Developer SDK**.
+* `./sdk`: Contains the source code of the **VSecM Developer Go SDK**.
+* `./sdk-cpp`: Contains the source code of the **VSecM Developer C++ SDK**.
+* `./sdk-java`: Contains the source code of the **VSecM Developer Java SDK**.
+* `./sdk-python`: Contains the source code of the **VSecM Developer Python SDK**.
+* `./sdk-rust`: Contains the source code of the **VSecM Developer Rust SDK**.
 * `./docs`: Contains the source code of the **VSecM Documentation** website (<https://vsecm.com>).
 * `./CODE_OF_CONDUCT.md`: Contains **VSecM** Code of Conduct.
 * `./CONTRIBUTING_DCO.md`: Contains **VSecM** Contributing Guidelines.

app/sentinel/rest/core/adapter_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package core

app/sentinel/rest/core/auth_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package core

app/sentinel/rest/core/handle_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package core

app/sentinel/rest/core/validation_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package core

app/sentinel/rest/server_test.go

@@ -0,0 +1,11 @@
+/*
+| Protect your secrets, protect your sensitive data.
+: Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/ keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware Secrets Manager contributors.
+>/' SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package rest

dockerfiles/example/init-container.Dockerfile

@@ -17,7 +17,7 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o example \
- ./examples/using-init-container/main.go
+ ./examples/using_init_container/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/example/multiple-secrets.Dockerfile

@@ -18,9 +18,9 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o env \
- ./examples/multiple-secrets/main.go
+ ./examples/multiple_secrets/main.go
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth \
- ./examples/multiple-secrets/busywait/main.go
+ ./examples/multiple_secrets/busywait/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/example/sdk.Dockerfile → dockerfiles/example/sdk-go.Dockerfile

@@ -18,9 +18,9 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o example \
- ./examples/using-sdk/main.go
+ ./examples/using_sdk_go/main.go
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o env \
- ./examples/using-sdk/helper/env/main.go
+ ./examples/using_sdk_go/helper/env/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/example/sidecar.Dockerfile

@@ -17,9 +17,9 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o example \
- ./examples/using-sidecar/main.go
+ ./examples/using_sidecar/main.go
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o env \
- ./examples/using-sidecar/helper/env/main.go
+ ./examples/using_sidecar/helper/env/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/vsecm-ist-fips/init-container.Dockerfile

@@ -21,7 +21,7 @@ WORKDIR /build
 
 # GOEXPERIMENT=boringcrypto is required for FIPS compliance.
 RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o vsecm-init-container \
- ./app/init-container/cmd/main.go
+ ./app/init_container/cmd/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/vsecm-ist/init-container.Dockerfile

@@ -19,7 +19,7 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-init-container \
- ./app/init-container/cmd/main.go
+ ./app/init_container/cmd/main.go
 
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11

dockerfiles/vsecm-photon-fips/init-container.Dockerfile

@@ -21,7 +21,7 @@ WORKDIR /build
 
 # GOEXPERIMENT=boringcrypto is required for FIPS compliance.
 RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o vsecm-init-container \
- ./app/init-container/cmd/main.go
+ ./app/init_container/cmd/main.go
 
 # generate clean, final image for end users
 FROM photon:5.0

dockerfiles/vsecm-photon/init-container.Dockerfile

@@ -19,7 +19,7 @@ COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-init-container \
- ./app/init-container/cmd/main.go
+ ./app/init_container/cmd/main.go
 
 # generate clean, final image for end users
 FROM photon:5.0

docs/_pages/0100-sdk.md

@@ -85,7 +85,7 @@ Here follows a possible Deployment descriptor for such a workload.
 
 Check out [VMware Secrets Manager demo workload manifests][demos] for additional examples.
 
-[demos]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using-sdk/k8s "Demo Workloads"
+[demos]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using_sdk_go/k8s "Demo Workloads"
 
 ```yaml
 apiVersion: v1
@@ -125,7 +125,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk:latest
+ image: vsecm/example-using-sdk-go:latest
  volumeMounts:
  - name: spire-agent-socket
  mountPath: /spire-agent-socket

docs/_pages/0200-sidecar.md

@@ -24,7 +24,7 @@ You can find the deployment manifests inside the
 [`./examples/workload-using-sidecar/k8s`][workload-yaml] folder of your
 cloned **VMware Secrets Manager** folder.
 
-[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using-sidecar/k8s
+[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using_sidecar/k8s
 
 To deploy our workload using that manifest, execute the following:
 
@@ -56,7 +56,7 @@ that folder:
 [Here is the source code of the demo container's app][workload-src] for the
 sake of completeness.
 
-[workload-src]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using-sidecar/main.go
+[workload-src]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using_sidecar/main.go
 
 When you check the source code, you'll see that our demo app tries to read a
 secret file every 5 seconds forever:
@@ -84,7 +84,7 @@ For this, there is an identity file that defines a `ClusterSPIFFEID` for
 the workload:
 
 ```yaml
-# ./examples/workload-using-sidecar/k8s/Identity.yaml
+# ./examples/using_sidecar/k8s/Identity.yaml
 
 {% raw %}kind: ClusterSPIFFEID
 metadata:
@@ -259,7 +259,7 @@ Assuming you've had a chance to review the deployment manifests as recommended
 at the start of this tutorial, you might have noticed something similar to what's
 presented below in the [`Identity.yaml`][identity-yaml]."
 
-[identity-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using-sidecar/k8s/Identity.yaml
+[identity-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using_sidecar/k8s/Identity.yaml
 [clusterspiffeid]: https://github.com/spiffe/spire-controller-manager/blob/main/docs/clusterspiffeid-crd.md
 
 ```text

docs/_pages/0210-sdk.md

@@ -71,7 +71,7 @@ All right, our cluster is as clean as a baby's butt; let's move on.
 Make sure [you examine the manifests][workload-yaml] to gain an understanding
 of what kinds of entities you've deployed to your cluster.
 
-[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using-sdk/k8s
+[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using_sdk/k8s
 
 ## The Benefit of Using **VSecM SDK**
 
@@ -113,7 +113,7 @@ And that's it. You have your demo workload up and running.
 [Here is the source code of the demo container's app][workload-src] for the
 sake of completeness.
 
-[workload-src]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using-sdk/main.go
+[workload-src]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using_sdk_go/main.go
 
 When you check the source code, you'll see that our demo app tries to get the
 secret by querying the SDK via `sentry.Fetch()`, displays the secret if it finds

docs/_pages/0220-init-container.md

@@ -56,7 +56,7 @@ kubectl exec vsecm-sentinel-778b7fdc78-86v6d -n \
 Make sure [you examine the manifests][workload-yaml] to gain an understanding
 of what kinds of entities you've deployed to your cluster.
 
-[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using-init-container/k8s
+[workload-yaml]: https://github.com/vmware-tanzu/secrets-manager/tree/main/examples/using_init_container/k8s
 
 ## Demo Workload
 
@@ -66,7 +66,7 @@ going to deploy soon.
 The following is the main application that the workload runs:
 
 ```go
-// ./examples/workload-using-init-container/main.go
+// ./examples/using_init_container/main.go
 
 func main() {
  // ... Truncated ...
@@ -114,8 +114,8 @@ spec:
 # ... Truncated ... 
 ```
 
-[deployment-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using-init-container/k8s/Deployment.yaml
-[secret-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using-init-container/k8s/Secret.yaml
+[deployment-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using_init_container/k8s/Deployment.yaml
+[secret-yaml]: https://github.com/vmware-tanzu/secrets-manager/blob/main/examples/using_init_container/k8s/Secret.yaml
 
 ## Deploy the Demo Workload
 
@@ -163,7 +163,7 @@ To make the init container exit successfully and initialize the main
 container of the Pod, execute the following script:
 
 ```bash
-{% raw %}# ./examples/workload-using-init-container/register.sh
+{% raw %}# ./examples/using_init_container/register.sh
 
 # Find a Sentinel node.
 SENTINEL=$(kubectl get po -n vsecm-system \

examples/multiple-secrets/README.md → examples/multiple_secrets/README.md

@@ -11,7 +11,7 @@ This example demonstrates how to use **VMware Secrets Manager** to register more
 than one secret to your workload.
 
 This demo is a slight variation of the 
-[Registering Secrets Using Init Container](../using-init-container)
+[Registering Secrets Using Init Container](../using_init_container)
 example.
 
 ## A Video Is Worth a Lot of Words
@@ -65,7 +65,7 @@ cd $WORKSPACE/vmware-secrets-manager
 # Deploy the use case from the pre-built image.
 make example-multiple-secrets-deploy
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/multiple-secrets
+cd $WORKSPACE/vmware-secrets-manager/examples/multiple_secrets
 # Register a secret:
 ./register.sh
 # List the secrets.

examples/using-init-container/README.md → examples/using_init_container/README.md

@@ -42,7 +42,7 @@ make build-local
 # Deploy the use case:
 make example-init-container-deploy-local
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-init-container
+cd $WORKSPACE/vmware-secrets-manager/examples/using_init_container
 # Check and make sure that the workload pod is still initializing:
 kubectl get po -n default
 # Register a secret:
@@ -64,7 +64,7 @@ cd $WORKSPACE/vmware-secrets-manager
 # Deploy the use case from the pre-built image.
 make example-sidecar-deploy
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-sidecar
+cd $WORKSPACE/vmware-secrets-manager/examples/using_sidecar
 # Check and make sure that the workload pod is still initializing:
 kubectl get po -n default
 # Register a secret:

examples/using-sdk/README.md → examples/using_sdk_go/README.md

@@ -50,7 +50,7 @@ make build-local
 # Deploy the use case:
 make example-sdk-deploy-local
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-sdk
+cd $WORKSPACE/vmware-secrets-manager/examples/using_sdk_go
 # Register a secret:
 ./register.sh
 # Tail the workload's logs and verify that the secret is there:
@@ -68,7 +68,7 @@ cd $WORKSPACE/vmware-secrets-manager
 # Deploy the use case from the pre-built image.
 make example-sdk-deploy
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-sdk
+cd $WORKSPACE/vmware-secrets-manager/examples/using_sdk_go
 # Register a secret:
 ./register.sh
 # Tail the workload's logs and verify that the secret is there:

examples/workshop-aegis/sdk/Deployment.yaml → examples/using_sdk_go/k8s-eks/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk:0.24.0
+ image: vsecm/example-using-sdk-go:0.24.0
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using-sdk/k8s-eks/image-override.yaml → examples/using_sdk_go/k8s-eks/image-override.yaml

@@ -18,4 +18,4 @@ spec:
  spec:
  containers:
  - name: main
- image: public.ecr.aws/h8y1n7y7/example-using-sdk:0.24.0
+ image: public.ecr.aws/h8y1n7y7/example-using-sdk-go:0.24.0

examples/using-sdk/k8s-eks/Deployment.yaml → examples/using_sdk_go/k8s/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk:0.24.0
+ image: vsecm/example-using-sdk-go:0.24.0
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using-sdk/k8s/image-override.yaml → examples/using_sdk_go/k8s/image-override.yaml

@@ -18,4 +18,4 @@ spec:
  spec:
  containers:
  - name: main
- image: localhost:5000/example-using-sdk:0.23.4
+ image: localhost:5000/example-using-sdk-go:0.24.0

examples/using-sidecar/README.md → examples/using_sidecar/README.md

@@ -42,7 +42,7 @@ make build-local
 # Deploy the use case:
 make example-sidecar-deploy-local
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-sidecar
+cd $WORKSPACE/vmware-secrets-manager/examples/using_sidecar
 # Register a secret:
 ./register.sh
 # Tail the workload's logs and verify that the secret is there:
@@ -60,7 +60,7 @@ cd $WORKSPACE/vmware-secrets-manager
 # Deploy the use case from the pre-built image.
 make example-sidecar-deploy
 # Switch to this use case's folder:
-cd $WORKSPACE/vmware-secrets-manager/examples/using-sidecar
+cd $WORKSPACE/vmware-secrets-manager/examples/using_sidecar
 # Register a secret:
 ./register.sh
 # Tail the workload's logs and verify that the secret is there:

examples/using-sdk/k8s/Deployment.yaml → examples/workshop_aegis/sdk/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk:0.23.4
+ image: vsecm/example-using-sdk-go:0.24.0
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket