Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateLoginData(headerValue, vaultRoleName string) (map[string]interface{}, error)
- func GetExistingVaultToken() string
- func GetVaultClient(vaultAddr string) (*vault.Client, error)
- func GetVaultTokenAwsAuth(vaultRoleName string, vaultAddr string, authMount string) (string, error)
- func GetVaultTokenKubeJwtAuth(vaultRoleName string, vaultAddr string, kubernetesJwtLocation string) (string, error)
- func IsKubeServiceAccountJwtOnFile(kubernetesJwtLocation string) bool
- func IsTokenValid(token string, vaultAddr string) bool
- type AwsSecret
- type AwsSecretOutput
- type EnvironmentExchanger
- type GenericSecret
- type NamespaceRequest
- type SecretRequest
- type SecretRetriever
Constants ¶
View Source
const AWS_SECRET_REGEX_PATTERN = "^AWS:([a-zA-Z0-9\\/_-]*)/([a-zA-Z0-9\\/_-]+):([0-9]+):([a-zA-Z0-9_-]+)(?:\\:([a-zA-Z0-9_-]+)?)?(?:\\:([a-zA-Z0-9_-]+))?$"
AWS:<namespace>/<secret-path>:<aws-account-id>:<vault-sts-role>[:<aws-assume-role>][:vault-auth-role]
View Source
const CredentialProcessOutputVersion = 1
View Source
const VAULT_ENV_PREFIX = "VAULT__"
View Source
const VAULT_SECRET_REGEX_PATTERN = "^([a-zA-Z0-9\\/_-]+)::([a-zA-Z0-9_-]+):([a-zA-Z0-9\\/_ -]+):([a-zA-Z0-9_ -]+)(?:@(\\d))?$"
<namespace>::<mount>:<path>:<key>[@<version][::<export_name>]
Variables ¶
View Source
var AwsSecretRegex, _ = regexp.Compile(AWS_SECRET_REGEX_PATTERN)
View Source
var VaultRegex, _ = regexp.Compile(VAULT_SECRET_REGEX_PATTERN)
Functions ¶
func GenerateLoginData ¶
func GetExistingVaultToken ¶
func GetExistingVaultToken() string
func GetVaultClient ¶
func GetVaultTokenAwsAuth ¶
func IsTokenValid ¶
Types ¶
type AwsSecretOutput ¶
type AwsSecretOutput struct {
Version int
AccessKeyId string
SecretAccessKey string
SessionToken string
Expiration string
}
func GetAwsCredentials ¶
func GetAwsCredentials(vaultToken, namespace, secretPath, accountID, vaultStsRoleName, awsAssumeRoleName, vaultAddr string) (AwsSecretOutput, error)
type EnvironmentExchanger ¶
type EnvironmentExchanger struct {
// contains filtered or unexported fields
}
func NewEnvironmentExchanger ¶
func NewEnvironmentExchanger(vaultAddr string, vaultToken string, vaultRole string, currentEnv []string, awsConfigFileLocation string) (*EnvironmentExchanger, error)
Creates a new EnvironmentExchanger.
func (*EnvironmentExchanger) ExchangeEnvironment ¶
func (a *EnvironmentExchanger) ExchangeEnvironment() ([]string, error)
type GenericSecret ¶
type GenericSecret struct {
// contains filtered or unexported fields
}
type NamespaceRequest ¶
type NamespaceRequest struct {
// contains filtered or unexported fields
}
type SecretRequest ¶
type SecretRequest struct {
SecretRetriever
// contains filtered or unexported fields
}
type SecretRetriever ¶
type SecretRetriever interface {
// contains filtered or unexported methods
}
Source Files
Click to show internal directories.
Click to hide internal directories.