vault

package

v0.5.0 Latest Latest Go to latest Published: Jul 7, 2017 License: MPL-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andresoro/goldfish

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DeleteFromCubbyhole(name string) (*api.Secret, error)
func GenerateRootCancel() error
func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error)
func GenerateRootStatus() (*api.GenerateRootStatusResponse, error)
func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error)
func LoadRuntimeConfig(configPath string) error
func NewVaultClient() (*api.Client, error)
func ReadFromCubbyhole(name string) (*api.Secret, error)
func StartGoldfishWrapper(wrappingToken, login, id string) error
func UnwrapData(wrappingToken string) (map[string]interface{}, error)
func VaultHealth() (string, error)
func WrapData(wrapttl string, data map[string]interface{}) (string, error)
func WriteToCubbyhole(name string, data map[string]interface{}) (interface{}, error)
type AuthInfo
type Config
- func GetConfig() Config

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// for authenticating this web server with vault
	VaultAddress = ""
	VaultSkipTLS = false
)

View Source

var (
	GithubCurrentCommit = ""
)

Functions ¶

func DeleteFromCubbyhole ¶

func DeleteFromCubbyhole(name string) (*api.Secret, error)

func GenerateRootCancel ¶

func GenerateRootCancel() error

func GenerateRootInit ¶

func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error)

func GenerateRootStatus ¶

func GenerateRootStatus() (*api.GenerateRootStatusResponse, error)

lookup current root generation status

func GenerateRootUpdate ¶

func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error)

func LoadRuntimeConfig ¶ added in v0.4.0

func LoadRuntimeConfig(configPath string) error

func NewVaultClient ¶ added in v0.3.0

func NewVaultClient() (*api.Client, error)

func ReadFromCubbyhole ¶

func ReadFromCubbyhole(name string) (*api.Secret, error)

func StartGoldfishWrapper ¶ added in v0.3.0

func StartGoldfishWrapper(wrappingToken, login, id string) error

func UnwrapData ¶ added in v0.2.5

func UnwrapData(wrappingToken string) (map[string]interface{}, error)

func VaultHealth ¶

func VaultHealth() (string, error)

func WrapData ¶ added in v0.2.5

func WrapData(wrapttl string, data map[string]interface{}) (string, error)

func WriteToCubbyhole ¶

func WriteToCubbyhole(name string, data map[string]interface{}) (interface{}, error)

Types ¶

type AuthInfo ¶

type AuthInfo struct {
	Type string `json:"Type" form:"Type" query:"Type"`
	ID   string `json:"ID" form:"ID" query:"ID"`
	Pass string `json:"password" form:"Password" query:"Password"`
}

func (*AuthInfo) CapabilitiesSelf ¶ added in v0.3.2

func (auth *AuthInfo) CapabilitiesSelf(path string) ([]string, error)

returns a list of capabilities the current auth has on a given path

func (*AuthInfo) Clear ¶

func (auth *AuthInfo) Clear()

zeros out credentials, call by defer

func (AuthInfo) Client ¶

func (auth AuthInfo) Client() (*api.Client, error)

constructs a client with server's vault address and client access token

func (AuthInfo) CreateToken ¶

func (auth AuthInfo) CreateToken(opts *api.TokenCreateRequest, wrapttl string) (*api.Secret, error)

func (*AuthInfo) DecryptAuth ¶

func (auth *AuthInfo) DecryptAuth() error

decrypt auth details with transit backend

func (AuthInfo) DecryptTransit ¶

func (auth AuthInfo) DecryptTransit(key string, cipher string) (string, error)

decrypt given cipher with userTransitKey

func (AuthInfo) DeletePolicy ¶

func (auth AuthInfo) DeletePolicy(name string) error

func (AuthInfo) DeleteSecret ¶ added in v0.4.1

func (auth AuthInfo) DeleteSecret(path string) (interface{}, error)

func (AuthInfo) DeleteTokenByAccessor ¶ added in v0.5.0

func (auth AuthInfo) DeleteTokenByAccessor(acc string) error

func (AuthInfo) DeleteUser ¶

func (auth AuthInfo) DeleteUser(backend string, deleteID string) error

func (*AuthInfo) EncryptAuth ¶

func (auth *AuthInfo) EncryptAuth() error

encrypt auth details with transit backend

func (AuthInfo) EncryptTransit ¶

func (auth AuthInfo) EncryptTransit(key string, plaintext string) (string, error)

encrypt given string with userTransitKey

func (AuthInfo) GetBulletins ¶

func (auth AuthInfo) GetBulletins() ([]map[string]interface{}, error)

func (AuthInfo) GetMount ¶

func (auth AuthInfo) GetMount(path string) (*api.MountConfigOutput, error)

func (AuthInfo) GetPolicy ¶

func (auth AuthInfo) GetPolicy(name string) (string, error)

func (AuthInfo) GetRole ¶

func (auth AuthInfo) GetRole(rolename string) (interface{}, error)

func (AuthInfo) GetTokenAccessors ¶ added in v0.5.0

func (auth AuthInfo) GetTokenAccessors() ([]interface{}, error)

func (AuthInfo) GetTokenCount ¶

func (auth AuthInfo) GetTokenCount() (int, error)

func (AuthInfo) ListMounts ¶

func (auth AuthInfo) ListMounts() (map[string]*api.MountOutput, error)

returns list of current mounts, if authorized

func (AuthInfo) ListPolicies ¶

func (auth AuthInfo) ListPolicies() ([]string, error)

func (AuthInfo) ListRoles ¶

func (auth AuthInfo) ListRoles() (interface{}, error)

func (AuthInfo) ListSecret ¶

func (auth AuthInfo) ListSecret(path string) ([]interface{}, error)

func (AuthInfo) ListUsers ¶

func (auth AuthInfo) ListUsers(backend string, offset int) (interface{}, error)

func (auth *AuthInfo) Login() (map[string]interface{}, error)

verifies whether auth ID and password are valid if valid, creates a client access token and returns the metadata

func (AuthInfo) LookupSelf ¶

func (auth AuthInfo) LookupSelf() (*api.Secret, error)

func (AuthInfo) LookupTokenByAccessor ¶ added in v0.5.0

func (auth AuthInfo) LookupTokenByAccessor(accs string) ([]interface{}, error)

func (AuthInfo) PutPolicy ¶

func (auth AuthInfo) PutPolicy(name, rules string) error

func (AuthInfo) ReadSecret ¶

func (auth AuthInfo) ReadSecret(path string) (map[string]interface{}, error)

func (AuthInfo) RenewSelf ¶

func (auth AuthInfo) RenewSelf() (*api.Secret, error)

func (AuthInfo) RevokeSelf ¶

func (auth AuthInfo) RevokeSelf() error

func (AuthInfo) TuneMount ¶

func (auth AuthInfo) TuneMount(path string, config api.MountConfigInput) error

func (*AuthInfo) UnwrapData ¶ added in v0.3.2

func (auth *AuthInfo) UnwrapData(wrappingToken string) (map[string]interface{}, error)

to do: Find an optimal way to allow unauthenticated users to unwrap data

func (*AuthInfo) WrapData ¶ added in v0.3.2

func (auth *AuthInfo) WrapData(wrapttl string, raw string) (string, error)

func (AuthInfo) WriteSecret ¶

func (auth AuthInfo) WriteSecret(path string, raw string) (interface{}, error)

type Config ¶

type Config struct {
	ServerTransitKey  string
	UserTransitKey    string
	TransitBackend    string
	DefaultSecretPath string
	BulletinPath      string

	SlackWebhook string
	SlackChannel string

	GithubAccessToken  string
	GithubRepoOwner    string
	GithubRepo         string
	GithubPoliciesPath string
	GithubTargetBranch string

	// fields that goldfish will write
	LastUpdated         string `hash:"ignore"`
	GithubCurrentCommit string
}

func GetConfig ¶

func GetConfig() Config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL