bao

Documentation

Index

• Constants
• Variables
• type Config
  • func LoadConfig() (*Config, error)
• type Provider
  • func NewProvider(config *Config, appConfig *common.Config) (*Provider, error)
  • func (p *Provider) LoadSecrets(_ context.Context, paths []string) ([]provider.Secret, error)

Constants

const (
	TokenEnv                = "BAO_TOKEN"
	TokenFileEnv            = "BAO_TOKEN_FILE"
	AddrEnv                 = "BAO_ADDR"
	AgentAddrEnv            = "BAO_AGENT_ADDR"
	CACertEnv               = "BAO_CACERT"
	CAPathEnv               = "BAO_CAPATH"
	ClientCertEnv           = "BAO_CLIENT_CERT"
	ClientKeyEnv            = "BAO_CLIENT_KEY"
	ClientTimeoutEnv        = "BAO_CLIENT_TIMEOUT"
	SRVLookupEnv            = "BAO_SRV_LOOKUP"
	SkipVerifyEnv           = "BAO_SKIP_VERIFY"
	NamespaceEnv            = "BAO_NAMESPACE"
	TLSServerNameEnv        = "BAO_TLS_SERVER_NAME"
	WrapTTLEnv              = "BAO_WRAP_TTL"
	MFAEnv                  = "BAO_MFA"
	MaxRetriesEnv           = "BAO_MAX_RETRIES"
	ClusterAddrEnv          = "BAO_CLUSTER_ADDR"
	RedirectAddrEnv         = "BAO_REDIRECT_ADDR"
	CLINoColorEnv           = "BAO_CLI_NO_COLOR"
	RateLimitEnv            = "BAO_RATE_LIMIT"
	RoleEnv                 = "BAO_ROLE"
	PathEnv                 = "BAO_PATH"
	AuthMethodEnv           = "BAO_AUTH_METHOD"
	TransitKeyIDEnv         = "BAO_TRANSIT_KEY_ID"
	TransitPathEnv          = "BAO_TRANSIT_PATH"
	TransitBatchSizeEnv     = "BAO_TRANSIT_BATCH_SIZE"
	IgnoreMissingSecretsEnv = "BAO_IGNORE_MISSING_SECRETS"
	PassthroughEnv          = "BAO_PASSTHROUGH"
	LogLevelEnv             = "BAO_LOG_LEVEL"
	RevokeTokenEnv          = "BAO_REVOKE_TOKEN"
	FromPathEnv             = "BAO_FROM_PATH"
)

Variables

var (
	ProviderName     = "bao"
	ProviderEnvRegex = regexp.MustCompile(`(bao:)(.*)#(.*)`)
)

Types

type Config

type Config struct {
	IsLogin              bool   `json:"is_login"`
	Token                string `json:"token"`
	TokenFile            string `json:"token_file"`
	Role                 string `json:"role"`
	AuthPath             string `json:"auth_path"`
	AuthMethod           string `json:"auth_method"`
	TransitKeyID         string `json:"transit_key_id"`
	TransitPath          string `json:"transit_path"`
	TransitBatchSize     int    `json:"transit_batch_size"`
	IgnoreMissingSecrets bool   `json:"ignore_missing_secrets"`
	FromPath             string `json:"from_path"`
	RevokeToken          bool   `json:"revoke_token"`
}

func LoadConfig

func LoadConfig() (*Config, error)

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

func NewProvider

func NewProvider(config *Config, appConfig *common.Config) (*Provider, error)

func (*Provider) LoadSecrets

func (p *Provider) LoadSecrets(_ context.Context, paths []string) ([]provider.Secret, error)

LoadSecret's path formatting: <key>=<path> This formatting is necessary because the injector expects a map of key=value pairs. It also returns a map of key:value pairs, where the key is the environment variable name and the value is the secret value E.g. paths: MYSQL_PASSWORD=secret/data/mysql/password returns: []provider.Secret{provider.Secret{Path: "MYSQL_PASSWORD", Value: "password"}}