vault

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 23, 2024 License: Apache-2.0 Imports: 20 Imported by: 13

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientLogger 

func ClientLogger(logger Logger) clientLogger

ClientLogger wraps a logur.Logger compatible logger to be used in the client.

func NewData 

func NewData(cas int, data map[string]interface{}) map[string]interface{}

NewData is a helper function for Vault KV Version two secret data creation

func NewInsecureRawClient 

func NewInsecureRawClient() (*vaultapi.Client, error)

NewInsecureRawClient creates a new raw Vault client with insecure TLS.

func NewRawClient 

func NewRawClient() (*vaultapi.Client, error)

NewRawClient creates a new raw Vault client.

Types

type Client 

type Client struct {
	// Easy to use wrapper for transit secret engine calls
	Transit *Transit
	// contains filtered or unexported fields
}

Client is a Vault client with Kubernetes support, token automatic renewing and access to Transit Secret Engine wrapper

func NewClient 

func NewClient(role string) (*Client, error)

NewClient creates a new Vault client.

func NewClientFromConfig 

func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)

NewClientFromConfig creates a new Vault client from custom configuration.

func NewClientFromRawClient 

func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)

NewClientFromRawClient creates a new Vault client from custom raw client.

func NewClientWithConfig 

func NewClientWithConfig(config *vaultapi.Config, role, path string) (*Client, error)

NewClientWithConfig creates a new Vault client with custom configuration. Deprecated: use NewClientFromConfig instead.

func NewClientWithOptions 

func NewClientWithOptions(opts ...ClientOption) (*Client, error)

NewClientWithOptions creates a new Vault client with custom options.

func (*Client) Close 

func (client *Client) Close()

Close stops the token renewing process of this client

func (*Client) RawClient 

func (client *Client) RawClient() *vaultapi.Client

RawClient returns the underlying raw Vault client.

func (*Client) Vault 

func (client *Client) Vault() *vaultapi.Client

Vault returns the underlying hashicorp Vault client. Deprecated: use RawClient instead.

type ClientAuthMethod 

type ClientAuthMethod string

ClientAuthMethod file where the Vault token can be found. 

const (
	// AWSEC2AuthMethod is used for the Vault AWS EC2 auth method
	// as described here: https://www.vaultproject.io/docs/auth/aws#ec2-auth-method
	AWSEC2AuthMethod ClientAuthMethod = "aws-ec2"

	// AWSIAMAuthMethod is used for the Vault AWS IAM auth method
	// as described here: https://www.vaultproject.io/docs/auth/aws#iam-auth-method
	AWSIAMAuthMethod ClientAuthMethod = "aws-iam"

	// GCPGCEAuthMethod is used for the Vault GCP GCE auth method
	// as described here: https://www.vaultproject.io/docs/auth/gcp#gce-login
	GCPGCEAuthMethod ClientAuthMethod = "gcp-gce"

	// GCPIAMAuthMethod is used for the Vault GCP IAM auth method
	// as described here: https://www.vaultproject.io/docs/auth/gcp#iam
	GCPIAMAuthMethod ClientAuthMethod = "gcp-iam"

	// JWTAuthMethod is used for the Vault JWT/OIDC/GCP/Kubernetes auth methods
	// as describe here:
	// - https://www.vaultproject.io/docs/auth/jwt
	// - https://www.vaultproject.io/docs/auth/kubernetes
	// - https://www.vaultproject.io/docs/auth/gcp
	JWTAuthMethod ClientAuthMethod = "jwt"

	// AzureMSIAuthMethod is used for the vault Azure auth method
	// as described here:
	// - https://www.vaultproject.io/docs/auth/azure
	AzureMSIAuthMethod ClientAuthMethod = "azure"

	// NamespacedSecretAuthMethod is used for per namespace secrets
	NamespacedSecretAuthMethod ClientAuthMethod = "namespaced"
)

type ClientAuthPath 

type ClientAuthPath string

ClientAuthPath is the mount path where the auth method is enabled.

type ClientOption 

type ClientOption interface {
	// contains filtered or unexported methods
}

ClientOption configures a Vault client using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.

type ClientRole 

type ClientRole string

ClientRole is the vault role which the client would like to receive

type ClientTimeout 

type ClientTimeout time.Duration

ClientTimeout after which the client fails.

type ClientToken 

type ClientToken string

ClientToken is a Vault token.

type ClientTokenPath 

type ClientTokenPath string

ClientTokenPath file where the Vault token can be found.

type ClientURL 

type ClientURL string

ClientURL is the vault url EX: https://my-vault.vault.org

type ExistingSecret 

type ExistingSecret string

type Logger 

type Logger interface {
	// Trace logs a Trace event.
	//
	// Even more fine-grained information than Debug events.
	// Loggers not supporting this level should fall back to Debug.
	Trace(msg string, fields ...map[string]interface{})

	// Debug logs a Debug event.
	//
	// A verbose series of information events.
	// They are useful when debugging the system.
	Debug(msg string, fields ...map[string]interface{})

	// Info logs an Info event.
	//
	// General information about what's happening inside the system.
	Info(msg string, fields ...map[string]interface{})

	// Warn logs a Warn(ing) event.
	//
	// Non-critical events that should be looked at.
	Warn(msg string, fields ...map[string]interface{})

	// Error logs an Error event.
	//
	// Critical events that require immediate attention.
	// Loggers commonly provide Fatal and Panic levels above Error level,
	// but exiting and panicing is out of scope for a logging library.
	Error(msg string, fields ...map[string]interface{})
}

Logger is a unified interface for various logging use cases and practices, including:

  • leveled logging
  • structured logging

See the original repository for more information: https://github.com/logur/logur

type Transit 

type Transit struct {
	// contains filtered or unexported fields
}

Transit is a wrapper for Transit Secret Engine ref: https://www.vaultproject.io/docs/secrets/transit/index.html

func (*Transit) Decrypt 

func (t *Transit) Decrypt(transitPath, keyID string, ciphertext []byte) ([]byte, error)

Decrypt decrypts the ciphertext into a plaintext ref: https://www.vaultproject.io/api/secret/transit/index.html#decrypt-data

func (*Transit) DecryptBatch 

func (t *Transit) DecryptBatch(transitPath, keyID string, ciphertexts []string) (map[string][]byte, error)

func (*Transit) IsEncrypted 

func (t *Transit) IsEncrypted(value string) bool

IsEncrypted check with regexp that value encrypter by Vault transit secret engine

type VaultNamespace 

type VaultNamespace string

Vault Enterprise Namespace (not Kubernetes namespace)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.