Documentation
¶
Index ¶
- Constants
- func ClientLogger(logger Logger) clientLogger
- func NewData(cas int, data map[string]interface{}) map[string]interface{}
- func NewInsecureRawClient() (*api.Client, error)
- func NewRawClient() (*api.Client, error)
- type Client
- func NewClient(role string) (*Client, error)
- func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)
- func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)
- func NewClientWithConfig(config *vaultapi.Config, role, path string) (*Client, error)
- func NewClientWithOptions(opts ...ClientOption) (*Client, error)
- type ClientAuthPath
- type ClientOption
- type ClientRole
- type ClientTimeout
- type ClientToken
- type ClientTokenPath
- type ClientURL
- type Config
- type KVService
- type Logger
- type Transit
- type Vault
Constants ¶
const DefaultConfigFile = "vault-config.yml"
DefaultConfigFile is the name of the default config file
Variables ¶
This section is empty.
Functions ¶
func ClientLogger ¶ added in v0.4.0
func ClientLogger(logger Logger) clientLogger
ClientLogger wraps a logur.Logger compatible logger to be used in the client.
func NewInsecureRawClient ¶ added in v0.4.0
NewInsecureRawClient creates a new raw Vault client with insecure TLS.
func NewRawClient ¶
NewRawClient creates a new raw Vault client.
Types ¶
type Client ¶
type Client struct {
// Easy to use wrapper for transit secret engine calls
Transit *Transit
// contains filtered or unexported fields
}
Client is a Vault client with Kubernetes support, token automatic renewing and access to Transit Secret Engine wrapper
func NewClientFromConfig ¶
func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)
NewClientFromConfig creates a new Vault client from custom configuration.
func NewClientFromRawClient ¶
func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)
NewClientFromRawClient creates a new Vault client from custom raw client.
func NewClientWithConfig ¶
NewClientWithConfig creates a new Vault client with custom configuration. Deprecated: use NewClientFromConfig instead.
func NewClientWithOptions ¶
func NewClientWithOptions(opts ...ClientOption) (*Client, error)
NewClientWithOptions creates a new Vault client with custom options.
func (*Client) Close ¶
func (client *Client) Close()
Close stops the token renewing process of this client
type ClientAuthPath ¶
type ClientAuthPath string
ClientAuthPath is the mount path where the auth method is enabled.
type ClientOption ¶
type ClientOption interface {
// contains filtered or unexported methods
}
ClientOption configures a Vault client using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.
type ClientRole ¶
type ClientRole string
ClientRole is the vault role which the client would like to receive
type ClientTimeout ¶ added in v0.3.0
ClientTimeout after which the client fails.
type ClientTokenPath ¶
type ClientTokenPath string
ClientTokenPath file where the Vault token can be found.
type ClientURL ¶ added in v0.2.1
type ClientURL string
ClientURL is the vault url EX: https://my-vault.vault.org
type Config ¶
type Config struct {
SecretShares int
// how many of these parts are needed to unseal Vault (secretThreshold <= secretShares)
SecretThreshold int
// if this root token is set, the dynamic generated will be invalidated and this created instead
InitRootToken string
// should the root token be stored in the keyStore
StoreRootToken bool
// should the KV backend be tested first to validate access rights
PreFlightChecks bool
}
Config holds the configuration of the Vault initialization
type Logger ¶ added in v0.4.0
type Logger interface {
// Trace logs a Trace event.
//
// Even more fine-grained information than Debug events.
// Loggers not supporting this level should fall back to Debug.
Trace(msg string, fields ...map[string]interface{})
// Debug logs a Debug event.
//
// A verbose series of information events.
// They are useful when debugging the system.
Debug(msg string, fields ...map[string]interface{})
// Info logs an Info event.
//
// General information about what's happening inside the system.
Info(msg string, fields ...map[string]interface{})
// Warn logs a Warn(ing) event.
//
// Non-critical events that should be looked at.
Warn(msg string, fields ...map[string]interface{})
// Error logs an Error event.
//
// Critical events that require immediate attention.
// Loggers commonly provide Fatal and Panic levels above Error level,
// but exiting and panicing is out of scope for a logging library.
Error(msg string, fields ...map[string]interface{})
}
Logger is a unified interface for various logging use cases and practices, including:
- leveled logging
- structured logging
See the original repository for more information: https://github.com/logur/logur
type Transit ¶ added in v0.2.1
type Transit struct {
// contains filtered or unexported fields
}
Transit is a wrapper for Transit Secret Engine ref: https://www.vaultproject.io/docs/secrets/transit/index.html
func (*Transit) Decrypt ¶ added in v0.2.1
Decrypt decrypts the ciphertext into a plaintext ref: https://www.vaultproject.io/api/secret/transit/index.html#decrypt-data
func (*Transit) IsEncrypted ¶ added in v0.2.1
IsEncrypted check with regexp that value encrypter by Vault transit secret engine
type Vault ¶
type Vault interface {
Init() error
RaftInitialized() (bool, error)
RaftJoin(string) error
Sealed() (bool, error)
Active() (bool, error)
Unseal() error
Leader() (bool, error)
Configure(config *viper.Viper) error
StepDownActive(string) error
}
Vault is an interface that can be used to attempt to perform actions against a Vault server.
Source Files