Documentation
¶
Index ¶
Constants ¶
const ( PropertiesPrefix = "cloud.vault.kv" DefaultBackend = `secret` DefaultBackendVersion = 1 DefaultConfigPath = "defaultapplication" DefaultProfileSeparator = "/" )
Variables ¶
var Module = &bootstrap.Module{ Name: "bootstrap endpoint", Precedence: bootstrap.AppConfigPrecedence, PriorityOptions: []fx.Option{ fx.Provide( bindVaultConfigProperties, fxNewVaultDefaultContextProviderGroup, fxNewVaultAppContextProviderGroup, ), }, }
Functions ¶
func NewProviderGroup ¶
func NewProviderGroup(opts ...ProviderGroupOptions) (appconfig.ProviderGroup, error)
NewProviderGroup create a Vault KV engine backed appconfig.ProviderGroup. The provider group is responsible to load application properties from Vault KV engine at paths: <ProviderGroupOption.Backend>/<ProviderGroupOption.Path>[<ProviderGroupOption.ProfileSeparator><any active profile>] e.g. - "secret/defaultapplication" - "secret/defaultapplication/prod" - "secret/my-service" - "secret/my-service/staging"
Types ¶
type KeyValueConfigProvider ¶
type KeyValueConfigProvider struct {
appconfig.ProviderMeta
// contains filtered or unexported fields
}
KeyValueConfigProvider Vault kv v1 differs with v2 API both in how the context path is constructed and how the response is parsed. https://www.vaultproject.io/docs/secrets/kv/kv-v1
func NewVaultKvProvider ¶
func NewVaultKvProvider(precedence int, secretPath string, secretEngine KvSecretEngine) *KeyValueConfigProvider
func (*KeyValueConfigProvider) Load ¶
func (p *KeyValueConfigProvider) Load(ctx context.Context) (loadError error)
func (*KeyValueConfigProvider) Name ¶
func (p *KeyValueConfigProvider) Name() string
type KvSecretEngine ¶
type KvSecretEngine interface {
ContextPath(secretPath string) string
ListSecrets(ctx context.Context, secretPath string) (results map[string]interface{}, err error)
}
func NewKvSecretEngine ¶
type KvSecretEngineV1 ¶
type KvSecretEngineV1 struct {
// contains filtered or unexported fields
}
func (*KvSecretEngineV1) ContextPath ¶
func (engine *KvSecretEngineV1) ContextPath(secretPath string) string
ContextPath key value v1 API expects GET /secret/:path (as opposed to the v2 API which expects GET /secret/data/:path?version=:version-number)
func (*KvSecretEngineV1) ListSecrets ¶
func (engine *KvSecretEngineV1) ListSecrets(ctx context.Context, secretPath string) (results map[string]interface{}, err error)
ListSecrets implements KvSecretEngine
Vault key value v1 API has the following response we return the kv in the data field
{
"auth": null,
"data": {
"foo": "bar",
"ttl": "1h"
},
"lease_duration": 3600,
"lease_id": "",
"renewable": false
}
as opposed to the v2 API where the response is
{
"data": {
"data": {
"foo": "bar"
},
"metadata": {
"created_time": "2018-03-22T02:24:06.945319214Z",
"deletion_time": "",
"destroyed": false,
"version": 2
}
}
}
type ProviderGroupOption ¶
type ProviderGroupOptions ¶
type ProviderGroupOptions func(opt *ProviderGroupOption)
type VaultConfigProperties ¶
type VaultConfigProperties struct {
Enabled bool `json:"enabled"`
Backend string `json:"backend"`
BackendVersion int `json:"backend-version"`
DefaultContext string `json:"default-context"`
ProfileSeparator string `json:"profile-separator"`
}
VaultConfigProperties currently only supports v1 kv secret engine TODO review property path and prefix
Source Files