hashicorp

package

v0.0.0-...-8843776 Latest Latest Go to latest Published: Sep 17, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cossacklabs/acra

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func RegisterCLIParametersWithFlagSet(flags *flag.FlagSet, prefix, description string)
type KeyEncryptorFabric
type VaultCLIOptions
- func ParseCLIParametersFromFlags(extractor *args.ServiceExtractor, prefix string) *VaultCLIOptions
- func (options *VaultCLIOptions) VaultHTTPClient() (*http.Client, error)
type VaultLoader
- func NewMasterKeyLoader(extractor *args.ServiceExtractor, prefix string) (*VaultLoader, error)
- func NewVaultLoader(config *api.Config, secretPath string) (*VaultLoader, error)
- func (loader VaultLoader) LoadMasterKey() ([]byte, error)
- func (loader VaultLoader) LoadMasterKeys() ([]byte, []byte, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrEngineNotFound     = errors.New("unable to find secret engine")
	ErrEmptyAPIToken      = errors.New("HashiCorp Vault api token is empty")
	ErrSecretNotFound     = errors.New("HashiCorp Vault kv secret not found")
	ErrDataPathNotFound   = errors.New("no data path found for kv secret engine version 2")
	ErrMasterKeyNotFound  = errors.New("ACRA_MASTER_KEY was not found by kv secret path")
	ErrMasterKeyConvert   = errors.New("unable to convert acra master key id to string")
	ErrNoOptionsFound     = errors.New("no options found for secret engine path")
	ErrNoKVSecretEngine   = errors.New("incorrect secret engine type - should be kv")
	ErrGetEngineInfo      = errors.New("failed to get secret engine info by path")
	ErrGetEngineType      = errors.New("failed to get secret engine type by path")
	ErrParseEngineType    = errors.New("failed to parse secret engine type by path")
	ErrParseEngineOptions = errors.New("failed to parse secret engine options")
	ErrGetEngineVersion   = errors.New("failed to get secret engine version")
	ErrConvertToPathList  = errors.New("failed to convert secrets to kv secrets list")
)

set of predefined errors used in HashiCorp Vault loader and its tests

View Source

var ErrEmptyConnectionURL = errors.New("empty Hashicorp Vault connection URL provided")

ErrEmptyConnectionURL error displaying empty Hashicorp Vault connection URL

Functions ¶

func RegisterCLIParametersWithFlagSet ¶

func RegisterCLIParametersWithFlagSet(flags *flag.FlagSet, prefix, description string)

RegisterCLIParametersWithFlagSet look up for vault_connection_api_string, if none exists, vault_connection_api_string and vault_secrets_path will be added to provided flags.

Types ¶

type KeyEncryptorFabric ¶

type KeyEncryptorFabric struct{}

KeyEncryptorFabric implementation of keyloader.KeyEncryptorFabric for `vault_master_key` strategy

func (KeyEncryptorFabric) GetKeyMapper ¶

func (k KeyEncryptorFabric) GetKeyMapper() baseKMS.KeyMapper

GetKeyMapper return KeyMapper for `vault_master_key` strategy

func (KeyEncryptorFabric) NewKeyEncryptor ¶

func (k KeyEncryptorFabric) NewKeyEncryptor(extractor *args.ServiceExtractor, prefix string) (keystore.KeyEncryptor, error)

NewKeyEncryptor fabric of keystore.KeyEncryptor for for `vault_master_key` strategy

func (KeyEncryptorFabric) NewKeyEncryptorSuite ¶

func (k KeyEncryptorFabric) NewKeyEncryptorSuite(extractor *args.ServiceExtractor, prefix string) (*crypto.KeyStoreSuite, error)

NewKeyEncryptorSuite fabric of crypto.KeyStoreSuite for `vault_master_key` strategy

func (KeyEncryptorFabric) RegisterCLIParameters ¶

func (k KeyEncryptorFabric) RegisterCLIParameters(flags *flag.FlagSet, prefix, description string)

RegisterCLIParameters empty implementation of KeyEncryptorFabric interface

type VaultCLIOptions ¶

type VaultCLIOptions struct {
	Address     string
	SecretsPath string
	EnableTLS   bool
	// contains filtered or unexported fields
}

VaultCLIOptions keep command-line options related to HashiCorp Vault ACRA_MASTER_KEY loading.

func ParseCLIParametersFromFlags ¶

func ParseCLIParametersFromFlags(extractor *args.ServiceExtractor, prefix string) *VaultCLIOptions

ParseCLIParametersFromFlags VaultCLIOptions from provided FlagSet

func (*VaultCLIOptions) VaultHTTPClient ¶

func (options *VaultCLIOptions) VaultHTTPClient() (*http.Client, error)

VaultHTTPClient returns api.Config connection configuration

type VaultLoader ¶

type VaultLoader struct {
	// contains filtered or unexported fields
}

VaultLoader is HashiCorp Vault ACRA_MASTER_KEY loader implementation, it consist of api.Client used for interacting with HashiCorp Vault throughout API and secretPath which is the path where VaultLoader should look up for ACRA_MASTER_KEY; where secretPath is user provided value.

func NewMasterKeyLoader ¶

func NewMasterKeyLoader(extractor *args.ServiceExtractor, prefix string) (*VaultLoader, error)

NewMasterKeyLoader create MasterKeyLoader from VaultCLIOptions

func NewVaultLoader ¶

func NewVaultLoader(config *api.Config, secretPath string) (*VaultLoader, error)

NewVaultLoader read VAULT_API_TOKEN env, decode it and return initialized VaultLoader

func (VaultLoader) LoadMasterKey ¶

func (loader VaultLoader) LoadMasterKey() ([]byte, error)

LoadMasterKey read ACRA_MASTER_KEY key from HashiCorp Vault by secretPath, decode and validate it.

func (VaultLoader) LoadMasterKeys ¶

func (loader VaultLoader) LoadMasterKeys() ([]byte, []byte, error)

LoadMasterKeys read ACRA_MASTER_KEYs from HashiCorp Vault and validate it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL