Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var RedactedRE = regexp.MustCompile(`` +
`~~redacted-vault:` +
`(` +
`[^#\s]+` +
`#` +
`[^#\s]+` +
`)` +
`~~`)
RedactedRE matches redacted secret tokens, like:
~~redacted-vault:path/to/kv/secret#my_key~~
A match must be isolated by word boundaries on both ends.
The payload (capturing group) is the secret location (in the example above, "path/to/kv/secret#my_key")
var UnredactedRE = regexp.MustCompile(`` +
`~~redact-vault:` +
`(` +
`[^#\s]+` +
`#` +
`[^#\s]+` +
`#` +
`[^#\s]+` +
`)` +
`~~`)
UnredactedRE matches unredacted secret tokens, like:
~~redact-vault:path/to/kv/secret#my_key#my_value~~
A match must be isolated by word boundaries on both ends.
The payload (capturing group) is the secret path+key+value (in the example above, "path/to/kv/secret#my_key#my_value")
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client interface {
ReadSecret(path, key string) (interface{}, error)
WriteSecret(path, key, value string) error
}
A Client can get secrets from a Hashicorp Vault instance
type Redacter ¶
type Redacter struct {
// contains filtered or unexported fields
}
A Redacter redacts secrets by storing them in a Hashicorp Vault
type StandardClientWrapper ¶
StandardClientWrapper wraps the standard Vault client into a Client
func (*StandardClientWrapper) ReadSecret ¶
func (w *StandardClientWrapper) ReadSecret(path, key string) (interface{}, error)
ReadSecret reads a secret using the standard Vault client
func (*StandardClientWrapper) WriteSecret ¶
func (w *StandardClientWrapper) WriteSecret(path, key, value string) error
WriteSecret writes a secret using the standard Vault client TODO(dhoelle): this is failing if the secret does not already exist
type TokenWrapper ¶
TokenWrapper wraps a vault token by putting the original payload in front of it
func (*TokenWrapper) WrapToken ¶
func (w *TokenWrapper) WrapToken(token, originalPayload, originalEnvelope string) string
WrapToken wraps the string with Before and After
Source Files