Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultArguments = Arguments{ ClientOptions: ClientOptions{ MinRetryWait: 1000 * time.Millisecond, MaxRetryWait: 1500 * time.Millisecond, MaxRetries: 2, Timeout: 60 * time.Second, }, }
DefaultArguments holds default settings for Arguments.
var DefaultAuthAWS = AuthAWS{
MountPath: "aws",
Type: authAWSTypeIAM,
Region: "us-east-1",
EC2SignatureType: "pkcs7",
}
DefaultAuthAWS provides default settings for AuthAWS.
var DefaultAuthAppRole = AuthAppRole{
MountPath: "approle",
}
DefaultAuthAppRole provides default settings for AuthAppRole.
var DefaultAuthAzure = AuthAzure{
MountPath: "azure",
ResourceURL: "https://management.azure.com/",
}
DefaultAuthAzure provides default settings for AuthAzure.
var DefaultAuthGCP = AuthGCP{
MountPath: "gcp",
Type: authGCPTypeGCE,
}
DefaultAuthGCP provides default settings for AuthGCP.
var DefaultAuthKubernetes = AuthKubernetes{
MountPath: "kubernetes",
ServiceAccountTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token",
}
DefaultAuthKubernetes provides default settings for AuthKubernetes.
var DefaultAuthLDAP = AuthLDAP{
MountPath: "ldap",
}
DefaultAuthLDAP provides default settings for AuthLDAP.
var DefaultAuthUserPass = AuthUserPass{
MountPath: "userpass",
}
DefaultAuthUserPass provides default settings for AuthUserPass.
Functions ¶
This section is empty.
Types ¶
type Arguments ¶
type Arguments struct { Server string `river:"server,attr"` Namespace string `river:"namespace,attr,optional"` Path string `river:"path,attr"` RereadFrequency time.Duration `river:"reread_frequency,attr,optional"` ClientOptions ClientOptions `river:"client_options,block,optional"` Auth []AuthArguments `river:"auth,enum,optional"` }
Arguments configures remote.vault.
func (*Arguments) UnmarshalRiver ¶
UnmarshalRiver implements river.Unmarshaler.
type AuthAWS ¶
type AuthAWS struct { // Type specifies the mechanism used to authenticate with AWS. Should be // either ec2 or iam. Type string `river:"type,attr"` Region string `river:"region,attr,optional"` Role string `river:"role,attr,optional"` IAMServerIDHeader string `river:"iam_server_id_header,attr,optional"` // EC2SignatureType specifies the signature to use against EC2. Only used // when Type is ec2. Valid options are identity and pkcs7 (default). EC2SignatureType string `river:"ec2_signature_type,attr,optional"` MountPath string `river:"mount_path,attr,optional"` }
AuthAWS authenticates against Vault with AWS.
func (*AuthAWS) UnmarshalRiver ¶
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthAppRole ¶
type AuthAppRole struct { RoleID string `river:"role_id,attr"` Secret rivertypes.Secret `river:"secret,attr"` WrappingToken bool `river:"wrapping_token,attr,optional"` MountPath string `river:"mount_path,attr,optional"` }
AuthAppRole authenticates against Vault with AppRole.
func (*AuthAppRole) UnmarshalRiver ¶
func (a *AuthAppRole) UnmarshalRiver(f func(interface{}) error) error
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthArguments ¶
type AuthArguments struct { AuthToken *AuthToken `river:"token,block,optional"` AuthAppRole *AuthAppRole `river:"approle,block,optional"` AuthAWS *AuthAWS `river:"aws,block,optional"` AuthAzure *AuthAzure `river:"azure,block,optional"` AuthGCP *AuthGCP `river:"gcp,block,optional"` AuthKubernetes *AuthKubernetes `river:"kubernetes,block,optional"` AuthLDAP *AuthLDAP `river:"ldap,block,optional"` AuthUserPass *AuthUserPass `river:"userpass,block,optional"` AuthCustom *AuthCustom `river:"custom,block,optional"` }
AuthArguments defines a single authenticationstring type in a remote.vault component instance. These are embedded as an enum field so only one may be set per AuthArguments.
type AuthAzure ¶
type AuthAzure struct { Role string `river:"role,attr"` ResourceURL string `river:"resource_url,attr,optional"` MountPath string `river:"mount_path,attr,optional"` }
AuthAzure authenticates against Vault with Azure.
func (*AuthAzure) UnmarshalRiver ¶
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthCustom ¶
type AuthCustom struct { // Path to use for logging in (e.g., auth/kubernetes/login, etc.) Path string `river:"path,attr"` Data map[string]rivertypes.Secret `river:"data,attr"` }
AuthCustom provides a custom authentication method.
type AuthGCP ¶
type AuthGCP struct { Role string `river:"role,attr"` // Type specifies the mechanism used to authenticate with GCS. Should be // either gce or iam. Type string `river:"type,attr"` IAMServiceAccount string `river:"iam_service_account,attr,optional"` MountPath string `river:"mount_path,attr,optional"` }
AuthGCP authenticates against Vault with GCP.
func (*AuthGCP) UnmarshalRiver ¶
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthKubernetes ¶
type AuthKubernetes struct { Role string `river:"role,attr"` ServiceAccountTokenFile string `river:"service_account_file,attr,optional"` MountPath string `river:"mount_path,attr,optional"` }
AuthKubernetes authenticates against Vault with Kubernetes.
func (*AuthKubernetes) UnmarshalRiver ¶
func (a *AuthKubernetes) UnmarshalRiver(f func(interface{}) error) error
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthLDAP ¶
type AuthLDAP struct { Username string `river:"username,attr"` Password rivertypes.Secret `river:"password,attr"` MountPath string `river:"mount_path,attr,optional"` }
AuthLDAP authenticates against Vault with LDAP.
func (*AuthLDAP) UnmarshalRiver ¶
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type AuthToken ¶
type AuthToken struct {
Token rivertypes.Secret `river:"token,attr"`
}
AuthToken authenticates against Vault with a token.
type AuthUserPass ¶
type AuthUserPass struct { Username string `river:"username,attr"` Password rivertypes.Secret `river:"password,attr"` MountPath string `river:"mount_path,attr,optional"` }
AuthUserPass authenticates against Vault with a username and password.
func (*AuthUserPass) UnmarshalRiver ¶
func (a *AuthUserPass) UnmarshalRiver(f func(interface{}) error) error
UnmarshalRiver implements river.Unmarshaler and applies default settings.
type ClientOptions ¶
type ClientOptions struct { MinRetryWait time.Duration `river:"min_retry_wait,attr,optional"` MaxRetryWait time.Duration `river:"max_retry_wait,attr,optional"` MaxRetries int `river:"max_retries,attr,optional"` Timeout time.Duration `river:"timeout,attr,optional"` }
ClientOptions sets extra options on the Client.
type Component ¶
type Component struct {
// contains filtered or unexported fields
}
Component implements the remote.vault component.
func New ¶
New creates a new remote.vault component. It will try to immediately read the secret from Vault and return an error if the secret can't be read or if authentication against the Vault server fails.
func (*Component) CurrentHealth ¶
CurrentHealth returns the current health of the remote.vault component. It will be healthy as long as the latest read or renewal was successful.
func (*Component) DebugInfo ¶
func (c *Component) DebugInfo() interface{}
DebugInfo returns debug information about the remote.vault component. It includes non-sensitive metadata about the current secret.
type Exports ¶
type Exports struct { // Data holds key-value pairs returned from Vault after retrieving the key. // Any keys-value pairs returned from Vault which are not []byte or strings // cannot be represented as secrets and are therefore ignored. // // However, it seems that most secrets engines don't actually return // arbitrary data, so this limitation shouldn't cause any issues in practice. Data map[string]rivertypes.Secret `river:"data,attr"` }
Exports is the values exported by remote.vault.