Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterDynamicSecretDependency ¶ added in v0.3.1
func RegisterDynamicSecretDependency(dep SecretsSubscriber, v SecretsManager, dc chan<- bool)
RegisterDynamicSecretDependency by registering
Types ¶
type Auth ¶
type Auth struct {
ClientToken string `json:"client_token"`
TokenType string `json:"token_type"`
Accessor string `json:"accessor"`
EntityID string `json:"entity_id"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
Orphan bool `json:"orphan"`
Policies []string `json:"policies"`
TokenPolicies []string `json:"token_policies"`
Metadata map[string]interface{} `json:"metadata"`
}
Auth contains the token information for authenticating Vault requests
type Config ¶
type Config struct {
Addr string
GithubToken string
K8ServicePath string
K8MountPath string
K8Role string
Client libhttp.Client
}
Config contains the configuration information needed to do the initial setup and renewal of a Vault service
type Secret ¶
type Secret struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data map[string]string `json:"data"`
}
Secret contains all data and metadata from a Vault secret
type SecretSubscriptionSpec ¶ added in v0.3.1
type SecretSubscriptionSpec struct {
Paths []string
CallbackChan chan<- UpdatedSecret
}
SecretSubscriptionSpec a specification of the paths to the secrets that a subscriber is interested in
type SecretsManager ¶ added in v0.3.9
type SecretsManager interface {
GetSecret(path string) (*Secret, error)
SetDefaultGoogleCredentials(path, key string) error
}
SecretsManager represents a service that is able to provide clients with a secret stored at a privded path.
func New ¶
func New() (SecretsManager, error)
New initiaizes a new Vault prepares it for interacting with secrets. It reads configuration information from the environment, configures a HTTP client and gets an authentification token to get secrets.
type SecretsSubscriber ¶ added in v0.3.1
type SecretsSubscriber interface {
GetSubscriptionSpec() SecretSubscriptionSpec
ReceiveAtStartup(UpdatedSecret)
// Here we assume that the subscriber starts its own
// go routine for receiving updated secrets on the channel
StartSecretsListener()
}
SecretsSubscriber implementors have are dependant on secrets (connections strings, service account credentials and similar), and want the dynamic aspects to be handled automatically.
type Token ¶
type Token struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
Auth Auth `json:"auth"`
}
Token is used for authenticating Vault requests
type UpdatedSecret ¶ added in v0.3.1
UpdatedSecret a new version of a secret
func (UpdatedSecret) GetAllData ¶ added in v0.3.1
func (us UpdatedSecret) GetAllData() map[string]string
GetAllData combines all data in all secrets to a single map
type Vault ¶
Vault contains all information needed to get and interact with Vault secrets, after initial configuration.
func (*Vault) Authenticate ¶
Authenticate uses supplied login information to authenticate to Vault and get an authentification token
func (*Vault) Configure ¶ added in v0.3.9
Configure reads configuration information from provided file and returns a config struct containing this information.
func (*Vault) ConnectToServer ¶ added in v0.3.9
ConnectToServer performs neccessary setup for connections to the external HID service
func (*Vault) GetSecret ¶
GetSecret returns the secret from the provided path. In case of 403 response from server, the credentials will be renewed and the request retried once.
Source Files