Documentation ¶
Index ¶
- Variables
- type ClientCertificate
- func (*ClientCertificate) Descriptor() ([]byte, []int)deprecated
- func (x *ClientCertificate) GetCertificate() []byte
- func (x *ClientCertificate) GetCertificateKey() []byte
- func (x *ClientCertificate) GetCertificateKeyHmac() []byte
- func (x *ClientCertificate) GetCtCertificateKey() []byte
- func (x *ClientCertificate) GetKeyId() string
- func (x *ClientCertificate) GetStoreId() string
- func (*ClientCertificate) ProtoMessage()
- func (x *ClientCertificate) ProtoReflect() protoreflect.Message
- func (x *ClientCertificate) Reset()
- func (x *ClientCertificate) String() string
- type Credential
- func (*Credential) Descriptor() ([]byte, []int)deprecated
- func (x *Credential) GetCreateTime() *timestamp.Timestamp
- func (x *Credential) GetExpirationTime() *timestamp.Timestamp
- func (x *Credential) GetExternalId() string
- func (x *Credential) GetIsRenewable() bool
- func (x *Credential) GetLastRenewalTime() *timestamp.Timestamp
- func (x *Credential) GetLibraryId() string
- func (x *Credential) GetPublicId() string
- func (x *Credential) GetSessionId() string
- func (x *Credential) GetStatus() string
- func (x *Credential) GetTokenHmac() []byte
- func (x *Credential) GetUpdateTime() *timestamp.Timestamp
- func (x *Credential) GetVersion() uint32
- func (*Credential) ProtoMessage()
- func (x *Credential) ProtoReflect() protoreflect.Message
- func (x *Credential) Reset()
- func (x *Credential) String() string
- type CredentialLibrary
- func (*CredentialLibrary) Descriptor() ([]byte, []int)deprecated
- func (x *CredentialLibrary) GetCreateTime() *timestamp.Timestamp
- func (x *CredentialLibrary) GetCredentialType() string
- func (x *CredentialLibrary) GetDescription() string
- func (x *CredentialLibrary) GetHttpMethod() string
- func (x *CredentialLibrary) GetHttpRequestBody() []byte
- func (x *CredentialLibrary) GetName() string
- func (x *CredentialLibrary) GetPublicId() string
- func (x *CredentialLibrary) GetStoreId() string
- func (x *CredentialLibrary) GetUpdateTime() *timestamp.Timestamp
- func (x *CredentialLibrary) GetVaultPath() string
- func (x *CredentialLibrary) GetVersion() uint32
- func (*CredentialLibrary) ProtoMessage()
- func (x *CredentialLibrary) ProtoReflect() protoreflect.Message
- func (x *CredentialLibrary) Reset()
- func (x *CredentialLibrary) String() string
- type CredentialStore
- func (*CredentialStore) Descriptor() ([]byte, []int)deprecated
- func (x *CredentialStore) GetCaCert() []byte
- func (x *CredentialStore) GetCreateTime() *timestamp.Timestamp
- func (x *CredentialStore) GetDeleteTime() *timestamp.Timestamp
- func (x *CredentialStore) GetDescription() string
- func (x *CredentialStore) GetName() string
- func (x *CredentialStore) GetNamespace() string
- func (x *CredentialStore) GetPublicId() string
- func (x *CredentialStore) GetScopeId() string
- func (x *CredentialStore) GetTlsServerName() string
- func (x *CredentialStore) GetTlsSkipVerify() bool
- func (x *CredentialStore) GetUpdateTime() *timestamp.Timestamp
- func (x *CredentialStore) GetVaultAddress() string
- func (x *CredentialStore) GetVersion() uint32
- func (x *CredentialStore) GetWorkerFilter() string
- func (*CredentialStore) ProtoMessage()
- func (x *CredentialStore) ProtoReflect() protoreflect.Message
- func (x *CredentialStore) Reset()
- func (x *CredentialStore) String() string
- type SshPrivateKeyOverride
- func (*SshPrivateKeyOverride) Descriptor() ([]byte, []int)deprecated
- func (x *SshPrivateKeyOverride) GetLibraryId() string
- func (x *SshPrivateKeyOverride) GetPrivateKeyAttribute() string
- func (x *SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute() string
- func (x *SshPrivateKeyOverride) GetUsernameAttribute() string
- func (*SshPrivateKeyOverride) ProtoMessage()
- func (x *SshPrivateKeyOverride) ProtoReflect() protoreflect.Message
- func (x *SshPrivateKeyOverride) Reset()
- func (x *SshPrivateKeyOverride) String() string
- type Token
- func (*Token) Descriptor() ([]byte, []int)deprecated
- func (x *Token) GetCreateTime() *timestamp.Timestamp
- func (x *Token) GetCtToken() []byte
- func (x *Token) GetExpirationTime() *timestamp.Timestamp
- func (x *Token) GetKeyId() string
- func (x *Token) GetLastRenewalTime() *timestamp.Timestamp
- func (x *Token) GetStatus() string
- func (x *Token) GetStoreId() string
- func (x *Token) GetToken() []byte
- func (x *Token) GetTokenHmac() []byte
- func (x *Token) GetUpdateTime() *timestamp.Timestamp
- func (*Token) ProtoMessage()
- func (x *Token) ProtoReflect() protoreflect.Message
- func (x *Token) Reset()
- func (x *Token) String() string
- type UsernamePasswordOverride
- func (*UsernamePasswordOverride) Descriptor() ([]byte, []int)deprecated
- func (x *UsernamePasswordOverride) GetLibraryId() string
- func (x *UsernamePasswordOverride) GetPasswordAttribute() string
- func (x *UsernamePasswordOverride) GetUsernameAttribute() string
- func (*UsernamePasswordOverride) ProtoMessage()
- func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message
- func (x *UsernamePasswordOverride) Reset()
- func (x *UsernamePasswordOverride) String() string
Constants ¶
This section is empty.
Variables ¶
View Source
var File_controller_storage_credential_vault_store_v1_vault_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type ClientCertificate ¶
type ClientCertificate struct { // store_id is the ID of the owning vault credential store. A vault // credential store can have 0 or 1 client certificate. // @inject_tag: `gorm:"primary_key"` StoreId string `protobuf:"bytes,1,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"primary_key"` // certificate is the PEM encoded certificate. // It must be set. // @inject_tag: `gorm:"not_null"` Certificate []byte `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty" gorm:"not_null"` // certificate_key is the plain-text of the certificate key data. We are // not storing this plain-text key in the database. // @inject_tag: `gorm:"-" wrapping:"pt,certificate_key_data"` CertificateKey []byte `` /* 147-byte string literal not displayed */ // ct_certificate_key is the ciphertext of the certificate key data. It // is stored in the database. // @inject_tag: `gorm:"column:certificate_key;not_null" wrapping:"ct,certificate_key_data"` CtCertificateKey []byte `` /* 185-byte string literal not displayed */ // certificate_key_hmac is a sha256-hmac of the unencrypted certificate_key that // is returned from the API for read. It is recalculated everytime the raw // certificate_key is updated. // @inject_tag: `gorm:"not_null"` CertificateKeyHmac []byte `` /* 135-byte string literal not displayed */ // The key_id of the kms database key used for encrypting this entry. // It must be set. // @inject_tag: `gorm:"not_null"` KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"` // contains filtered or unexported fields }
func (*ClientCertificate) Descriptor
deprecated
func (*ClientCertificate) Descriptor() ([]byte, []int)
Deprecated: Use ClientCertificate.ProtoReflect.Descriptor instead.
func (*ClientCertificate) GetCertificate ¶
func (x *ClientCertificate) GetCertificate() []byte
func (*ClientCertificate) GetCertificateKey ¶
func (x *ClientCertificate) GetCertificateKey() []byte
func (*ClientCertificate) GetCertificateKeyHmac ¶
func (x *ClientCertificate) GetCertificateKeyHmac() []byte
func (*ClientCertificate) GetCtCertificateKey ¶
func (x *ClientCertificate) GetCtCertificateKey() []byte
func (*ClientCertificate) GetKeyId ¶
func (x *ClientCertificate) GetKeyId() string
func (*ClientCertificate) GetStoreId ¶
func (x *ClientCertificate) GetStoreId() string
func (*ClientCertificate) ProtoMessage ¶
func (*ClientCertificate) ProtoMessage()
func (*ClientCertificate) ProtoReflect ¶
func (x *ClientCertificate) ProtoReflect() protoreflect.Message
func (*ClientCertificate) Reset ¶
func (x *ClientCertificate) Reset()
func (*ClientCertificate) String ¶
func (x *ClientCertificate) String() string
type Credential ¶
type Credential struct { // public_id is a surrogate key suitable for use in a public API. // @inject_tag: `gorm:"primary_key"` PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"` // library_id of the owning vault credential library. // It must be set. LibraryId string `protobuf:"bytes,2,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty"` // session_id of the session the credential was created for. // It must be set. SessionId string `protobuf:"bytes,3,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"` // token_hmac is the foreign key of the token used to acquire the secret. // @inject_tag: `gorm:"not_null"` TokenHmac []byte `protobuf:"bytes,4,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"not_null"` // create_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"` // update_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"` // version allows optimistic locking of the resource. // @inject_tag: `gorm:"default:null"` Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"` // external_id is the lease ID returned from Vault. // @inject_tag: `gorm:"not_null"` ExternalId string `protobuf:"bytes,8,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty" gorm:"not_null"` // last_renewal_time is the time the lease was last renewed with Vault. // @inject_tag: `gorm:"default:null"` LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */ // expiration_time is the time the lease is expected to expire. // expiration_time is calculated when the credential is initially // retrieved and whenever the credential's lease is renewed. // // The calculation is: // expiration_time := time.Now().Add(LeaseDuration * time.Second) // LeaseDuration is a value returned by Vault when the credential is // retrieved or the lease for the credential is renewed. // // https://www.vaultproject.io/docs/concepts/lease // // @inject_tag: `gorm:"default:null"` ExpirationTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"` // is_renewable indicates if the lease can be renewed. // @inject_tag: `gorm:"default:false"` IsRenewable bool `protobuf:"varint,11,opt,name=is_renewable,json=isRenewable,proto3" json:"is_renewable,omitempty" gorm:"default:false"` // The status of the credential. // It must be set. // @inject_tag: `gorm:"not_null"` Status string `protobuf:"bytes,12,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"` // contains filtered or unexported fields }
func (*Credential) Descriptor
deprecated
func (*Credential) Descriptor() ([]byte, []int)
Deprecated: Use Credential.ProtoReflect.Descriptor instead.
func (*Credential) GetCreateTime ¶
func (x *Credential) GetCreateTime() *timestamp.Timestamp
func (*Credential) GetExpirationTime ¶
func (x *Credential) GetExpirationTime() *timestamp.Timestamp
func (*Credential) GetExternalId ¶
func (x *Credential) GetExternalId() string
func (*Credential) GetIsRenewable ¶
func (x *Credential) GetIsRenewable() bool
func (*Credential) GetLastRenewalTime ¶
func (x *Credential) GetLastRenewalTime() *timestamp.Timestamp
func (*Credential) GetLibraryId ¶
func (x *Credential) GetLibraryId() string
func (*Credential) GetPublicId ¶
func (x *Credential) GetPublicId() string
func (*Credential) GetSessionId ¶
func (x *Credential) GetSessionId() string
func (*Credential) GetStatus ¶
func (x *Credential) GetStatus() string
func (*Credential) GetTokenHmac ¶
func (x *Credential) GetTokenHmac() []byte
func (*Credential) GetUpdateTime ¶
func (x *Credential) GetUpdateTime() *timestamp.Timestamp
func (*Credential) GetVersion ¶
func (x *Credential) GetVersion() uint32
func (*Credential) ProtoMessage ¶
func (*Credential) ProtoMessage()
func (*Credential) ProtoReflect ¶
func (x *Credential) ProtoReflect() protoreflect.Message
func (*Credential) Reset ¶
func (x *Credential) Reset()
func (*Credential) String ¶
func (x *Credential) String() string
type CredentialLibrary ¶
type CredentialLibrary struct { // public_id is a surrogate key suitable for use in a public API. // @inject_tag: `gorm:"primary_key"` PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"` // create_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"` // update_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"` // name is optional. If set, it must be unique within scope_id. // @inject_tag: `gorm:"default:null"` Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"` // description is optional. // @inject_tag: `gorm:"default:null"` Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"` // store_id of the owning vault credential store. // It must be set. // @inject_tag: `gorm:"not_null"` StoreId string `protobuf:"bytes,6,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"` // version allows optimistic locking of the resource. // @inject_tag: `gorm:"default:null"` Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"` // vault_path is the path in Vault to request credentials from. // It must be set. // @inject_tag: `gorm:"not_null"` VaultPath string `protobuf:"bytes,8,opt,name=vault_path,json=vaultPath,proto3" json:"vault_path,omitempty" gorm:"not_null"` // The HTTP method the library uses to communicate with Vault. // It must be set. Can only be GET or POST. // @inject_tag: `gorm:"not_null"` HttpMethod string `protobuf:"bytes,9,opt,name=http_method,json=httpMethod,proto3" json:"http_method,omitempty" gorm:"not_null"` // The body of the HTTP request the library sends to Vault. // Can only be set if http_method is POST. // @inject_tag: `gorm:"default:null"` HttpRequestBody []byte `` /* 129-byte string literal not displayed */ // credential_type is optional. If set, it indicates the type of // credential the library returns. // @inject_tag: `gorm:"default:null"` CredentialType string `protobuf:"bytes,11,opt,name=credential_type,json=credentialType,proto3" json:"credential_type,omitempty" gorm:"default:null"` // contains filtered or unexported fields }
func (*CredentialLibrary) Descriptor
deprecated
func (*CredentialLibrary) Descriptor() ([]byte, []int)
Deprecated: Use CredentialLibrary.ProtoReflect.Descriptor instead.
func (*CredentialLibrary) GetCreateTime ¶
func (x *CredentialLibrary) GetCreateTime() *timestamp.Timestamp
func (*CredentialLibrary) GetCredentialType ¶ added in v0.7.4
func (x *CredentialLibrary) GetCredentialType() string
func (*CredentialLibrary) GetDescription ¶
func (x *CredentialLibrary) GetDescription() string
func (*CredentialLibrary) GetHttpMethod ¶
func (x *CredentialLibrary) GetHttpMethod() string
func (*CredentialLibrary) GetHttpRequestBody ¶
func (x *CredentialLibrary) GetHttpRequestBody() []byte
func (*CredentialLibrary) GetName ¶
func (x *CredentialLibrary) GetName() string
func (*CredentialLibrary) GetPublicId ¶
func (x *CredentialLibrary) GetPublicId() string
func (*CredentialLibrary) GetStoreId ¶
func (x *CredentialLibrary) GetStoreId() string
func (*CredentialLibrary) GetUpdateTime ¶
func (x *CredentialLibrary) GetUpdateTime() *timestamp.Timestamp
func (*CredentialLibrary) GetVaultPath ¶
func (x *CredentialLibrary) GetVaultPath() string
func (*CredentialLibrary) GetVersion ¶
func (x *CredentialLibrary) GetVersion() uint32
func (*CredentialLibrary) ProtoMessage ¶
func (*CredentialLibrary) ProtoMessage()
func (*CredentialLibrary) ProtoReflect ¶
func (x *CredentialLibrary) ProtoReflect() protoreflect.Message
func (*CredentialLibrary) Reset ¶
func (x *CredentialLibrary) Reset()
func (*CredentialLibrary) String ¶
func (x *CredentialLibrary) String() string
type CredentialStore ¶
type CredentialStore struct { // public_id is a surrogate key suitable for use in a public API. // @inject_tag: `gorm:"primary_key"` PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"` // The create_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"` // The update_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"` // The delete_time is set by the application. // @inject_tag: `gorm:"default:null"` DeleteTime *timestamp.Timestamp `protobuf:"bytes,4,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty" gorm:"default:null"` // name is optional. If set, it must be unique within scope_id. // @inject_tag: `gorm:"default:null"` Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"` // description is optional. // @inject_tag: `gorm:"default:null"` Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"` // The scope_id of the owning scope. // It must be set. // @inject_tag: `gorm:"not_null"` ScopeId string `protobuf:"bytes,7,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"` // version allows optimistic locking of the resource. // @inject_tag: `gorm:"default:null"` Version uint32 `protobuf:"varint,8,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"` // vault_address is the address of the vault server. This should be a // complete URL. // It must be set. // @inject_tag: `gorm:"not_null"` VaultAddress string `protobuf:"bytes,9,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty" gorm:"not_null"` // namespace is the vault namespace the credential store should use. // It is optional. // @inject_tag: `gorm:"default:null"` Namespace string `protobuf:"bytes,10,opt,name=namespace,proto3" json:"namespace,omitempty" gorm:"default:null"` // ca_cert is a single PEM-encoded CA certificate to verify the Vault // server's SSL certificate. // It is optional. // @inject_tag: `gorm:"default:null"` CaCert []byte `protobuf:"bytes,11,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty" gorm:"default:null"` // tls_server_name is the name to use as the SNI host when connecting to // Vault via TLS. // It is optional. // @inject_tag: `gorm:"default:null"` TlsServerName string `protobuf:"bytes,12,opt,name=tls_server_name,json=tlsServerName,proto3" json:"tls_server_name,omitempty" gorm:"default:null"` // tls_skip_verify disables verification of TLS certificates. Using this // option is highly discouraged as it decreases the security of data // transmissions to and from the Vault server. // @inject_tag: `gorm:"default:false"` TlsSkipVerify bool `protobuf:"varint,13,opt,name=tls_skip_verify,json=tlsSkipVerify,proto3" json:"tls_skip_verify,omitempty" gorm:"default:false"` // worker_filter is optional. Filters to the worker(s) who can handle Vault requests for this cred store // @inject_tag: `gorm:"default:null"` WorkerFilter string `protobuf:"bytes,14,opt,name=worker_filter,json=workerFilter,proto3" json:"worker_filter,omitempty" gorm:"default:null"` // contains filtered or unexported fields }
func (*CredentialStore) Descriptor
deprecated
func (*CredentialStore) Descriptor() ([]byte, []int)
Deprecated: Use CredentialStore.ProtoReflect.Descriptor instead.
func (*CredentialStore) GetCaCert ¶
func (x *CredentialStore) GetCaCert() []byte
func (*CredentialStore) GetCreateTime ¶
func (x *CredentialStore) GetCreateTime() *timestamp.Timestamp
func (*CredentialStore) GetDeleteTime ¶
func (x *CredentialStore) GetDeleteTime() *timestamp.Timestamp
func (*CredentialStore) GetDescription ¶
func (x *CredentialStore) GetDescription() string
func (*CredentialStore) GetName ¶
func (x *CredentialStore) GetName() string
func (*CredentialStore) GetNamespace ¶
func (x *CredentialStore) GetNamespace() string
func (*CredentialStore) GetPublicId ¶
func (x *CredentialStore) GetPublicId() string
func (*CredentialStore) GetScopeId ¶
func (x *CredentialStore) GetScopeId() string
func (*CredentialStore) GetTlsServerName ¶
func (x *CredentialStore) GetTlsServerName() string
func (*CredentialStore) GetTlsSkipVerify ¶
func (x *CredentialStore) GetTlsSkipVerify() bool
func (*CredentialStore) GetUpdateTime ¶
func (x *CredentialStore) GetUpdateTime() *timestamp.Timestamp
func (*CredentialStore) GetVaultAddress ¶
func (x *CredentialStore) GetVaultAddress() string
func (*CredentialStore) GetVersion ¶
func (x *CredentialStore) GetVersion() uint32
func (*CredentialStore) GetWorkerFilter ¶ added in v0.10.0
func (x *CredentialStore) GetWorkerFilter() string
func (*CredentialStore) ProtoMessage ¶
func (*CredentialStore) ProtoMessage()
func (*CredentialStore) ProtoReflect ¶
func (x *CredentialStore) ProtoReflect() protoreflect.Message
func (*CredentialStore) Reset ¶
func (x *CredentialStore) Reset()
func (*CredentialStore) String ¶
func (x *CredentialStore) String() string
type SshPrivateKeyOverride ¶ added in v0.10.0
type SshPrivateKeyOverride struct { // library_id of the owning vault credential library. // @inject_tag: `gorm:"primary_key"` LibraryId string `protobuf:"bytes,1,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty" gorm:"primary_key"` // username_attribute is the name of the attribute in the Data field of a // Vault api.Secret that maps to a username. // If set, it overrides any default attribute names the system uses to // find a username attribute. // // See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25 // // @inject_tag: `gorm:"default:null"` UsernameAttribute string `` /* 132-byte string literal not displayed */ // private_key_attribute is the name of the attribute in the Data field of a // Vault api.Secret that maps to a private key. // If set, it overrides any default attribute names the system uses to // find a private_key attribute. // // See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25 // // @inject_tag: `gorm:"default:null"` PrivateKeyAttribute string `` /* 140-byte string literal not displayed */ // private_key_passphrase_attribute is the name of the attribute in the Data // field of a Vault api.Secret that maps to a private key passphrase. If set, // it overrides any default attribute names the system uses to find a // private_key_passphrase attribute. // // See // https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25 // // @inject_tag: `gorm:"default:null"` PrivateKeyPassphraseAttribute string `` /* 172-byte string literal not displayed */ // contains filtered or unexported fields }
func (*SshPrivateKeyOverride) Descriptor
deprecated
added in
v0.10.0
func (*SshPrivateKeyOverride) Descriptor() ([]byte, []int)
Deprecated: Use SshPrivateKeyOverride.ProtoReflect.Descriptor instead.
func (*SshPrivateKeyOverride) GetLibraryId ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetLibraryId() string
func (*SshPrivateKeyOverride) GetPrivateKeyAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetPrivateKeyAttribute() string
func (*SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute() string
func (*SshPrivateKeyOverride) GetUsernameAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetUsernameAttribute() string
func (*SshPrivateKeyOverride) ProtoMessage ¶ added in v0.10.0
func (*SshPrivateKeyOverride) ProtoMessage()
func (*SshPrivateKeyOverride) ProtoReflect ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) ProtoReflect() protoreflect.Message
func (*SshPrivateKeyOverride) Reset ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) Reset()
func (*SshPrivateKeyOverride) String ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) String() string
type Token ¶
type Token struct { // token_hmac is the hmac-sha256 value of the token. The hmac key is the // blake2b-256 value of the token accessor. // @inject_tag: `gorm:"primary_key"` TokenHmac []byte `protobuf:"bytes,1,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"primary_key"` // token is the plain-text of the token data. We are not storing this // plain-text token in the database. // @inject_tag: `gorm:"-" wrapping:"pt,token_data"` Token []byte `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty" gorm:"-" wrapping:"pt,token_data"` // ct_token is the ciphertext of the token data. It is stored in the database. // @inject_tag: `gorm:"column:token;not_null" wrapping:"ct,token_data"` CtToken []byte `` /* 136-byte string literal not displayed */ // store_id is the ID of the owning vault credential store. A vault // credential store can have 0 or 1 token. // It must be set. // @inject_tag: `gorm:"not_null"` StoreId string `protobuf:"bytes,4,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"` // create_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"` // update_time is set by the database. // @inject_tag: `gorm:"default:current_timestamp"` UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"` // last_renewal_time is the time the token was last renewed with Vault. // @inject_tag: `gorm:"default:null"` LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */ // expiration_time is the time the token is expected to expire. // expiration_time is calculated when the token is renewed. // // The calculation is: // expiration_time := time.Now().Add(LeaseDuration * time.Second) // LeaseDuration is a value returned by Vault when the token is renewed. // // https://www.vaultproject.io/api-docs/auth/token#renew-a-token-self // // @inject_tag: `gorm:"default:null"` ExpirationTime *timestamp.Timestamp `protobuf:"bytes,9,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"` // The key_id of the kms database key used for encrypting this entry. // It must be set. // @inject_tag: `gorm:"not_null"` KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"` // The status of the token. // It must be set. // @inject_tag: `gorm:"not_null"` Status string `protobuf:"bytes,11,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"` // contains filtered or unexported fields }
func (*Token) Descriptor
deprecated
func (*Token) GetCreateTime ¶
func (*Token) GetCtToken ¶
func (*Token) GetExpirationTime ¶
func (*Token) GetLastRenewalTime ¶
func (*Token) GetStoreId ¶
func (*Token) GetTokenHmac ¶
func (*Token) GetUpdateTime ¶
func (*Token) ProtoMessage ¶
func (*Token) ProtoMessage()
func (*Token) ProtoReflect ¶
func (x *Token) ProtoReflect() protoreflect.Message
type UsernamePasswordOverride ¶ added in v0.9.1
type UsernamePasswordOverride struct { // library_id of the owning vault credential library. // @inject_tag: `gorm:"primary_key"` LibraryId string `protobuf:"bytes,1,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty" gorm:"primary_key"` // username_attribute is the name of the attribute in the Data field of a // Vault api.Secret that maps to a username. // If set, it overrides any default attribute names the system uses to // find a username attribute. // // See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25 // // @inject_tag: `gorm:"default:null"` UsernameAttribute string `` /* 132-byte string literal not displayed */ // password_attribute is the name of the attribute in the Data field of a // Vault api.Secret that maps to a password. // If set, it overrides any default attribute names the system uses to // find a password attribute. // // See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25 // // @inject_tag: `gorm:"default:null"` PasswordAttribute string `` /* 132-byte string literal not displayed */ // contains filtered or unexported fields }
func (*UsernamePasswordOverride) Descriptor
deprecated
added in
v0.9.1
func (*UsernamePasswordOverride) Descriptor() ([]byte, []int)
Deprecated: Use UsernamePasswordOverride.ProtoReflect.Descriptor instead.
func (*UsernamePasswordOverride) GetLibraryId ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetLibraryId() string
func (*UsernamePasswordOverride) GetPasswordAttribute ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetPasswordAttribute() string
func (*UsernamePasswordOverride) GetUsernameAttribute ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetUsernameAttribute() string
func (*UsernamePasswordOverride) ProtoMessage ¶ added in v0.9.1
func (*UsernamePasswordOverride) ProtoMessage()
func (*UsernamePasswordOverride) ProtoReflect ¶ added in v0.9.1
func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message
func (*UsernamePasswordOverride) Reset ¶ added in v0.9.1
func (x *UsernamePasswordOverride) Reset()
func (*UsernamePasswordOverride) String ¶ added in v0.9.1
func (x *UsernamePasswordOverride) String() string
Click to show internal directories.
Click to hide internal directories.