vault

package module
v0.1.0-beta Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2023 License: MPL-2.0 Imports: 32 Imported by: 97

README

[EXPERIMENTAL] Go Client for HashiCorp Vault

A simple client library generated from OpenAPI specification file to interact with HashiCorp Vault.

Warning: This library is currently marked as EXPERIMENTAL. Please try it out and give us feedback! Please do not use it in production.

Warning: The openapi.json file included in this repository is NOT the official Vault OpenAPI specification.

Contents

  1. Installation
  2. Examples
  3. Building the Library
  4. Under Development
  5. Documentation for API Endpoints

Installation

go get github.com/hashicorp/vault-client-go

Examples

Getting Started

Here is a simple example of using the library to read and write your first secret. For the sake of simplicity, we are authenticating with a root token. This example works with a Vault server running in -dev mode:

vault server -dev -dev-root-token-id="my-token"
package main

import (
	"context"
	"log"
	"time"

	"github.com/hashicorp/vault-client-go"
	"github.com/hashicorp/vault-client-go/schema"
)

func main() {
	ctx := context.Background()

	// prepare a client with the given base address
	client, err := vault.New(
		vault.WithBaseAddress("http://127.0.0.1:8200"),
		vault.WithRequestTimeout(30*time.Second),
	)
	if err != nil {
		log.Fatal(err)
	}

	// authenticate with a root token (insecure)
	if err := client.SetToken("my-token"); err != nil {
		log.Fatal(err)
	}

	// write a secret
	_, err = client.Secrets.KVv2Write(ctx, "my-secret", schema.KVv2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		},
	})
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret written successfully")

	// read a secret
	s, err := client.Secrets.KVv2Read(ctx, "my-secret")
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret retrieved:", s.Data)
}
Authentication

In the previous example we used an insecure (root token) authentication method. For production applications, it is recommended to use approle or one of the platform-specific authentication methods instead (e.g. Kubernetes, AWS, Azure, etc.). The functions to access these authentication methods are automatically generated under client.Auth. Below is an example of how to authenticate using approle authentication method. Please refer to the approle documentation for more details.

resp, err := client.Auth.AppRoleLogin(
	ctx,
	vault.AppRoleLoginRequest{
		RoleId:   os.Getenv("MY_APPROLE_ROLE_ID"),
		SecretId: os.Getenv("MY_APPROLE_SECRET_ID"),
	},
	vault.WithMountPath("my/approle/path"), // optional, defaults to "approle"
)
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

The secret identifier is often delivered as a wrapped token. In this case, you should unwrap it first as demonstrated here.

Using Generic Accessors

The library provides the following generic accessors which let you read, modify, and delete an arbitrary path within Vault:

client.Read(...)
client.ReadWithParameters(...)
client.ReadRaw(...)
client.ReadRawWithParameters(...)

client.Write(...)
client.WriteFromBytes(...)
client.WriteFromReader(...)

client.List(...)

client.Delete(...)
client.DeleteWithParameters(...)

For example, client.Secrets.KVv2Write(...) from Getting Started section could be rewritten using a generic client.Write(...) like so:

_, err = client.Write(ctx, "/secret/data/my-secret", map[string]any{
	"data": map[string]any{
		"password1": "abc123",
		"password2": "correct horse battery staple",
	},
})
Using Generated Methods

The library has a number of generated methods corresponding to the known Vault API endpoints. They are organized in four catagories:

client.Auth     // authentication-related methods
client.Secrets  // methods dealing with secrets engines
client.Identity // identity-related methods
client.System   // various system-wide calls

Below is an example of accessing a generated System.ReadMounts method (equivalent to vault secrets list or GET /v1/sys/mounts):

resp, err := client.System.ReadMounts(ctx)
if err != nil {
	log.Fatal(err)
}

for engine := range resp.Data {
	log.Println(engine)
}

Note: the response.Data is currently returned as simple map[string]any maps. Structured (strongly typed) responses are coming soon!

Modifying Requests

You can modify the requests in one of two ways, either at the client level or by decorating individual requests:

// all subsequent requests will use the given token & namespace
_ = client.SetToken("my-token")
_ = client.SetNamespace("my-namespace")

// per-request decorators take precedence over the client-level settings
resp, _ = client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithToken("request-specific-token"),
	vault.WithNamespace("request-specific-namespace"),
)
Overriding Default Mount Path

Vault plugins can be mounted at arbitrary mount paths using -path command-line argument:

vault secrets enable -path=my/mount/path kv-v2

To accomodate this behavior, the requests defined under client.Auth and client.Secrets can be offset with mount path overrides using the following syntax:

// Equivalent to client.Read(ctx, "my/mount/path/data/my-secret")
secret, err := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithMountPath("my/mount/path"),
)
Response Wrapping & Unwrapping

Please refer to the response-wrapping documentation for more background information.

// wrap the response with a 5 minute TTL
resp, _ := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithResponseWrapping(5*time.Minute),
)
wrapped := resp.WrapInfo.Token

// unwrap the response (usually done elsewhere)
unwrapped, _ := vault.Unwrap[map[string]any](ctx, client, wrapped)
Error Handling

There are a couple specialized error types that the client can return:

  • ResponseError is the error returned when Vault responds with a status code outside of the 200 - 399 range.
  • RedirectError is the error returned when the client fails to process a redirect response.

The client also provides a convenience function vault.IsErrorStatus(...) to simplify error handling:

s, err := client.Secrets.KVv2Read(ctx, "my-secret")
if err != nil {
	if vault.IsErrorStatus(err, http.StatusForbidden) {
		// special handling for 403 errors
	}
	if vault.IsErrorStatus(err, http.StatusNotFound) {
		// special handling for 404 errors
	}
	return err
}
Using TLS

To enable TLS, simply specify the location of the Vault server's CA certificate file in the configuration:

tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}
...

You can test this with a -dev-tls Vault server:

vault server -dev-tls -dev-root-token-id="my-token"
Using TLS with Client-side Certificate Authentication
tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"
tls.ClientCertificate.FromFile = "/tmp/client-cert.pem"
tls.ClientCertificateKey.FromFile = "/tmp/client-cert-key.pem"

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}

resp, err := client.Auth.CertLogin(ctx, vault.CertLoginRequest{
	Name: "my-cert",
})
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

Note: this is a temporary solution using a generated method. The user experience will be improved with the introduction of auth wrappers.

Loading Configuration from Environment Variables
client, err := vault.New(
	vault.WithEnvironment(),
)
if err != nil {
	log.Fatal(err)
}
export VAULT_ADDR=http://localhost:8200
export VAULT_TOKEN=my-token
go run main.go
Logging Requests & Responses with Request/Response Callbacks
client.SetRequestCallbacks(func(req *http.Request) {
	// log req
})
client.SetResponseCallbacks(func(req *http.Request, resp *http.Response) {
	// log req, resp
})

Alternatively, vault.WithRequestCallbacks(..) / vault.WithResponseCallbacks(..) may be used to inject callbacks for individual requests.

Enforcing Read-your-writes Replication Semantics

Detailed background information of the read-after-write consistency problem can be found in the consistency and replication documentation pages.

You can enforce read-your-writes semantics for individual requests through callbacks:

var state string

// write
_, err := client.Secrets.KVv2Write(
	ctx,
	"my-secret",
	schema.KVv2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		},
	}
	vault.WithResponseCallbacks(
		vault.RecordReplicationState(
			&state,
		),
	),
)

// read
secret, err := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithRequestCallbacks(
		vault.RequireReplicationStates(
			&state,
		),
	),
)

Alternatively, enforce read-your-writes semantics for all requests using the following setting:

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithEnforceReadYourWritesConsistency(),
)

Building the Library

The vast majority of the code, including the client's endpoints, requests and responses is generated from the OpenAPI specification file v1.13.0 using openapi-generator. If you make any changes to the underlying templates (generate/templates/*), make sure to regenerate the files by running the following:

make regen && go build

Under Development

This library is currently under active development. Below is a list of high-level features that have been implemented:

  • TLS
  • Read/Write/Delete/List base accessors
  • Automatic retries on errors (using go-retryablehttp)
  • Custom redirect logic
  • Client-side rate limiting
  • Vault-specific headers (X-Vault-Token, X-Vault-Namespace, etc.) and custom headers
  • Request/Response callbacks
  • Environment variables for configuration
  • Read-your-writes semantics
  • Thread-safe cloning and client modifications
  • Response wrapping & unwrapping
  • CI/CD pipelines

The following features are coming soon:

  • Structured responses (as part of the specification file)
  • Testing framework
  • Authentication wrappers
  • Other helpers & wrappers (KV, SSH, Monitor, Plugins, LifetimeWatcher, etc.)

Documentation for API Endpoints

Documentation

Index

Constants

View Source
const ClientVersion = "0.1.0-beta"

Variables

This section is empty.

Functions

func DefaultRetryPolicy

func DefaultRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error)

DefaultRetryPolicy provides a default callback for RetryConfiguration.CheckRetry. In addition to retryablehttp.DefaultRetryPolicy, it retries on 412 responses, which are returned by Vault when a X-Vault-Index header isn't satisfied.

func IsErrorStatus

func IsErrorStatus(err error, status int) bool

IsErrorStatus returns true if the given error is either a ResponseError or a RedirectError with the given status code.

func MergeReplicationStates

func MergeReplicationStates(old []string, new string) []string

MergeReplicationStates returns a merged array of replication states by iterating through all states in the `old` slice. An iterated state is merged into the result before the `new` based on the result of compareReplicationStates

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

Auth is a simple wrapper around the client for Auth requests

func (*Auth) AWSConfigDeleteCertificate

func (a *Auth) AWSConfigDeleteCertificate(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteCertificate certName: Name of the certificate.

func (*Auth) AWSConfigDeleteClient

func (a *Auth) AWSConfigDeleteClient(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteClient

func (*Auth) AWSConfigDeleteIdentityAccessList

func (a *Auth) AWSConfigDeleteIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteIdentityAccessList

func (*Auth) AWSConfigDeleteIdentityWhiteList

func (a *Auth) AWSConfigDeleteIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteIdentityWhiteList

func (*Auth) AWSConfigDeleteRoleTagBlackList

func (a *Auth) AWSConfigDeleteRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteRoleTagBlackList

func (*Auth) AWSConfigDeleteRoleTagDenyList

func (a *Auth) AWSConfigDeleteRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteRoleTagDenyList

func (*Auth) AWSConfigDeleteSecurityTokenServiceAccount

func (a *Auth) AWSConfigDeleteSecurityTokenServiceAccount(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSConfigListCertificates

func (a *Auth) AWSConfigListCertificates(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigListCertificates

func (*Auth) AWSConfigListSecurityTokenService

func (a *Auth) AWSConfigListSecurityTokenService(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigListSecurityTokenService

func (*Auth) AWSConfigReadCertificate

func (a *Auth) AWSConfigReadCertificate(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadCertificate certName: Name of the certificate.

func (*Auth) AWSConfigReadClient

func (a *Auth) AWSConfigReadClient(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadClient

func (*Auth) AWSConfigReadIdentity

func (a *Auth) AWSConfigReadIdentity(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentity

func (*Auth) AWSConfigReadIdentityAccessList

func (a *Auth) AWSConfigReadIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentityAccessList

func (*Auth) AWSConfigReadIdentityWhiteList

func (a *Auth) AWSConfigReadIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentityWhiteList

func (*Auth) AWSConfigReadRoleTagBlackList

func (a *Auth) AWSConfigReadRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRoleTagBlackList

func (*Auth) AWSConfigReadRoleTagDenyList

func (a *Auth) AWSConfigReadRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRoleTagDenyList

func (*Auth) AWSConfigReadSecurityTokenServiceAccount

func (a *Auth) AWSConfigReadSecurityTokenServiceAccount(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSConfigRotateRoot

func (a *Auth) AWSConfigRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigRotateRoot

func (*Auth) AWSConfigWriteCertificate

func (a *Auth) AWSConfigWriteCertificate(ctx context.Context, certName string, request schema.AWSConfigWriteCertificateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteCertificate certName: Name of the certificate.

func (*Auth) AWSConfigWriteClient

func (a *Auth) AWSConfigWriteClient(ctx context.Context, request schema.AWSConfigWriteClientRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteClient

func (*Auth) AWSConfigWriteIdentity

func (a *Auth) AWSConfigWriteIdentity(ctx context.Context, request schema.AWSConfigWriteIdentityRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentity

func (*Auth) AWSConfigWriteIdentityAccessList

func (a *Auth) AWSConfigWriteIdentityAccessList(ctx context.Context, request schema.AWSConfigWriteIdentityAccessListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentityAccessList

func (*Auth) AWSConfigWriteIdentityWhiteList

func (a *Auth) AWSConfigWriteIdentityWhiteList(ctx context.Context, request schema.AWSConfigWriteIdentityWhiteListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentityWhiteList

func (*Auth) AWSConfigWriteRoleTagBlackList

func (a *Auth) AWSConfigWriteRoleTagBlackList(ctx context.Context, request schema.AWSConfigWriteRoleTagBlackListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRoleTagBlackList

func (*Auth) AWSConfigWriteRoleTagDenyList

func (a *Auth) AWSConfigWriteRoleTagDenyList(ctx context.Context, request schema.AWSConfigWriteRoleTagDenyListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRoleTagDenyList

func (*Auth) AWSConfigWriteSecurityTokenServiceAccount

func (a *Auth) AWSConfigWriteSecurityTokenServiceAccount(ctx context.Context, accountId string, request schema.AWSConfigWriteSecurityTokenServiceAccountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSDeleteAuthRole

func (a *Auth) AWSDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteAuthRole role: Name of the role.

func (*Auth) AWSDeleteIdentityAccessListFor

func (a *Auth) AWSDeleteIdentityAccessListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteIdentityAccessListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSDeleteIdentityWhiteListFor

func (a *Auth) AWSDeleteIdentityWhiteListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteIdentityWhiteListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSDeleteRoleTagBlackListFor

func (a *Auth) AWSDeleteRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSDeleteRoleTagDenyListFor

func (a *Auth) AWSDeleteRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSListAuthRoles

func (a *Auth) AWSListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListAuthRoles

func (*Auth) AWSListAuthRoles2

func (a *Auth) AWSListAuthRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListAuthRoles2

func (*Auth) AWSListIdentityAccessList

func (a *Auth) AWSListIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListIdentityAccessList

func (*Auth) AWSListIdentityWhiteList

func (a *Auth) AWSListIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListIdentityWhiteList

func (*Auth) AWSListRoleTagBlackList

func (a *Auth) AWSListRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoleTagBlackList

func (*Auth) AWSListRoleTagDenyList

func (a *Auth) AWSListRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoleTagDenyList

func (*Auth) AWSLogin

func (a *Auth) AWSLogin(ctx context.Context, request schema.AWSLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSLogin

func (*Auth) AWSReadAuthRole

func (a *Auth) AWSReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadAuthRole role: Name of the role.

func (*Auth) AWSReadIdentityAccessListFor

func (a *Auth) AWSReadIdentityAccessListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadIdentityAccessListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSReadIdentityWhiteListFor

func (a *Auth) AWSReadIdentityWhiteListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadIdentityWhiteListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSReadRoleTagBlackListFor

func (a *Auth) AWSReadRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSReadRoleTagDenyListFor

func (a *Auth) AWSReadRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteAuthRole

func (a *Auth) AWSWriteAuthRole(ctx context.Context, role string, request schema.AWSWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteAuthRole role: Name of the role.

func (*Auth) AWSWriteAuthRoleTag

func (a *Auth) AWSWriteAuthRoleTag(ctx context.Context, role string, request schema.AWSWriteAuthRoleTagRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteAuthRoleTag role: Name of the role.

func (*Auth) AWSWriteIdentityAccessListTidySettings

func (a *Auth) AWSWriteIdentityAccessListTidySettings(ctx context.Context, request schema.AWSWriteIdentityAccessListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteIdentityAccessListTidySettings

func (*Auth) AWSWriteIdentityWhiteListTidySettings

func (a *Auth) AWSWriteIdentityWhiteListTidySettings(ctx context.Context, request schema.AWSWriteIdentityWhiteListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteIdentityWhiteListTidySettings

func (*Auth) AWSWriteRoleTagBlackListFor

func (a *Auth) AWSWriteRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteRoleTagBlackListTidySettings

func (a *Auth) AWSWriteRoleTagBlackListTidySettings(ctx context.Context, request schema.AWSWriteRoleTagBlackListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagBlackListTidySettings

func (*Auth) AWSWriteRoleTagDenyListFor

func (a *Auth) AWSWriteRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteRoleTagDenyListTidySettings

func (a *Auth) AWSWriteRoleTagDenyListTidySettings(ctx context.Context, request schema.AWSWriteRoleTagDenyListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagDenyListTidySettings

func (*Auth) AliCloudDeleteAuthRole

func (a *Auth) AliCloudDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudListAuthRoles

func (a *Auth) AliCloudListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListAuthRoles Lists all the roles that are registered with Vault.

func (*Auth) AliCloudListAuthRoles2

func (a *Auth) AliCloudListAuthRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListAuthRoles2 Lists all the roles that are registered with Vault.

func (*Auth) AliCloudLogin

func (a *Auth) AliCloudLogin(ctx context.Context, request schema.AliCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudLogin Authenticates an RAM entity with Vault.

func (*Auth) AliCloudReadAuthRole

func (a *Auth) AliCloudReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudWriteAuthRole

func (a *Auth) AliCloudWriteAuthRole(ctx context.Context, role string, request schema.AliCloudWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AppRoleDeleteBindSecretID

func (a *Auth) AppRoleDeleteBindSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteBoundCIDRList

func (a *Auth) AppRoleDeleteBoundCIDRList(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePeriod

func (a *Auth) AppRoleDeletePeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePolicies

func (a *Auth) AppRoleDeletePolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteRole

func (a *Auth) AppRoleDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDAccessorDestroy

func (a *Auth) AppRoleDeleteSecretIDAccessorDestroy(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDAccessorDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDBoundCIDRs

func (a *Auth) AppRoleDeleteSecretIDBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDDestroy

func (a *Auth) AppRoleDeleteSecretIDDestroy(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDNumUses

func (a *Auth) AppRoleDeleteSecretIDNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDTTL

func (a *Auth) AppRoleDeleteSecretIDTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenBoundCIDRs

func (a *Auth) AppRoleDeleteTokenBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenMaxTTL

func (a *Auth) AppRoleDeleteTokenMaxTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenNumUses

func (a *Auth) AppRoleDeleteTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenTTL

func (a *Auth) AppRoleDeleteTokenTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleListRoles

func (a *Auth) AppRoleListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.AppRoleListRolesResponse], error)

AppRoleListRoles

func (*Auth) AppRoleListSecretID

func (a *Auth) AppRoleListSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleListSecretIDResponse], error)

AppRoleListSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleLogin

func (a *Auth) AppRoleLogin(ctx context.Context, request schema.AppRoleLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleLogin

func (*Auth) AppRoleReadBindSecretID

func (a *Auth) AppRoleReadBindSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBindSecretIDResponse], error)

AppRoleReadBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadBoundCIDRList

func (a *Auth) AppRoleReadBoundCIDRList(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBoundCIDRListResponse], error)

AppRoleReadBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadLocalSecretIDs

func (a *Auth) AppRoleReadLocalSecretIDs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadLocalSecretIDsResponse], error)

AppRoleReadLocalSecretIDs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPeriod

func (a *Auth) AppRoleReadPeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPeriodResponse], error)

AppRoleReadPeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPolicies

func (a *Auth) AppRoleReadPolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPoliciesResponse], error)

AppRoleReadPolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRole

func (a *Auth) AppRoleReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleResponse], error)

AppRoleReadRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRoleID

func (a *Auth) AppRoleReadRoleID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleIDResponse], error)

AppRoleReadRoleID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDBoundCIDRs

func (a *Auth) AppRoleReadSecretIDBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDBoundCIDRsResponse], error)

AppRoleReadSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDNumUses

func (a *Auth) AppRoleReadSecretIDNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDNumUsesResponse], error)

AppRoleReadSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDTTL

func (a *Auth) AppRoleReadSecretIDTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDTTLResponse], error)

AppRoleReadSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenBoundCIDRs

func (a *Auth) AppRoleReadTokenBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenBoundCIDRsResponse], error)

AppRoleReadTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenMaxTTL

func (a *Auth) AppRoleReadTokenMaxTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenMaxTTLResponse], error)

AppRoleReadTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenNumUses

func (a *Auth) AppRoleReadTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenNumUsesResponse], error)

AppRoleReadTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenTTL

func (a *Auth) AppRoleReadTokenTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenTTLResponse], error)

AppRoleReadTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleTidySecretID

func (a *Auth) AppRoleTidySecretID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleTidySecretID Trigger the clean-up of expired SecretID entries.

func (*Auth) AppRoleWriteBindSecretID

func (a *Auth) AppRoleWriteBindSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteBindSecretIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteBoundCIDRList

func (a *Auth) AppRoleWriteBoundCIDRList(ctx context.Context, roleName string, request schema.AppRoleWriteBoundCIDRListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteCustomSecretID

func (a *Auth) AppRoleWriteCustomSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteCustomSecretIDRequest, options ...RequestOption) (*Response[schema.AppRoleWriteCustomSecretIDResponse], error)

AppRoleWriteCustomSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePeriod

func (a *Auth) AppRoleWritePeriod(ctx context.Context, roleName string, request schema.AppRoleWritePeriodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePolicies

func (a *Auth) AppRoleWritePolicies(ctx context.Context, roleName string, request schema.AppRoleWritePoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRole

func (a *Auth) AppRoleWriteRole(ctx context.Context, roleName string, request schema.AppRoleWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRoleID

func (a *Auth) AppRoleWriteRoleID(ctx context.Context, roleName string, request schema.AppRoleWriteRoleIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRoleID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretID

func (a *Auth) AppRoleWriteSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDResponse], error)

AppRoleWriteSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDAccessorDestroy

func (a *Auth) AppRoleWriteSecretIDAccessorDestroy(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDAccessorDestroyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDAccessorDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDAccessorLookup

func (a *Auth) AppRoleWriteSecretIDAccessorLookup(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDAccessorLookupRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDAccessorLookupResponse], error)

AppRoleWriteSecretIDAccessorLookup roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDBoundCIDRs

func (a *Auth) AppRoleWriteSecretIDBoundCIDRs(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDBoundCIDRsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDDestroy

func (a *Auth) AppRoleWriteSecretIDDestroy(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDDestroyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDLookup

func (a *Auth) AppRoleWriteSecretIDLookup(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDLookupRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDLookupResponse], error)

AppRoleWriteSecretIDLookup roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDNumUses

func (a *Auth) AppRoleWriteSecretIDNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDTTL

func (a *Auth) AppRoleWriteSecretIDTTL(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenBoundCIDRs

func (a *Auth) AppRoleWriteTokenBoundCIDRs(ctx context.Context, roleName string, request schema.AppRoleWriteTokenBoundCIDRsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenMaxTTL

func (a *Auth) AppRoleWriteTokenMaxTTL(ctx context.Context, roleName string, request schema.AppRoleWriteTokenMaxTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenNumUses

func (a *Auth) AppRoleWriteTokenNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteTokenNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenTTL

func (a *Auth) AppRoleWriteTokenTTL(ctx context.Context, roleName string, request schema.AppRoleWriteTokenTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AzureDeleteAuthConfig

func (a *Auth) AzureDeleteAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthConfig

func (*Auth) AzureDeleteAuthRole

func (a *Auth) AzureDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthRole name: Name of the role.

func (*Auth) AzureListAuthRoles

func (a *Auth) AzureListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureListAuthRoles

func (*Auth) AzureLogin

func (a *Auth) AzureLogin(ctx context.Context, request schema.AzureLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureLogin

func (*Auth) AzureReadAuthConfig

func (a *Auth) AzureReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthConfig

func (*Auth) AzureReadAuthRole

func (a *Auth) AzureReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthRole name: Name of the role.

func (*Auth) AzureWriteAuthConfig

func (a *Auth) AzureWriteAuthConfig(ctx context.Context, request schema.AzureWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteAuthConfig

func (*Auth) AzureWriteAuthRole

func (a *Auth) AzureWriteAuthRole(ctx context.Context, name string, request schema.AzureWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteAuthRole name: Name of the role.

func (*Auth) CentrifyLogin

func (a *Auth) CentrifyLogin(ctx context.Context, request schema.CentrifyLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyLogin Log in with a username and password.

func (*Auth) CentrifyReadConfig

func (a *Auth) CentrifyReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyReadConfig This path allows you to configure the centrify auth provider to interact with the Centrify Identity Services Platform for authenticating users.

func (*Auth) CentrifyWriteConfig

func (a *Auth) CentrifyWriteConfig(ctx context.Context, request schema.CentrifyWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyWriteConfig This path allows you to configure the centrify auth provider to interact with the Centrify Identity Services Platform for authenticating users.

func (*Auth) CertificatesDelete

func (a *Auth) CertificatesDelete(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesDelete Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesDeleteCRL

func (a *Auth) CertificatesDeleteCRL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesDeleteCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesList

func (a *Auth) CertificatesList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesList Manage trusted certificates used for authentication.

func (*Auth) CertificatesListCRLs

func (a *Auth) CertificatesListCRLs(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesListCRLs

func (*Auth) CertificatesLogin

func (a *Auth) CertificatesLogin(ctx context.Context, request schema.CertificatesLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesLogin

func (*Auth) CertificatesRead

func (a *Auth) CertificatesRead(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesRead Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesReadCRL

func (a *Auth) CertificatesReadCRL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesReadCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesReadConfig

func (a *Auth) CertificatesReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesReadConfig

func (*Auth) CertificatesWrite

func (a *Auth) CertificatesWrite(ctx context.Context, name string, request schema.CertificatesWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWrite Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesWriteCRL

func (a *Auth) CertificatesWriteCRL(ctx context.Context, name string, request schema.CertificatesWriteCRLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWriteCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesWriteConfig

func (a *Auth) CertificatesWriteConfig(ctx context.Context, request schema.CertificatesWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWriteConfig

func (*Auth) CloudFoundryDeleteConfig

func (a *Auth) CloudFoundryDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteConfig

func (*Auth) CloudFoundryDeleteRole

func (a *Auth) CloudFoundryDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteRole role: The name of the role.

func (*Auth) CloudFoundryListRoles

func (a *Auth) CloudFoundryListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryListRoles

func (*Auth) CloudFoundryLogin

func (a *Auth) CloudFoundryLogin(ctx context.Context, request schema.CloudFoundryLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryLogin

func (*Auth) CloudFoundryReadConfig

func (a *Auth) CloudFoundryReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadConfig

func (*Auth) CloudFoundryReadRole

func (a *Auth) CloudFoundryReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadRole role: The name of the role.

func (*Auth) CloudFoundryWriteConfig

func (a *Auth) CloudFoundryWriteConfig(ctx context.Context, request schema.CloudFoundryWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryWriteConfig

func (*Auth) CloudFoundryWriteRole

func (a *Auth) CloudFoundryWriteRole(ctx context.Context, role string, request schema.CloudFoundryWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryWriteRole role: The name of the role.

func (*Auth) GitHubDeleteMapTeam

func (a *Auth) GitHubDeleteMapTeam(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubDeleteMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubDeleteMapUser

func (a *Auth) GitHubDeleteMapUser(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubDeleteMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GitHubLogin

func (a *Auth) GitHubLogin(ctx context.Context, request schema.GitHubLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubLogin

func (*Auth) GitHubReadConfig

func (a *Auth) GitHubReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadConfig

func (*Auth) GitHubReadMapTeam

func (a *Auth) GitHubReadMapTeam(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubReadMapTeams

func (a *Auth) GitHubReadMapTeams(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapTeams Read mappings for teams list: Return a list if `true`

func (*Auth) GitHubReadMapUser

func (a *Auth) GitHubReadMapUser(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GitHubReadMapUsers

func (a *Auth) GitHubReadMapUsers(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapUsers Read mappings for users list: Return a list if `true`

func (*Auth) GitHubWriteConfig

func (a *Auth) GitHubWriteConfig(ctx context.Context, request schema.GitHubWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteConfig

func (*Auth) GitHubWriteMapTeam

func (a *Auth) GitHubWriteMapTeam(ctx context.Context, key string, request schema.GitHubWriteMapTeamRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubWriteMapUser

func (a *Auth) GitHubWriteMapUser(ctx context.Context, key string, request schema.GitHubWriteMapUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GoogleCloudDeleteRole

func (a *Auth) GoogleCloudDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudListRoles

func (a *Auth) GoogleCloudListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRoles Lists all the roles that are registered with Vault.

func (*Auth) GoogleCloudListRoles2

func (a *Auth) GoogleCloudListRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRoles2 Lists all the roles that are registered with Vault.

func (*Auth) GoogleCloudLogin

func (a *Auth) GoogleCloudLogin(ctx context.Context, request schema.GoogleCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudLogin

func (*Auth) GoogleCloudReadAuthConfig

func (a *Auth) GoogleCloudReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadAuthConfig Configure credentials used to query the GCP IAM API to verify authenticating service accounts

func (*Auth) GoogleCloudReadRole

func (a *Auth) GoogleCloudReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudWriteAuthConfig

func (a *Auth) GoogleCloudWriteAuthConfig(ctx context.Context, request schema.GoogleCloudWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteAuthConfig Configure credentials used to query the GCP IAM API to verify authenticating service accounts

func (*Auth) GoogleCloudWriteRole

func (a *Auth) GoogleCloudWriteRole(ctx context.Context, name string, request schema.GoogleCloudWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudWriteRoleLabels

func (a *Auth) GoogleCloudWriteRoleLabels(ctx context.Context, name string, request schema.GoogleCloudWriteRoleLabelsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleLabels Add or remove labels for an existing 'gce' role name: Name of the role.

func (*Auth) GoogleCloudWriteRoleServiceAccounts

func (a *Auth) GoogleCloudWriteRoleServiceAccounts(ctx context.Context, name string, request schema.GoogleCloudWriteRoleServiceAccountsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleServiceAccounts Add or remove service accounts for an existing `iam` role name: Name of the role.

func (*Auth) JWTDeleteRole

func (a *Auth) JWTDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTDeleteRole Delete an existing role. name: Name of the role.

func (*Auth) JWTListRoles

func (a *Auth) JWTListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTListRoles Lists all the roles registered with the backend. The list will contain the names of the roles.

func (*Auth) JWTLogin

func (a *Auth) JWTLogin(ctx context.Context, request schema.JWTLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTLogin Authenticates to Vault using a JWT (or OIDC) token.

func (*Auth) JWTReadConfig

func (a *Auth) JWTReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadConfig Read the current JWT authentication backend configuration.

func (*Auth) JWTReadOIDCCallback

func (a *Auth) JWTReadOIDCCallback(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadOIDCCallback Callback endpoint to complete an OIDC login.

func (*Auth) JWTReadRole

func (a *Auth) JWTReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadRole Read an existing role. name: Name of the role.

func (*Auth) JWTWriteConfig

func (a *Auth) JWTWriteConfig(ctx context.Context, request schema.JWTWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteConfig Configure the JWT authentication backend. The JWT authentication backend validates JWTs (or OIDC) using the configured credentials. If using OIDC Discovery, the URL must be provided, along with (optionally) the CA cert to use for the connection. If performing JWT validation locally, a set of public keys must be provided.

func (*Auth) JWTWriteOIDCAuthURL

func (a *Auth) JWTWriteOIDCAuthURL(ctx context.Context, request schema.JWTWriteOIDCAuthURLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteOIDCAuthURL Request an authorization URL to start an OIDC login flow.

func (*Auth) JWTWriteOIDCCallback

func (a *Auth) JWTWriteOIDCCallback(ctx context.Context, request schema.JWTWriteOIDCCallbackRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteOIDCCallback Callback endpoint to handle form_posts.

func (*Auth) JWTWriteRole

func (a *Auth) JWTWriteRole(ctx context.Context, name string, request schema.JWTWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteRole Register an role with the backend. A role is required to authenticate with this backend. The role binds JWT token information with token policies and settings. The bindings, token polices and token settings can all be configured using this endpoint name: Name of the role.

func (*Auth) KerberosDeleteGroup

func (a *Auth) KerberosDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosDeleteGroup name: Name of the LDAP group.

func (*Auth) KerberosListGroups

func (a *Auth) KerberosListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosListGroups

func (*Auth) KerberosLogin

func (a *Auth) KerberosLogin(ctx context.Context, request schema.KerberosLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosLogin

func (*Auth) KerberosReadConfig

func (a *Auth) KerberosReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadConfig

func (*Auth) KerberosReadGroup

func (a *Auth) KerberosReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadGroup name: Name of the LDAP group.

func (*Auth) KerberosReadLDAPConfig

func (a *Auth) KerberosReadLDAPConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadLDAPConfig

func (*Auth) KerberosWriteConfig

func (a *Auth) KerberosWriteConfig(ctx context.Context, request schema.KerberosWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteConfig

func (*Auth) KerberosWriteGroup

func (a *Auth) KerberosWriteGroup(ctx context.Context, name string, request schema.KerberosWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteGroup name: Name of the LDAP group.

func (*Auth) KerberosWriteLDAPConfig

func (a *Auth) KerberosWriteLDAPConfig(ctx context.Context, request schema.KerberosWriteLDAPConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteLDAPConfig

func (*Auth) KubernetesDeleteAuthRole

func (a *Auth) KubernetesDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesListAuthRoles

func (a *Auth) KubernetesListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesListAuthRoles Lists all the roles registered with the backend.

func (*Auth) KubernetesLogin

func (a *Auth) KubernetesLogin(ctx context.Context, request schema.KubernetesLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesLogin Authenticates Kubernetes service accounts with Vault.

func (*Auth) KubernetesReadAuthConfig

func (a *Auth) KubernetesReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthConfig Configures the JWT Public Key and Kubernetes API information.

func (*Auth) KubernetesReadAuthRole

func (a *Auth) KubernetesReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesWriteAuthConfig

func (a *Auth) KubernetesWriteAuthConfig(ctx context.Context, request schema.KubernetesWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteAuthConfig Configures the JWT Public Key and Kubernetes API information.

func (*Auth) KubernetesWriteAuthRole

func (a *Auth) KubernetesWriteAuthRole(ctx context.Context, name string, request schema.KubernetesWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) LDAPDeleteGroup

func (a *Auth) LDAPDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPDeleteUser

func (a *Auth) LDAPDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LDAPListGroups

func (a *Auth) LDAPListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListGroups Manage additional groups for users allowed to authenticate.

func (*Auth) LDAPListUsers

func (a *Auth) LDAPListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListUsers Manage users allowed to authenticate.

func (*Auth) LDAPLogin

func (a *Auth) LDAPLogin(ctx context.Context, username string, request schema.LDAPLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPLogin Log in with a username and password. username: DN (distinguished name) to be used for login.

func (*Auth) LDAPReadAuthConfig

func (a *Auth) LDAPReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadAuthConfig Configure the LDAP server to connect to, along with its options.

func (*Auth) LDAPReadGroup

func (a *Auth) LDAPReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPReadUser

func (a *Auth) LDAPReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LDAPWriteAuthConfig

func (a *Auth) LDAPWriteAuthConfig(ctx context.Context, request schema.LDAPWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteAuthConfig Configure the LDAP server to connect to, along with its options.

func (*Auth) LDAPWriteGroup

func (a *Auth) LDAPWriteGroup(ctx context.Context, name string, request schema.LDAPWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPWriteUser

func (a *Auth) LDAPWriteUser(ctx context.Context, name string, request schema.LDAPWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) OCIDeleteConfig

func (a *Auth) OCIDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIDeleteConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIDeleteRole

func (a *Auth) OCIDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIDeleteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OCIListRoles

func (a *Auth) OCIListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIListRoles Lists all the roles that are registered with Vault.

func (*Auth) OCILoginWithRole

func (a *Auth) OCILoginWithRole(ctx context.Context, role string, request schema.OCILoginWithRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCILoginWithRole Authenticates to Vault using OCI credentials role: Name of the role.

func (*Auth) OCIReadConfig

func (a *Auth) OCIReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIReadConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIReadRole

func (a *Auth) OCIReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIReadRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OCIWriteConfig

func (a *Auth) OCIWriteConfig(ctx context.Context, request schema.OCIWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIWriteConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIWriteRole

func (a *Auth) OCIWriteRole(ctx context.Context, role string, request schema.OCIWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIWriteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OIDCDeleteAuthRole

func (a *Auth) OIDCDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteAuthRole Delete an existing role. name: Name of the role.

func (*Auth) OIDCListAuthRoles

func (a *Auth) OIDCListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListAuthRoles Lists all the roles registered with the backend. The list will contain the names of the roles.

func (*Auth) OIDCLogin

func (a *Auth) OIDCLogin(ctx context.Context, request schema.OIDCLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCLogin Authenticates to Vault using a JWT (or OIDC) token.

func (*Auth) OIDCReadAuthConfig

func (a *Auth) OIDCReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAuthConfig Read the current JWT authentication backend configuration.

func (*Auth) OIDCReadAuthRole

func (a *Auth) OIDCReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAuthRole Read an existing role. name: Name of the role.

func (*Auth) OIDCReadCallback

func (a *Auth) OIDCReadCallback(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadCallback Callback endpoint to complete an OIDC login.

func (*Auth) OIDCWriteAuthConfig

func (a *Auth) OIDCWriteAuthConfig(ctx context.Context, request schema.OIDCWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthConfig Configure the JWT authentication backend. The JWT authentication backend validates JWTs (or OIDC) using the configured credentials. If using OIDC Discovery, the URL must be provided, along with (optionally) the CA cert to use for the connection. If performing JWT validation locally, a set of public keys must be provided.

func (*Auth) OIDCWriteAuthRole

func (a *Auth) OIDCWriteAuthRole(ctx context.Context, name string, request schema.OIDCWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthRole Register an role with the backend. A role is required to authenticate with this backend. The role binds JWT token information with token policies and settings. The bindings, token polices and token settings can all be configured using this endpoint name: Name of the role.

func (*Auth) OIDCWriteAuthURL

func (a *Auth) OIDCWriteAuthURL(ctx context.Context, request schema.OIDCWriteAuthURLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthURL Request an authorization URL to start an OIDC login flow.

func (*Auth) OIDCWriteCallback

func (a *Auth) OIDCWriteCallback(ctx context.Context, request schema.OIDCWriteCallbackRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteCallback Callback endpoint to handle form_posts.

func (*Auth) OktaDeleteGroup

func (a *Auth) OktaDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaDeleteUser

func (a *Auth) OktaDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaListGroups

func (a *Auth) OktaListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaListGroups Manage users allowed to authenticate.

func (*Auth) OktaListUsers

func (a *Auth) OktaListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaListUsers Manage additional groups for users allowed to authenticate.

func (*Auth) OktaLogin

func (a *Auth) OktaLogin(ctx context.Context, username string, request schema.OktaLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaLogin Log in with a username and password. username: Username to be used for login.

func (*Auth) OktaReadConfig

func (a *Auth) OktaReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadConfig This endpoint allows you to configure the Okta and its configuration options. The Okta organization are the characters at the front of the URL for Okta. Example https://ORG.okta.com

func (*Auth) OktaReadGroup

func (a *Auth) OktaReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaReadUser

func (a *Auth) OktaReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaVerify

func (a *Auth) OktaVerify(ctx context.Context, nonce string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaVerify nonce: Nonce provided during a login request to retrieve the number verification challenge for the matching request.

func (*Auth) OktaWriteConfig

func (a *Auth) OktaWriteConfig(ctx context.Context, request schema.OktaWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteConfig This endpoint allows you to configure the Okta and its configuration options. The Okta organization are the characters at the front of the URL for Okta. Example https://ORG.okta.com

func (*Auth) OktaWriteGroup

func (a *Auth) OktaWriteGroup(ctx context.Context, name string, request schema.OktaWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaWriteUser

func (a *Auth) OktaWriteUser(ctx context.Context, name string, request schema.OktaWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) RadiusDeleteUser

func (a *Auth) RadiusDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusDeleteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusListUsers

func (a *Auth) RadiusListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusListUsers Manage users allowed to authenticate.

func (*Auth) RadiusLogin

func (a *Auth) RadiusLogin(ctx context.Context, request schema.RadiusLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLogin Log in with a username and password.

func (*Auth) RadiusLoginWithUsername

func (a *Auth) RadiusLoginWithUsername(ctx context.Context, urlusername string, request schema.RadiusLoginWithUsernameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLoginWithUsername Log in with a username and password. urlusername: Username to be used for login. (URL parameter)

func (*Auth) RadiusReadConfig

func (a *Auth) RadiusReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadConfig Configure the RADIUS server to connect to, along with its options.

func (*Auth) RadiusReadUser

func (a *Auth) RadiusReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusWriteConfig

func (a *Auth) RadiusWriteConfig(ctx context.Context, request schema.RadiusWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusWriteConfig Configure the RADIUS server to connect to, along with its options.

func (*Auth) RadiusWriteUser

func (a *Auth) RadiusWriteUser(ctx context.Context, name string, request schema.RadiusWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusWriteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) TokenDeleteRole

func (a *Auth) TokenDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenDeleteRole roleName: Name of the role

func (*Auth) TokenListAccessors

func (a *Auth) TokenListAccessors(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenListAccessors List token accessors, which can then be be used to iterate and discover their properties or revoke them. Because this can be used to cause a denial of service, this endpoint requires 'sudo' capability in addition to 'list'.

func (*Auth) TokenListRoles

func (a *Auth) TokenListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenListRoles This endpoint lists configured roles.

func (*Auth) TokenReadLookup

func (a *Auth) TokenReadLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadLookup This endpoint will lookup a token and its properties.

func (*Auth) TokenReadLookupSelf

func (a *Auth) TokenReadLookupSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadLookupSelf This endpoint will lookup a token and its properties.

func (*Auth) TokenReadRole

func (a *Auth) TokenReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadRole roleName: Name of the role

func (*Auth) TokenRenew

func (a *Auth) TokenRenew(ctx context.Context, request schema.TokenRenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenew This endpoint will renew the given token and prevent expiration.

func (*Auth) TokenRenewAccessor

func (a *Auth) TokenRenewAccessor(ctx context.Context, request schema.TokenRenewAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewAccessor This endpoint will renew a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenRenewSelf

func (a *Auth) TokenRenewSelf(ctx context.Context, request schema.TokenRenewSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewSelf This endpoint will renew the token used to call it and prevent expiration.

func (*Auth) TokenRevoke

func (a *Auth) TokenRevoke(ctx context.Context, request schema.TokenRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevoke This endpoint will delete the given token and all of its child tokens.

func (*Auth) TokenRevokeAccessor

func (a *Auth) TokenRevokeAccessor(ctx context.Context, request schema.TokenRevokeAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeAccessor This endpoint will delete the token associated with the accessor and all of its child tokens.

func (*Auth) TokenRevokeOrphan

func (a *Auth) TokenRevokeOrphan(ctx context.Context, request schema.TokenRevokeOrphanRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeOrphan This endpoint will delete the token and orphan its child tokens.

func (*Auth) TokenRevokeSelf

func (a *Auth) TokenRevokeSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeSelf This endpoint will delete the token used to call it and all of its child tokens.

func (*Auth) TokenTidy

func (a *Auth) TokenTidy(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenTidy This endpoint performs cleanup tasks that can be run if certain error conditions have occurred.

func (*Auth) TokenWriteCreate

func (a *Auth) TokenWriteCreate(ctx context.Context, request schema.TokenWriteCreateRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreate The token create path is used to create new tokens. format: Return json formatted output

func (*Auth) TokenWriteCreateOrphan

func (a *Auth) TokenWriteCreateOrphan(ctx context.Context, request schema.TokenWriteCreateOrphanRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreateOrphan The token create path is used to create new orphan tokens. format: Return json formatted output

func (*Auth) TokenWriteCreateWithRole

func (a *Auth) TokenWriteCreateWithRole(ctx context.Context, roleName string, request schema.TokenWriteCreateWithRoleRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreateWithRole This token create path is used to create new tokens adhering to the given role. roleName: Name of the role format: Return json formatted output

func (*Auth) TokenWriteLookup

func (a *Auth) TokenWriteLookup(ctx context.Context, request schema.TokenWriteLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookup This endpoint will lookup a token and its properties.

func (*Auth) TokenWriteLookupAccessor

func (a *Auth) TokenWriteLookupAccessor(ctx context.Context, request schema.TokenWriteLookupAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookupAccessor This endpoint will lookup a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenWriteLookupSelf

func (a *Auth) TokenWriteLookupSelf(ctx context.Context, request schema.TokenWriteLookupSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookupSelf This endpoint will lookup a token and its properties.

func (*Auth) TokenWriteRole

func (a *Auth) TokenWriteRole(ctx context.Context, roleName string, request schema.TokenWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteRole roleName: Name of the role

func (*Auth) UserpassDeleteUser

func (a *Auth) UserpassDeleteUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassDeleteUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassListUsers

func (a *Auth) UserpassListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassListUsers Manage users allowed to authenticate.

func (*Auth) UserpassLogin

func (a *Auth) UserpassLogin(ctx context.Context, username string, request schema.UserpassLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassLogin Log in with a username and password. username: Username of the user.

func (*Auth) UserpassReadUser

func (a *Auth) UserpassReadUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassReadUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassWriteUser

func (a *Auth) UserpassWriteUser(ctx context.Context, username string, request schema.UserpassWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassWriteUserPassword

func (a *Auth) UserpassWriteUserPassword(ctx context.Context, username string, request schema.UserpassWriteUserPasswordRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUserPassword Reset user's password. username: Username for this user.

func (*Auth) UserpassWriteUserPolicies

func (a *Auth) UserpassWriteUserPolicies(ctx context.Context, username string, request schema.UserpassWriteUserPoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUserPolicies Update the policies associated with the username. username: Username for this user.

type Client

type Client struct {

	// API wrappers
	Auth     Auth
	Identity Identity
	Secrets  Secrets
	System   System
	// contains filtered or unexported fields
}

Client manages communication with Vault, initialize it with vault.New(...)

func New

func New(options ...ClientOption) (*Client, error)

New returns a new client decorated with the given configuration options

func (*Client) ClearCustomHeaders

func (c *Client) ClearCustomHeaders()

ClearsCustomHeaders clears all custom headers from the subsequent requests.

func (*Client) ClearMFACredentials

func (c *Client) ClearMFACredentials()

ClearMFACredentials clears multi-factor authentication credentials from all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) ClearNamespace

func (c *Client) ClearNamespace()

ClearNamespace clears the namespace from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) ClearReplicationForwardingMode

func (c *Client) ClearReplicationForwardingMode()

ReplicationForwardingMode clears the X-Vault-Forward / X-Vault-Inconsistent headers from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) ClearRequestCallbacks

func (c *Client) ClearRequestCallbacks()

ClearRequestCallbacks clears all request callbacks.

func (*Client) ClearResponseCallbacks

func (c *Client) ClearResponseCallbacks()

ClearResponseCallbacks clears all response callbacks.

func (*Client) ClearResponseWrapping

func (c *Client) ClearResponseWrapping()

ClearResponseWrapping clears the response-wrapping header from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) ClearToken

func (c *Client) ClearToken()

ClearToken clears the token for all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Clone

func (c *Client) Clone() *Client

Clone creates a new client with the same configuration, request modifiers, and replication states as the original client. Note that the cloned client will point to the same base http.Client and retryablehttp.Client objects.

func (*Client) Configuration

func (c *Client) Configuration() ClientConfiguration

Configuration returns a copy of the configuration object used to initialize this client

func (*Client) Delete

func (c *Client) Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Delete attempts to permanently delete the value stored at the given Vault path.

func (*Client) DeleteWithParameters

func (c *Client) DeleteWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*Response[map[string]interface{}], error)

Delete attempts to permanently delete the value stored at the given Vault path, adding the given query parameters to the request.

func (*Client) List

func (c *Client) List(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

List attempts to list the keys stored at the given Vault path.

func (*Client) Read

func (c *Client) Read(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Read attempts to read the stored at the given Vault path.

func (*Client) ReadRaw

func (c *Client) ReadRaw(ctx context.Context, path string, options ...RequestOption) (*http.Response, error)

ReadRaw attempts to read the value stored at the given Vault path and returns a raw *http.Response. Compared to Read, this function:

  • does not parse the response
  • does not check the response for errors
  • does not apply the client-level request timeout

func (*Client) ReadRawWithParameters

func (c *Client) ReadRawWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*http.Response, error)

ReadRawWithParameters attempts to read the value stored at the given Vault path (adding the given query parameters to the request) and returns a raw *http.Response. Compared to ReadRawWithParameters, this function:

  • does not parse the response
  • does not check the response for errors
  • does not apply the client-level request timeout

func (*Client) ReadWithParameters

func (c *Client) ReadWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadWithParameters attempts to read the value stored at the given Vault path, adding the given query parameters to the request.

func (*Client) SetCustomHeaders

func (c *Client) SetCustomHeaders(headers http.Header) error

SetCustomHeaders sets custom headers to be used in all subsequent requests. The internal prefix 'X-Vault-' is not permitted for the header keys.

func (*Client) SetMFACredentials

func (c *Client) SetMFACredentials(credentials ...string) error

SetMFACredentials sets multi-factor authentication credentials to be used with all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) SetNamespace

func (c *Client) SetNamespace(namespace string) error

SetNamespace sets the namespace to be used with all subsequent requests. Use an empty string to clear the namespace.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) SetReplicationForwardingMode

func (c *Client) SetReplicationForwardingMode(mode ReplicationForwardingMode)

SetReplicationForwardingMode sets a replication forwarding header for all subsequent requests:

ReplicationForwardNone         - no forwarding header
ReplicationForwardAlways       - 'X-Vault-Forward'
ReplicationForwardInconsistent - 'X-Vault-Inconsistent'

Note: this feature must be enabled in Vault's configuration.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) SetRequestCallbacks

func (c *Client) SetRequestCallbacks(callbacks ...RequestCallback) error

SetRequestCallbacks sets callbacks which will be invoked before each request.

func (*Client) SetResponseCallbacks

func (c *Client) SetResponseCallbacks(callbacks ...ResponseCallback) error

SetResponseCallbacks sets callbacks which will be invoked after each successful response.

func (*Client) SetResponseWrapping

func (c *Client) SetResponseWrapping(ttl time.Duration) error

SetResponseWrapping sets the response-wrapping TTL to the given duration for all subsequent requests, telling Vault to wrap responses and return response-wrapping tokens instead.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) SetToken

func (c *Client) SetToken(token string) error

SetToken sets the token to be used with all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Write

func (c *Client) Write(ctx context.Context, path string, body map[string]interface{}, options ...RequestOption) (*Response[map[string]interface{}], error)

Write attempts to write the given map to the given Vault path.

func (*Client) WriteFromBytes

func (c *Client) WriteFromBytes(ctx context.Context, path string, body []byte, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromBytes attempts to write the given bytes slice to the given Vault path.

func (*Client) WriteFromReader

func (c *Client) WriteFromReader(ctx context.Context, path string, body io.Reader, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromReader attempts to write the given io.Reader data to the given Vault path.

type ClientCertificateEntry

type ClientCertificateEntry struct {
	// FromFile is the path to a PEM-encoded client certificate file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_CERT"`

	// FromBytes is PEM-encoded certificate data.
	// Default: nil
	FromBytes []byte
}

type ClientCertificateKeyEntry

type ClientCertificateKeyEntry struct {
	// FromFile is the path to a PEM-encoded private key file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_KEY"`

	// FromBytes is PEM-encoded private key data.
	// Default: nil
	FromBytes []byte
}

type ClientConfiguration

type ClientConfiguration struct {
	// BaseAddress specifies the Vault server base address in the form of
	// scheme://host:port
	// Default: https://127.0.0.1:8200
	BaseAddress string `env:"VAULT_ADDR,VAULT_AGENT_ADDR"`

	// BaseClient is the HTTP client to use for all API requests.
	// DefaultConfiguration() sets reasonable defaults for the BaseClient and
	// its associated http.Transport. If you must modify Vault's defaults, it
	// is suggested that you start with that client and modify it as needed
	// rather than starting with an empty client or http.DefaultClient.
	BaseClient *http.Client

	// RequestTimeout, given a non-negative value, will apply the timeout to
	// each request function unless an earlier deadline is passed to the
	// request function through context.Context. Note that this timeout is
	// not applicable to client.ReadRaw or client.ReadRawWithParameters.
	// Default: 60s
	RequestTimeout time.Duration `env:"VAULT_CLIENT_TIMEOUT"`

	// TLS is a collection of TLS settings used to configure the internal
	// http.Client.
	TLS TLSConfiguration

	// RetryConfiguration is a collection of settings used to configure the
	// internal go-retryablehttp client.
	RetryConfiguration RetryConfiguration

	// RateLimiter controls how frequently requests are allowed to happen.
	// If this pointer is nil, then there will be no limit set. Note that an
	// empty struct rate.Limiter is equivalent to blocking all requests.
	// Default: nil
	RateLimiter *rate.Limiter `env:"VAULT_RATE_LIMIT"`

	// EnforceReadYourWritesConsistency ensures isolated read-after-write
	// semantics by providing discovered cluster replication states in each
	// request.
	//
	// Background: when running in a cluster, Vault has an eventual consistency
	// model. Only one node (the leader) can write to Vault's storage. Users
	// generally expect read-after-write consistency: in other words, after
	// writing foo=1, a subsequent read of foo should return 1.
	//
	// Setting this to true will enable "Conditional Forwarding" as described in
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations
	//
	// Note: careful consideration should be made prior to enabling this setting
	// since there will be a performance penalty paid upon each request.
	// This feature requires enterprise server-side.
	EnforceReadYourWritesConsistency bool

	// EnableSRVLookup enables the client to look up the Vault server host
	// through DNS SRV lookup. The lookup will happen on each request. The base
	// address' port must be empty for this setting to be respected.
	//
	// Note: this feature is not designed for high availability, just
	// discovery.
	//
	// See https://datatracker.ietf.org/doc/html/draft-andrews-http-srv-02
	// for more information
	EnableSRVLookup bool `env:"VAULT_SRV_LOOKUP"`

	// DisableRedirects prevents the client from automatically following
	// redirects. Any redirect responses will result in `RedirectError` instead.
	//
	// Background: by default, the client follows a single redirect; disabling
	// redirects could cause issues with certain requests, e.g. raft-related
	// calls will fail to redirect to the primary node.
	DisableRedirects bool `env:"VAULT_DISABLE_REDIRECTS"`
	// contains filtered or unexported fields
}

ClientConfiguration is used to configure the creation of the client

func DefaultConfiguration

func DefaultConfiguration() ClientConfiguration

DefaultConfiguration returns the default configuration for the client. It is recommended to start with this configuration and modify it as needed.

type ClientOption

type ClientOption func(*ClientConfiguration) error

ClientOption is a configuration option to initialize a client.

func WithBaseAddress

func WithBaseAddress(address string) ClientOption

WithBaseAddress specifies the Vault server base address in the form of scheme://host:port

Default: https://127.0.0.1:8200

func WithBaseClient

func WithBaseClient(client *http.Client) ClientOption

WithBaseClient sets the HTTP client to use for all API requests. The library sets reasonable defaults for the BaseClient and its associated http.Transport. If you must modify Vault's defaults, it is suggested that you start with DefaultConfiguration().BaseClient and modify it as needed rather than starting with an empty client or http.DefaultClient.

func WithConfiguration

func WithConfiguration(configuration ClientConfiguration) ClientOption

WithConfiguration overwrites the default configuration object with the given one. It is recommended to start with DefaultConfiguration() and modify it as necessary. If only an individual configuration field needs to be modified, consider using other ClientOption functions.

func WithDisableRedirects

func WithDisableRedirects() ClientOption

WithDisableRedirects prevents the client from automatically following redirects. Any redirect responses will result in `RedirectError` instead.

Background: by default, the client follows a single redirect; disabling redirects could cause issues with certain requests, e.g. raft-related calls will fail to redirect to the primary node.

func WithEnableSRVLookup

func WithEnableSRVLookup() ClientOption

WithEnableSRVLookup enables the client to look up the Vault server host through DNS SRV lookup. The lookup will happen on each request. The base address' port must be empty for this setting to be respected.

Note: this feature is not designed for high availability, just discovery.

See https://datatracker.ietf.org/doc/html/draft-andrews-http-srv-02 for more information

func WithEnforceReadYourWritesConsistency

func WithEnforceReadYourWritesConsistency() ClientOption

WithEnforceReadYourWritesConsistency ensures isolated read-after-write semantics by providing discovered cluster replication states in each request.

Background: when running in a cluster, Vault has an eventual consistency model. Only one node (the leader) can write to Vault's storage. Users generally expect read-after-write consistency: in other words, after writing foo=1, a subsequent read of foo should return 1.

Setting this to true will enable "Conditional Forwarding" as described in https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

Note: careful consideration should be made prior to enabling this setting since there will be a performance penalty paid upon each request. This feature requires enterprise server-side.

func WithEnvironment

func WithEnvironment() ClientOption

WithEnvironment populates the client's configuration object with values from environment values. The following environment variables are currently supported:

VAULT_ADDR, VAULT_AGENT_ADDR (vault's address, e.g. https://127.0.0.1:8200/)
VAULT_CLIENT_TIMEOUT         (request timeout)
VAULT_RATE_LIMIT             (rate[:burst] in operations per second)
VAULT_SRV_LOOKUP             (enable DNS SRV lookup)
VAULT_DISABLE_REDIRECTS      (prevents vault client from following redirects)
VAULT_TOKEN                  (the initial authentication token)
VAULT_NAMESPACE              (the initial namespace to use)
VAULT_SKIP_VERIFY            (do not veirfy vault's presented certificate)
VAULT_CACERT                 (PEM-encoded CA certificate file path)
VAULT_CACERT_BYTES           (PEM-encoded CA certificate bytes)
VAULT_CAPATH                 (PEM-encoded CA certificate directory path)
VAULT_CLIENT_CERT            (PEM-encoded client certificate file path)
VAULT_CLIENT_KEY             (PEM-encoded client certificate key file path)
VAULT_TLS_SERVER_NAME        (used to verify the hostname on returned certificates)
VAULT_RETRY_WAIT_MIN         (minimum time to wait before retrying)
VAULT_RETRY_WAIT_MAX         (maximum time to wait before retrying)
VAULT_MAX_RETRIES            (maximum number of retries for certain error codes)

func WithRateLimiter

func WithRateLimiter(limiter *rate.Limiter) ClientOption

WithRateLimiter configures how frequently requests are allowed to happen. If this pointer is nil, then there will be no limit set. Note that an empty struct rate.Limiter is equivalent to blocking all requests.

Default: nil

func WithRequestTimeout

func WithRequestTimeout(timeout time.Duration) ClientOption

WithRequestTimeout, given a non-negative value, will apply the timeout to each request function unless an earlier deadline is passed to the request function through context.Context. Note that this timeout is not applicable to client.ReadRaw(...) or client.ReadRawWithParameters(...).

Default: 60s

func WithRetryConfiguration

func WithRetryConfiguration(configuration RetryConfiguration) ClientOption

WithRetryConfiguration configures the internal go-retryablehttp client. The library sets reasonable defaults for this setting.

func WithTLS

func WithTLS(configuration TLSConfiguration) ClientOption

WithTLS configures the TLS settings in the base http.Client.

type Identity

type Identity struct {
	// contains filtered or unexported fields
}

Identity is a simple wrapper around the client for Identity requests

func (*Identity) AliasDeleteByID

func (a *Identity) AliasDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasDeleteByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) AliasListByID

func (a *Identity) AliasListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasListByID List all the alias IDs.

func (*Identity) AliasReadByID

func (a *Identity) AliasReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasReadByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) AliasWrite

func (a *Identity) AliasWrite(ctx context.Context, request schema.AliasWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasWrite Create a new alias.

func (*Identity) AliasWriteByID

func (a *Identity) AliasWriteByID(ctx context.Context, id string, request schema.AliasWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasWriteByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityBatchDelete

func (a *Identity) EntityBatchDelete(ctx context.Context, request schema.EntityBatchDeleteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityBatchDelete Delete all of the entities provided

func (*Identity) EntityDeleteAliasByID

func (a *Identity) EntityDeleteAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityDeleteByID

func (a *Identity) EntityDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityDeleteByName

func (a *Identity) EntityDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) EntityListAliasesByID

func (a *Identity) EntityListAliasesByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListAliasesByID List all the alias IDs.

func (*Identity) EntityListByID

func (a *Identity) EntityListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListByID List all the entity IDs

func (*Identity) EntityListByName

func (a *Identity) EntityListByName(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListByName List all the entity names

func (*Identity) EntityLookup

func (a *Identity) EntityLookup(ctx context.Context, request schema.EntityLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityLookup Query entities based on various properties.

func (*Identity) EntityMerge

func (a *Identity) EntityMerge(ctx context.Context, request schema.EntityMergeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityMerge Merge two or more entities together

func (*Identity) EntityReadAliasByID

func (a *Identity) EntityReadAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityReadByID

func (a *Identity) EntityReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityReadByName

func (a *Identity) EntityReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) EntityWrite

func (a *Identity) EntityWrite(ctx context.Context, request schema.EntityWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWrite Create a new entity

func (*Identity) EntityWriteAlias

func (a *Identity) EntityWriteAlias(ctx context.Context, request schema.EntityWriteAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteAlias Create a new alias.

func (*Identity) EntityWriteAliasByID

func (a *Identity) EntityWriteAliasByID(ctx context.Context, id string, request schema.EntityWriteAliasByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityWriteByID

func (a *Identity) EntityWriteByID(ctx context.Context, id string, request schema.EntityWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityWriteByName

func (a *Identity) EntityWriteByName(ctx context.Context, name string, request schema.EntityWriteByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) GroupDeleteAliasByID

func (a *Identity) GroupDeleteAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteAliasByID id: ID of the group alias.

func (*Identity) GroupDeleteByID

func (a *Identity) GroupDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupDeleteByName

func (a *Identity) GroupDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteByName name: Name of the group.

func (*Identity) GroupListAliasesByID

func (a *Identity) GroupListAliasesByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListAliasesByID List all the group alias IDs.

func (*Identity) GroupListByID

func (a *Identity) GroupListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListByID List all the group IDs.

func (*Identity) GroupListByName

func (a *Identity) GroupListByName(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListByName

func (*Identity) GroupLookup

func (a *Identity) GroupLookup(ctx context.Context, request schema.GroupLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupLookup Query groups based on various properties.

func (*Identity) GroupReadAliasByID

func (a *Identity) GroupReadAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadAliasByID id: ID of the group alias.

func (*Identity) GroupReadByID

func (a *Identity) GroupReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupReadByName

func (a *Identity) GroupReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadByName name: Name of the group.

func (*Identity) GroupWrite

func (a *Identity) GroupWrite(ctx context.Context, request schema.GroupWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWrite Create a new group.

func (*Identity) GroupWriteAlias

func (a *Identity) GroupWriteAlias(ctx context.Context, request schema.GroupWriteAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteAlias Creates a new group alias, or updates an existing one.

func (*Identity) GroupWriteAliasByID

func (a *Identity) GroupWriteAliasByID(ctx context.Context, id string, request schema.GroupWriteAliasByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteAliasByID id: ID of the group alias.

func (*Identity) GroupWriteByID

func (a *Identity) GroupWriteByID(ctx context.Context, id string, request schema.GroupWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupWriteByName

func (a *Identity) GroupWriteByName(ctx context.Context, name string, request schema.GroupWriteByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteByName name: Name of the group.

func (*Identity) MFADeleteLoginEnforcement

func (a *Identity) MFADeleteLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFADeleteLoginEnforcement Delete a login enforcement name: Name for this login enforcement configuration

func (*Identity) MFAListLoginEnforcements

func (a *Identity) MFAListLoginEnforcements(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAListLoginEnforcements List login enforcements

func (*Identity) MFAMethodAdminDestroyTOTP

func (a *Identity) MFAMethodAdminDestroyTOTP(ctx context.Context, request schema.MFAMethodAdminDestroyTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodAdminDestroyTOTP Destroys a TOTP secret for the given MFA method ID on the given entity

func (*Identity) MFAMethodAdminGenerateTOTP

func (a *Identity) MFAMethodAdminGenerateTOTP(ctx context.Context, request schema.MFAMethodAdminGenerateTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodAdminGenerateTOTP Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MFAMethodDeleteDuo

func (a *Identity) MFAMethodDeleteDuo(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteDuo Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeleteOkta

func (a *Identity) MFAMethodDeleteOkta(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteOkta Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeletePingID

func (a *Identity) MFAMethodDeletePingID(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeletePingID Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeleteTOTP

func (a *Identity) MFAMethodDeleteTOTP(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteTOTP Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodGenerateTOTP

func (a *Identity) MFAMethodGenerateTOTP(ctx context.Context, request schema.MFAMethodGenerateTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodGenerateTOTP Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MFAMethodList

func (a *Identity) MFAMethodList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodList List MFA method configurations for all MFA methods

func (*Identity) MFAMethodListDuo

func (a *Identity) MFAMethodListDuo(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListDuo List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListOkta

func (a *Identity) MFAMethodListOkta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListOkta List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListPingID

func (a *Identity) MFAMethodListPingID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListPingID List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListTOTP

func (a *Identity) MFAMethodListTOTP(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListTOTP List MFA method configurations for the given MFA method

func (*Identity) MFAMethodRead

func (a *Identity) MFAMethodRead(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodRead Read the current configuration for the given ID regardless of the MFA method type methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadDuo

func (a *Identity) MFAMethodReadDuo(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadDuo Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadOkta

func (a *Identity) MFAMethodReadOkta(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadOkta Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadPingID

func (a *Identity) MFAMethodReadPingID(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadPingID Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadTOTP

func (a *Identity) MFAMethodReadTOTP(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadTOTP Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteDuo

func (a *Identity) MFAMethodWriteDuo(ctx context.Context, methodId string, request schema.MFAMethodWriteDuoRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteDuo Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteOkta

func (a *Identity) MFAMethodWriteOkta(ctx context.Context, methodId string, request schema.MFAMethodWriteOktaRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteOkta Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWritePingID

func (a *Identity) MFAMethodWritePingID(ctx context.Context, methodId string, request schema.MFAMethodWritePingIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWritePingID Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteTOTP

func (a *Identity) MFAMethodWriteTOTP(ctx context.Context, methodId string, request schema.MFAMethodWriteTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteTOTP Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAReadLoginEnforcement

func (a *Identity) MFAReadLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAReadLoginEnforcement Read the current login enforcement name: Name for this login enforcement configuration

func (*Identity) MFAWriteLoginEnforcement

func (a *Identity) MFAWriteLoginEnforcement(ctx context.Context, name string, request schema.MFAWriteLoginEnforcementRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAWriteLoginEnforcement Create or update a login enforcement name: Name for this login enforcement configuration

func (*Identity) OIDCDeleteAssignment

func (a *Identity) OIDCDeleteAssignment(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteAssignment name: Name of the assignment

func (*Identity) OIDCDeleteClient

func (a *Identity) OIDCDeleteClient(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteClient name: Name of the client.

func (*Identity) OIDCDeleteKey

func (a *Identity) OIDCDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCDeleteProvider

func (a *Identity) OIDCDeleteProvider(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteProvider name: Name of the provider

func (*Identity) OIDCDeleteRole

func (a *Identity) OIDCDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCDeleteScope

func (a *Identity) OIDCDeleteScope(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteScope name: Name of the scope

func (*Identity) OIDCIntrospect

func (a *Identity) OIDCIntrospect(ctx context.Context, request schema.OIDCIntrospectRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCIntrospect Verify the authenticity of an OIDC token

func (*Identity) OIDCListAssignments

func (a *Identity) OIDCListAssignments(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListAssignments

func (*Identity) OIDCListClients

func (a *Identity) OIDCListClients(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListClients

func (*Identity) OIDCListKeys

func (a *Identity) OIDCListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListKeys List OIDC keys

func (*Identity) OIDCListProviders

func (a *Identity) OIDCListProviders(ctx context.Context, allowedClientId string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListProviders allowedClientId: Filters the list of OIDC providers to those that allow the given client ID in their set of allowed_client_ids.

func (*Identity) OIDCListRoles

func (a *Identity) OIDCListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListRoles List configured OIDC roles

func (*Identity) OIDCListScopes

func (a *Identity) OIDCListScopes(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListScopes

func (*Identity) OIDCReadAssignment

func (a *Identity) OIDCReadAssignment(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAssignment name: Name of the assignment

func (*Identity) OIDCReadClient

func (a *Identity) OIDCReadClient(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadClient name: Name of the client.

func (*Identity) OIDCReadConfig

func (a *Identity) OIDCReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadConfig OIDC configuration

func (*Identity) OIDCReadKey

func (a *Identity) OIDCReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCReadProvider

func (a *Identity) OIDCReadProvider(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProvider name: Name of the provider

func (*Identity) OIDCReadProviderAuthorize

func (a *Identity) OIDCReadProviderAuthorize(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderAuthorize name: Name of the provider

func (*Identity) OIDCReadProviderUserInfo

func (a *Identity) OIDCReadProviderUserInfo(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderUserInfo name: Name of the provider

func (*Identity) OIDCReadProviderWellKnownKeys

func (a *Identity) OIDCReadProviderWellKnownKeys(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderWellKnownKeys name: Name of the provider

func (*Identity) OIDCReadProviderWellKnownOpenIDConfiguration

func (a *Identity) OIDCReadProviderWellKnownOpenIDConfiguration(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderWellKnownOpenIDConfiguration name: Name of the provider

func (*Identity) OIDCReadRole

func (a *Identity) OIDCReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCReadScope

func (a *Identity) OIDCReadScope(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadScope name: Name of the scope

func (*Identity) OIDCReadToken

func (a *Identity) OIDCReadToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadToken Generate an OIDC token name: Name of the role

func (*Identity) OIDCReadWellKnownKeys

func (a *Identity) OIDCReadWellKnownKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadWellKnownKeys Retrieve public keys

func (*Identity) OIDCReadWellKnownOpenIDConfiguration

func (a *Identity) OIDCReadWellKnownOpenIDConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadWellKnownOpenIDConfiguration Query OIDC configurations

func (*Identity) OIDCRotateKey

func (a *Identity) OIDCRotateKey(ctx context.Context, name string, request schema.OIDCRotateKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCRotateKey Rotate a named OIDC key. name: Name of the key

func (*Identity) OIDCWriteAssignment

func (a *Identity) OIDCWriteAssignment(ctx context.Context, name string, request schema.OIDCWriteAssignmentRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAssignment name: Name of the assignment

func (*Identity) OIDCWriteClient

func (a *Identity) OIDCWriteClient(ctx context.Context, name string, request schema.OIDCWriteClientRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteClient name: Name of the client.

func (*Identity) OIDCWriteConfig

func (a *Identity) OIDCWriteConfig(ctx context.Context, request schema.OIDCWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteConfig OIDC configuration

func (*Identity) OIDCWriteKey

func (a *Identity) OIDCWriteKey(ctx context.Context, name string, request schema.OIDCWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCWriteProvider

func (a *Identity) OIDCWriteProvider(ctx context.Context, name string, request schema.OIDCWriteProviderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProvider name: Name of the provider

func (*Identity) OIDCWriteProviderAuthorize

func (a *Identity) OIDCWriteProviderAuthorize(ctx context.Context, name string, request schema.OIDCWriteProviderAuthorizeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderAuthorize name: Name of the provider

func (*Identity) OIDCWriteProviderToken

func (a *Identity) OIDCWriteProviderToken(ctx context.Context, name string, request schema.OIDCWriteProviderTokenRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderToken name: Name of the provider

func (*Identity) OIDCWriteProviderUserInfo

func (a *Identity) OIDCWriteProviderUserInfo(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderUserInfo name: Name of the provider

func (*Identity) OIDCWriteRole

func (a *Identity) OIDCWriteRole(ctx context.Context, name string, request schema.OIDCWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCWriteScope

func (a *Identity) OIDCWriteScope(ctx context.Context, name string, request schema.OIDCWriteScopeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteScope name: Name of the scope

func (*Identity) PersonaIDDeleteByID

func (a *Identity) PersonaIDDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDDeleteByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaIDReadByID

func (a *Identity) PersonaIDReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDReadByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaIDWriteByID

func (a *Identity) PersonaIDWriteByID(ctx context.Context, id string, request schema.PersonaIDWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDWriteByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaListByID

func (a *Identity) PersonaListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaListByID List all the alias IDs.

func (*Identity) PersonaWrite

func (a *Identity) PersonaWrite(ctx context.Context, request schema.PersonaWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaWrite Create a new alias.

type MFAConstraintAny

type MFAConstraintAny struct {
	Any []MFAMethodID `json:"any"`
}

type MFAMethodID

type MFAMethodID struct {
	Type         string `json:"type"`
	ID           string `json:"id"`
	UsesPasscode bool   `json:"uses_passcode"`
}

type MFARequirement

type MFARequirement struct {
	MFARequestID   string                      `json:"mfa_request_id"`
	MFAConstraints map[string]MFAConstraintAny `json:"mfa_constraints"`
}

type RedirectError

type RedirectError struct {
	// StatusCode is the HTTP status code returned in the response
	StatusCode int

	// Message is the error message
	Message string

	// RedirectLocation is populated with the "Location" header, if set
	RedirectLocation string

	// OriginalRequest is a pointer to the request that caused this error
	OriginalRequest *http.Request
}

RedirectError is the error returned when the client receives a redirect response and either

  1. the redirects are disabled in configuration
  2. more than one redirect was encountered
  3. the redirect response could not be properly parsed

func (*RedirectError) Error

func (e *RedirectError) Error() string

type ReplicationForwardingMode

type ReplicationForwardingMode uint8
const (
	// Setting this mode will clear all forwarding headers
	ReplicationForwardNone ReplicationForwardingMode = iota

	// Setting this mode will add 'X-Vault-Forward' header to all subsequent
	// requests, telling any performance standbys handling the requests to
	// forward them to the active node.
	//
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#unconditional-forwarding-performance-standbys-only
	ReplicationForwardAlways

	// Setting this mode will add 'X-Vault-Inconsistent' header to  all
	// subsequent requests; any performance standbys handling the requests will
	// conditionally forward them to the active node if the state required
	// isn't present on the node receiving this request. This should be used
	// in conjunction with RequireReplicationState(...).
	//
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only
	ReplicationForwardInconsistent
)

type ReplicationState

type ReplicationState struct {
	Cluster         string
	LocalIndex      uint64
	ReplicatedIndex uint64
}

ReplicationState is analogous to the WALState in github.com/vault/sdk

func ParseReplicationState

func ParseReplicationState(raw string, hmacKey []byte) (ReplicationState, error)

ParseReplicationState will parse the raw base64-encoded replication state into its individual components. If an optional hmacKey is provided, it will used to verify the replication state contents. The format of the string (after decoding) is expected to be:

v1:cluster-id-string:local-index:replicated-index:hmac

type RequestCallback

type RequestCallback func(*http.Request)

func RequireReplicationStates

func RequireReplicationStates(states ...string) RequestCallback

RequireReplicationStates returns a request callback that will add request headers to specify the replication states we require of Vault. These states were obtained from the previously-seen response headers captured with RecordReplicationState(...).

https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only

type RequestOption

type RequestOption func(*requestModifiers) error

RequestOption is a functional parameter used to modify a request

func WithCustomHeaders

func WithCustomHeaders(headers http.Header) RequestOption

WithCustomHeaders sets custom headers for the next request; these headers take precedence over the client-level custom headers. The internal prefix 'X-Vault-' is not permitted for the header keys.

func WithMFACredentials

func WithMFACredentials(credentials ...string) RequestOption

WithMFACredentials sets the multi-factor authentication credentials for the next request, it takes precedence over the client-level MFA credentials.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func WithMountPath

func WithMountPath(path string) RequestOption

WithMountPath overwrites the default mount path in client.Auth and client.Secrets requests with the given mount path string.

func WithNamespace

func WithNamespace(namespace string) RequestOption

WithNamespace sets the namespace for the next request; it takes precedence over the client-level namespace. Use an empty string to clear the namespace from the next request.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func WithReplicationForwardingMode

func WithReplicationForwardingMode(mode ReplicationForwardingMode) RequestOption

WithReplicationForwardingMode sets a replication forwarding header to the given value for the next request; it takes precedence over the client-level replication forwarding header.

ReplicationForwardNone         - no forwarding headers
ReplicationForwardAlways       - 'X-Vault-Forward'
ReplicationForwardInconsistent - 'X-Vault-Inconsistent'

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func WithRequestCallbacks

func WithRequestCallbacks(callbacks ...RequestCallback) RequestOption

WithRequestCallbacks sets callbacks which will be invoked before the next request; these take precedence over the client-level request callbacks.

func WithResponseCallbacks

func WithResponseCallbacks(callbacks ...ResponseCallback) RequestOption

WithResponseCallbacks sets callbacks which will be invoked after a successful response within the next request; these take precedence over the client-level response callbacks.

func WithResponseWrapping

func WithResponseWrapping(ttl time.Duration) RequestOption

WithResponseWrapping sets the response-wrapping TTL to the given duration for the next request; it takes precedence over the client-level response-wrapping TTL. A non-zero duration will tell Vault to wrap the response and return a response-wrapping token instead. Set `ttl` to zero to clear the response-wrapping header from the next request.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func WithToken

func WithToken(token string) RequestOption

WithToken sets the token for the next request; it takes precedence over the client-level token.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

type Response

type Response[T any] struct {
	// The request ID that generated this response
	RequestID string `json:"request_id"`

	LeaseID       string `json:"lease_id"`
	LeaseDuration int    `json:"lease_duration"`
	Renewable     bool   `json:"renewable"`

	// Data is the actual contents of the response. The format of the data
	// is arbitrary and is up to the secret backend.
	Data T `json:"data"`

	// Warnings contains any warnings related to the operation. These
	// are not issues that caused the command to fail, but things that the
	// client should be aware of.
	Warnings []string `json:"warnings"`

	// Auth, if non-nil, means that there was authentication information
	// attached to this response.
	Auth *ResponseAuth `json:"auth,omitempty"`

	// WrapInfo, if non-nil, means that the initial response was wrapped in the
	// cubbyhole of the given token (which has a TTL of the given number of
	// seconds)
	WrapInfo *ResponseWrapInfo `json:"wrap_info,omitempty"`
}

Response is the structure returned by the majority of the requests to Vault

func Unwrap

func Unwrap[T any](ctx context.Context, client *Client, wrappingToken string, options ...RequestOption) (*Response[T], error)

Unwrap sends a request with the given wrapping token and returns the original wrapped response.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping

type ResponseAuth

type ResponseAuth struct {
	ClientToken      string            `json:"client_token"`
	Accessor         string            `json:"accessor"`
	Policies         []string          `json:"policies"`
	TokenPolicies    []string          `json:"token_policies"`
	IdentityPolicies []string          `json:"identity_policies"`
	Metadata         map[string]string `json:"metadata"`
	Orphan           bool              `json:"orphan"`
	EntityID         string            `json:"entity_id"`

	LeaseDuration int  `json:"lease_duration"`
	Renewable     bool `json:"renewable"`

	MFARequirement *MFARequirement `json:"mfa_requirement,omitempty"`
}

ResponseAuth contains authentication information if we have it.

type ResponseCallback

type ResponseCallback func(*http.Request, *http.Response)

func RecordReplicationState

func RecordReplicationState(state *string) ResponseCallback

RecordReplicationState returns a response callback that will record the replication state returned by Vault in a response header.

https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only

type ResponseError

type ResponseError struct {
	// StatusCode is the HTTP status code returned in the response
	StatusCode int

	// Errors are the underlying error messages returned in the response body
	Errors []string

	// OriginalRequest is a pointer to the request that caused this error
	OriginalRequest *http.Request
}

ResponseError is the error returned when Vault responds with an HTTP status code outside of the 200 - 399 range. If a request to Vault fails due to a network error, a different error message will be returned.

func (*ResponseError) Error

func (e *ResponseError) Error() string

type ResponseWrapInfo

type ResponseWrapInfo struct {
	Token           string    `json:"token"`
	Accessor        string    `json:"accessor"`
	TTL             int       `json:"ttl"`
	CreationTime    time.Time `json:"creation_time"`
	CreationPath    string    `json:"creation_path"`
	WrappedAccessor string    `json:"wrapped_accessor"`
}

ResponseWrapInfo contains wrapping information if we have it. If what is contained is an authentication token, the accessor for the token will be available in WrappedAccessor.

type RetryConfiguration

type RetryConfiguration struct {
	// RetryWaitMin controls the minimum time to wait before retrying when
	// a 5xx or 412 error occurs.
	// Default: 1000 milliseconds
	RetryWaitMin time.Duration `env:"VAULT_RETRY_WAIT_MIN"`

	// MaxRetryWait controls the maximum time to wait before retrying when
	// a 5xx or 412 error occurs.
	// Default: 1500 milliseconds
	RetryWaitMax time.Duration `env:"VAULT_RETRY_WAIT_MAX"`

	// RetryMax controls the maximum number of times to retry when a 5xx or 412
	// error occurs. Set to -1 to disable retrying.
	// Default: 2 (for a total of three tries)
	RetryMax int `env:"VAULT_MAX_RETRIES"`

	// CheckRetry specifies a policy for handling retries. It is called after
	// each request with the response and error values returned by the http.Client.
	// Default: retryablehttp.DefaultRetryPolicy + retry on 412 responses
	CheckRetry retryablehttp.CheckRetry

	// Backoff specifies a policy for how long to wait between retries.
	// Default: retryablehttp.LinearJitterBackoff
	Backoff retryablehttp.Backoff

	// ErrorHandler specifies the custom error handler to use if any.
	// Default: retryablehttp.PassthroughErrorHandler
	ErrorHandler retryablehttp.ErrorHandler

	// Logger is a custom retryablehttp.Logger or retryablehttp.LeveledLogger.
	// Default: nil
	Logger interface{}
}

RetryConfiguration is a collection of settings used to configure the internal go-retryablehttp client.

type Secrets

type Secrets struct {
	// contains filtered or unexported fields
}

Secrets is a simple wrapper around the client for Secrets requests

func (*Secrets) AWSConfigReadLease

func (a *Secrets) AWSConfigReadLease(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadLease Configure the default lease information for generated credentials.

func (*Secrets) AWSConfigReadRootIAMCredentials

func (a *Secrets) AWSConfigReadRootIAMCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRootIAMCredentials Configure the root credentials that are used to manage IAM.

func (*Secrets) AWSConfigRotateRootIAMCredentials

func (a *Secrets) AWSConfigRotateRootIAMCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigRotateRootIAMCredentials

func (*Secrets) AWSConfigWriteLease

func (a *Secrets) AWSConfigWriteLease(ctx context.Context, request schema.AWSConfigWriteLeaseRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteLease Configure the default lease information for generated credentials.

func (*Secrets) AWSConfigWriteRootIAMCredentials

func (a *Secrets) AWSConfigWriteRootIAMCredentials(ctx context.Context, request schema.AWSConfigWriteRootIAMCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRootIAMCredentials Configure the root credentials that are used to manage IAM.

func (*Secrets) AWSDeleteRole

func (a *Secrets) AWSDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSListRoles

func (a *Secrets) AWSListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoles List the existing roles in this backend

func (*Secrets) AWSReadCredentials

func (a *Secrets) AWSReadCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadCredentials Generate AWS credentials from a specific Vault role.

func (*Secrets) AWSReadRole

func (a *Secrets) AWSReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSReadSecurityTokenService

func (a *Secrets) AWSReadSecurityTokenService(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadSecurityTokenService Generate AWS credentials from a specific Vault role. name: Name of the role

func (*Secrets) AWSWriteCredentials

func (a *Secrets) AWSWriteCredentials(ctx context.Context, request schema.AWSWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteCredentials Generate AWS credentials from a specific Vault role.

func (*Secrets) AWSWriteRole

func (a *Secrets) AWSWriteRole(ctx context.Context, name string, request schema.AWSWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSWriteSecurityTokenService

func (a *Secrets) AWSWriteSecurityTokenService(ctx context.Context, name string, request schema.AWSWriteSecurityTokenServiceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteSecurityTokenService Generate AWS credentials from a specific Vault role. name: Name of the role

func (*Secrets) ActiveDirectoryCheckInLibrary

func (a *Secrets) ActiveDirectoryCheckInLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) ActiveDirectoryCheckInManageLibrary

func (a *Secrets) ActiveDirectoryCheckInManageLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) ActiveDirectoryCheckOutLibrary

func (a *Secrets) ActiveDirectoryCheckOutLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) ActiveDirectoryDeleteConfig

func (a *Secrets) ActiveDirectoryDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryDeleteLibrary

func (a *Secrets) ActiveDirectoryDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryDeleteRole

func (a *Secrets) ActiveDirectoryDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) ActiveDirectoryListLibraries

func (a *Secrets) ActiveDirectoryListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryListLibraries

func (*Secrets) ActiveDirectoryListRoles

func (a *Secrets) ActiveDirectoryListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryListRoles List the name of each role currently stored.

func (*Secrets) ActiveDirectoryReadConfig

func (a *Secrets) ActiveDirectoryReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryReadCredentials

func (a *Secrets) ActiveDirectoryReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadCredentials name: Name of the role

func (*Secrets) ActiveDirectoryReadLibrary

func (a *Secrets) ActiveDirectoryReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadLibrary Read a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryReadLibraryStatus

func (a *Secrets) ActiveDirectoryReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryReadRole

func (a *Secrets) ActiveDirectoryReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) ActiveDirectoryRotateRole

func (a *Secrets) ActiveDirectoryRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryRotateRole name: Name of the static role

func (*Secrets) ActiveDirectoryRotateRoot

func (a *Secrets) ActiveDirectoryRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryRotateRoot

func (*Secrets) ActiveDirectoryWriteConfig

func (a *Secrets) ActiveDirectoryWriteConfig(ctx context.Context, request schema.ActiveDirectoryWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryWriteLibrary

func (a *Secrets) ActiveDirectoryWriteLibrary(ctx context.Context, name string, request schema.ActiveDirectoryWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryWriteRole

func (a *Secrets) ActiveDirectoryWriteRole(ctx context.Context, name string, request schema.ActiveDirectoryWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) AliCloudDeleteConfig

func (a *Secrets) AliCloudDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudDeleteRole

func (a *Secrets) AliCloudDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AliCloudListRoles

func (a *Secrets) AliCloudListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListRoles List the existing roles in this backend.

func (*Secrets) AliCloudReadConfig

func (a *Secrets) AliCloudReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudReadCredentials

func (a *Secrets) AliCloudReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadCredentials Generate an API key or STS credential using the given role's configuration.' name: The name of the role.

func (*Secrets) AliCloudReadRole

func (a *Secrets) AliCloudReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AliCloudWriteConfig

func (a *Secrets) AliCloudWriteConfig(ctx context.Context, request schema.AliCloudWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudWriteRole

func (a *Secrets) AliCloudWriteRole(ctx context.Context, name string, request schema.AliCloudWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AzureDeleteConfig

func (a *Secrets) AzureDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteConfig

func (*Secrets) AzureDeleteRole

func (a *Secrets) AzureDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) AzureListRoles

func (a *Secrets) AzureListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureListRoles List existing roles.

func (*Secrets) AzureReadConfig

func (a *Secrets) AzureReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadConfig

func (*Secrets) AzureReadCredentials

func (a *Secrets) AzureReadCredentials(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadCredentials role: Name of the Vault role

func (*Secrets) AzureReadRole

func (a *Secrets) AzureReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) AzureRotateRoot

func (a *Secrets) AzureRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureRotateRoot

func (*Secrets) AzureWriteConfig

func (a *Secrets) AzureWriteConfig(ctx context.Context, request schema.AzureWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteConfig

func (*Secrets) AzureWriteRole

func (a *Secrets) AzureWriteRole(ctx context.Context, name string, request schema.AzureWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) ConsulDeleteRole

func (a *Secrets) ConsulDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulDeleteRole name: Name of the role.

func (*Secrets) ConsulListRoles

func (a *Secrets) ConsulListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulListRoles

func (*Secrets) ConsulReadAccessConfig

func (a *Secrets) ConsulReadAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadAccessConfig

func (*Secrets) ConsulReadCredentials

func (a *Secrets) ConsulReadCredentials(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadCredentials role: Name of the role.

func (*Secrets) ConsulReadRole

func (a *Secrets) ConsulReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadRole name: Name of the role.

func (*Secrets) ConsulWriteAccessConfig

func (a *Secrets) ConsulWriteAccessConfig(ctx context.Context, request schema.ConsulWriteAccessConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulWriteAccessConfig

func (*Secrets) ConsulWriteRole

func (a *Secrets) ConsulWriteRole(ctx context.Context, name string, request schema.ConsulWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulWriteRole name: Name of the role.

func (*Secrets) CubbyholeDelete

func (a *Secrets) CubbyholeDelete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeDelete Deletes the secret at the specified location. path: Specifies the path of the secret.

func (*Secrets) CubbyholeRead

func (a *Secrets) CubbyholeRead(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeRead Retrieve the secret at the specified location. path: Specifies the path of the secret. list: Return a list if `true`

func (*Secrets) CubbyholeWrite

func (a *Secrets) CubbyholeWrite(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeWrite Store a secret at the specified location. path: Specifies the path of the secret.

func (*Secrets) GoogleCloudDeleteRoleset

func (a *Secrets) GoogleCloudDeleteRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudDeleteStaticAccount

func (a *Secrets) GoogleCloudDeleteStaticAccount(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudKMSDecrypt

func (a *Secrets) GoogleCloudKMSDecrypt(ctx context.Context, key string, request schema.GoogleCloudKMSDecryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDecrypt Decrypt a ciphertext value using a named key key: Name of the key in Vault to use for decryption. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSDeleteConfig

func (a *Secrets) GoogleCloudKMSDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeleteConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSDeleteKey

func (a *Secrets) GoogleCloudKMSDeleteKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeleteKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSDeregisterKey

func (a *Secrets) GoogleCloudKMSDeregisterKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeregisterKey Deregister an existing key in Vault key: Name of the key to deregister in Vault. If the key exists in Google Cloud KMS, it will be left untouched.

func (*Secrets) GoogleCloudKMSEncrypt

func (a *Secrets) GoogleCloudKMSEncrypt(ctx context.Context, key string, request schema.GoogleCloudKMSEncryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSEncrypt Encrypt a plaintext value using a named key key: Name of the key in Vault to use for encryption. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSListKeys

func (a *Secrets) GoogleCloudKMSListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSListKeys List named keys

func (*Secrets) GoogleCloudKMSReadConfig

func (a *Secrets) GoogleCloudKMSReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSReadKey

func (a *Secrets) GoogleCloudKMSReadKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSReadKeyConfig

func (a *Secrets) GoogleCloudKMSReadKeyConfig(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadKeyConfig Configure the key in Vault key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSReadPubkey

func (a *Secrets) GoogleCloudKMSReadPubkey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadPubkey Retrieve the public key associated with the named key key: Name of the key for which to get the public key. This key must already exist in Vault and Google Cloud KMS.

func (*Secrets) GoogleCloudKMSReencrypt

func (a *Secrets) GoogleCloudKMSReencrypt(ctx context.Context, key string, request schema.GoogleCloudKMSReencryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReencrypt Re-encrypt existing ciphertext data to a new version key: Name of the key to use for encryption. This key must already exist in Vault and Google Cloud KMS.

func (*Secrets) GoogleCloudKMSRegisterKey

func (a *Secrets) GoogleCloudKMSRegisterKey(ctx context.Context, key string, request schema.GoogleCloudKMSRegisterKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSRegisterKey Register an existing crypto key in Google Cloud KMS key: Name of the key to register in Vault. This will be the named used to refer to the underlying crypto key when encrypting or decrypting data.

func (*Secrets) GoogleCloudKMSRotateKey

func (a *Secrets) GoogleCloudKMSRotateKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSRotateKey Rotate a crypto key to a new primary version key: Name of the key to rotate. This key must already be registered with Vault and point to a valid Google Cloud KMS crypto key.

func (*Secrets) GoogleCloudKMSSign

func (a *Secrets) GoogleCloudKMSSign(ctx context.Context, key string, request schema.GoogleCloudKMSSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSSign Signs a message or digest using a named key key: Name of the key in Vault to use for signing. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSTrimKey

func (a *Secrets) GoogleCloudKMSTrimKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSTrimKey Delete old crypto key versions from Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSVerify

func (a *Secrets) GoogleCloudKMSVerify(ctx context.Context, key string, request schema.GoogleCloudKMSVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSVerify Verify a signature using a named key key: Name of the key in Vault to use for verification. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSWriteConfig

func (a *Secrets) GoogleCloudKMSWriteConfig(ctx context.Context, request schema.GoogleCloudKMSWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSWriteKey

func (a *Secrets) GoogleCloudKMSWriteKey(ctx context.Context, key string, request schema.GoogleCloudKMSWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSWriteKeyConfig

func (a *Secrets) GoogleCloudKMSWriteKeyConfig(ctx context.Context, key string, request schema.GoogleCloudKMSWriteKeyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteKeyConfig Configure the key in Vault key: Name of the key in Vault.

func (*Secrets) GoogleCloudListRolesets

func (a *Secrets) GoogleCloudListRolesets(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRolesets

func (*Secrets) GoogleCloudListStaticAccounts

func (a *Secrets) GoogleCloudListStaticAccounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListStaticAccounts

func (*Secrets) GoogleCloudReadConfig

func (a *Secrets) GoogleCloudReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadConfig

func (*Secrets) GoogleCloudReadKey

func (a *Secrets) GoogleCloudReadKey(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadRoleset

func (a *Secrets) GoogleCloudReadRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudReadRolesetKey

func (a *Secrets) GoogleCloudReadRolesetKey(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRolesetKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadRolesetToken

func (a *Secrets) GoogleCloudReadRolesetToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRolesetToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadStaticAccount

func (a *Secrets) GoogleCloudReadStaticAccount(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudReadStaticAccountKey

func (a *Secrets) GoogleCloudReadStaticAccountKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccountKey name: Required. Name of the static account.

func (*Secrets) GoogleCloudReadStaticAccountToken

func (a *Secrets) GoogleCloudReadStaticAccountToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccountToken name: Required. Name of the static account.

func (*Secrets) GoogleCloudReadToken

func (a *Secrets) GoogleCloudReadToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudRotateRoleset

func (a *Secrets) GoogleCloudRotateRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRoleset name: Name of the role.

func (*Secrets) GoogleCloudRotateRolesetKey

func (a *Secrets) GoogleCloudRotateRolesetKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRolesetKey name: Name of the role.

func (*Secrets) GoogleCloudRotateRoot

func (a *Secrets) GoogleCloudRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRoot

func (*Secrets) GoogleCloudRotateStaticAccountKey

func (a *Secrets) GoogleCloudRotateStaticAccountKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateStaticAccountKey name: Name of the account.

func (*Secrets) GoogleCloudWriteConfig

func (a *Secrets) GoogleCloudWriteConfig(ctx context.Context, request schema.GoogleCloudWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteConfig

func (*Secrets) GoogleCloudWriteKey

func (a *Secrets) GoogleCloudWriteKey(ctx context.Context, roleset string, request schema.GoogleCloudWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteRoleset

func (a *Secrets) GoogleCloudWriteRoleset(ctx context.Context, name string, request schema.GoogleCloudWriteRolesetRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudWriteRolesetKey

func (a *Secrets) GoogleCloudWriteRolesetKey(ctx context.Context, roleset string, request schema.GoogleCloudWriteRolesetKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRolesetKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteRolesetToken

func (a *Secrets) GoogleCloudWriteRolesetToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRolesetToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteStaticAccount

func (a *Secrets) GoogleCloudWriteStaticAccount(ctx context.Context, name string, request schema.GoogleCloudWriteStaticAccountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudWriteStaticAccountKey

func (a *Secrets) GoogleCloudWriteStaticAccountKey(ctx context.Context, name string, request schema.GoogleCloudWriteStaticAccountKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccountKey name: Required. Name of the static account.

func (*Secrets) GoogleCloudWriteStaticAccountToken

func (a *Secrets) GoogleCloudWriteStaticAccountToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccountToken name: Required. Name of the static account.

func (*Secrets) GoogleCloudWriteToken

func (a *Secrets) GoogleCloudWriteToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteToken roleset: Required. Name of the role set.

func (*Secrets) KVv1Delete

func (a *Secrets) KVv1Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Delete Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret.

func (*Secrets) KVv1Read

func (a *Secrets) KVv1Read(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Read Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret. list: Return a list if `true`

func (*Secrets) KVv1Write

func (a *Secrets) KVv1Write(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Write Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret.

func (*Secrets) KVv2Delete

func (a *Secrets) KVv2Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Delete Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2DeleteMetadata

func (a *Secrets) KVv2DeleteMetadata(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DeleteMetadata Configures settings for the KV store path: Location of the secret.

func (*Secrets) KVv2DeleteVersions

func (a *Secrets) KVv2DeleteVersions(ctx context.Context, path string, request schema.KVv2DeleteVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DeleteVersions Marks one or more versions as deleted in the KV store. path: Location of the secret.

func (*Secrets) KVv2DestroyVersions

func (a *Secrets) KVv2DestroyVersions(ctx context.Context, path string, request schema.KVv2DestroyVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DestroyVersions Permanently removes one or more versions in the KV store path: Location of the secret.

func (*Secrets) KVv2Read

func (a *Secrets) KVv2Read(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Read Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2ReadConfig

func (a *Secrets) KVv2ReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadConfig Read the backend level settings.

func (*Secrets) KVv2ReadMetadata

func (a *Secrets) KVv2ReadMetadata(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadMetadata Configures settings for the KV store path: Location of the secret. list: Return a list if `true`

func (*Secrets) KVv2ReadSubkeys

func (a *Secrets) KVv2ReadSubkeys(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadSubkeys Read the structure of a secret entry from the Key-Value store with the values removed. path: Location of the secret.

func (*Secrets) KVv2UndeleteVersions

func (a *Secrets) KVv2UndeleteVersions(ctx context.Context, path string, request schema.KVv2UndeleteVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2UndeleteVersions Undeletes one or more versions from the KV store. path: Location of the secret.

func (*Secrets) KVv2Write

func (a *Secrets) KVv2Write(ctx context.Context, path string, request schema.KVv2WriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Write Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2WriteConfig

func (a *Secrets) KVv2WriteConfig(ctx context.Context, request schema.KVv2WriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2WriteConfig Configure backend level settings that are applied to every key in the key-value store.

func (*Secrets) KVv2WriteMetadata

func (a *Secrets) KVv2WriteMetadata(ctx context.Context, path string, request schema.KVv2WriteMetadataRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2WriteMetadata Configures settings for the KV store path: Location of the secret.

func (*Secrets) KubernetesDeleteConfig

func (a *Secrets) KubernetesDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteConfig

func (*Secrets) KubernetesDeleteRole

func (a *Secrets) KubernetesDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteRole name: Name of the role

func (*Secrets) KubernetesListRoles

func (a *Secrets) KubernetesListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesListRoles

func (*Secrets) KubernetesReadConfig

func (a *Secrets) KubernetesReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadConfig

func (*Secrets) KubernetesReadRole

func (a *Secrets) KubernetesReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadRole name: Name of the role

func (*Secrets) KubernetesWriteConfig

func (a *Secrets) KubernetesWriteConfig(ctx context.Context, request schema.KubernetesWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteConfig

func (*Secrets) KubernetesWriteCredentials

func (a *Secrets) KubernetesWriteCredentials(ctx context.Context, name string, request schema.KubernetesWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteCredentials name: Name of the Vault role

func (*Secrets) KubernetesWriteRole

func (a *Secrets) KubernetesWriteRole(ctx context.Context, name string, request schema.KubernetesWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteRole name: Name of the role

func (*Secrets) LDAPCheckInLibrary

func (a *Secrets) LDAPCheckInLibrary(ctx context.Context, name string, request schema.LDAPCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) LDAPCheckInManageLibrary

func (a *Secrets) LDAPCheckInManageLibrary(ctx context.Context, name string, request schema.LDAPCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) LDAPCheckOutLibrary

func (a *Secrets) LDAPCheckOutLibrary(ctx context.Context, name string, request schema.LDAPCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) LDAPDeleteConfig

func (a *Secrets) LDAPDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteConfig

func (*Secrets) LDAPDeleteLibrary

func (a *Secrets) LDAPDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) LDAPDeleteRole

func (a *Secrets) LDAPDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteRole name: Name of the role (lowercase)

func (*Secrets) LDAPDeleteStaticRole

func (a *Secrets) LDAPDeleteStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteStaticRole name: Name of the role

func (*Secrets) LDAPListLibraries

func (a *Secrets) LDAPListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListLibraries

func (*Secrets) LDAPListRoles

func (a *Secrets) LDAPListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListRoles

func (*Secrets) LDAPListStaticRoles

func (a *Secrets) LDAPListStaticRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListStaticRoles

func (*Secrets) LDAPReadConfig

func (a *Secrets) LDAPReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadConfig

func (*Secrets) LDAPReadCredentials

func (a *Secrets) LDAPReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadCredentials name: Name of the dynamic role.

func (*Secrets) LDAPReadLibrary

func (a *Secrets) LDAPReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadLibrary Read a library set. name: Name of the set.

func (*Secrets) LDAPReadLibraryStatus

func (a *Secrets) LDAPReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) LDAPReadRole

func (a *Secrets) LDAPReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadRole name: Name of the role (lowercase)

func (*Secrets) LDAPReadStaticCredentials

func (a *Secrets) LDAPReadStaticCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadStaticCredentials name: Name of the static role.

func (*Secrets) LDAPReadStaticRole

func (a *Secrets) LDAPReadStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadStaticRole name: Name of the role

func (*Secrets) LDAPRotateRole

func (a *Secrets) LDAPRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPRotateRole name: Name of the static role

func (*Secrets) LDAPRotateRoot

func (a *Secrets) LDAPRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPRotateRoot

func (*Secrets) LDAPWriteConfig

func (a *Secrets) LDAPWriteConfig(ctx context.Context, request schema.LDAPWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteConfig

func (*Secrets) LDAPWriteLibrary

func (a *Secrets) LDAPWriteLibrary(ctx context.Context, name string, request schema.LDAPWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) LDAPWriteRole

func (a *Secrets) LDAPWriteRole(ctx context.Context, name string, request schema.LDAPWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteRole name: Name of the role (lowercase)

func (*Secrets) LDAPWriteStaticRole

func (a *Secrets) LDAPWriteStaticRole(ctx context.Context, name string, request schema.LDAPWriteStaticRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteStaticRole name: Name of the role

func (*Secrets) MongoDBAtlasDeleteRole

func (a *Secrets) MongoDBAtlasDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasDeleteRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) MongoDBAtlasListRoles

func (a *Secrets) MongoDBAtlasListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasListRoles List the existing roles in this backend

func (*Secrets) MongoDBAtlasReadConfig

func (a *Secrets) MongoDBAtlasReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadConfig Configure the credentials that are used to manage Database Users.

func (*Secrets) MongoDBAtlasReadCredentials

func (a *Secrets) MongoDBAtlasReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadCredentials Generate MongoDB Atlas Programmatic API from a specific Vault role. name: Name of the role

func (*Secrets) MongoDBAtlasReadRole

func (a *Secrets) MongoDBAtlasReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) MongoDBAtlasWriteConfig

func (a *Secrets) MongoDBAtlasWriteConfig(ctx context.Context, request schema.MongoDBAtlasWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteConfig Configure the credentials that are used to manage Database Users.

func (*Secrets) MongoDBAtlasWriteCredentials

func (a *Secrets) MongoDBAtlasWriteCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteCredentials Generate MongoDB Atlas Programmatic API from a specific Vault role. name: Name of the role

func (*Secrets) MongoDBAtlasWriteRole

func (a *Secrets) MongoDBAtlasWriteRole(ctx context.Context, name string, request schema.MongoDBAtlasWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) NomadDeleteAccessConfig

func (a *Secrets) NomadDeleteAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteAccessConfig

func (*Secrets) NomadDeleteLeaseConfig

func (a *Secrets) NomadDeleteLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadDeleteRole

func (a *Secrets) NomadDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteRole name: Name of the role

func (*Secrets) NomadListRoles

func (a *Secrets) NomadListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadListRoles

func (*Secrets) NomadReadAccessConfig

func (a *Secrets) NomadReadAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadAccessConfig

func (*Secrets) NomadReadCredentials

func (a *Secrets) NomadReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadCredentials name: Name of the role

func (*Secrets) NomadReadLeaseConfig

func (a *Secrets) NomadReadLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadReadRole

func (a *Secrets) NomadReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadRole name: Name of the role

func (*Secrets) NomadWriteAccessConfig

func (a *Secrets) NomadWriteAccessConfig(ctx context.Context, request schema.NomadWriteAccessConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteAccessConfig

func (*Secrets) NomadWriteLeaseConfig

func (a *Secrets) NomadWriteLeaseConfig(ctx context.Context, request schema.NomadWriteLeaseConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadWriteRole

func (a *Secrets) NomadWriteRole(ctx context.Context, name string, request schema.NomadWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteRole name: Name of the role

func (*Secrets) OpenLDAPCheckInLibrary

func (a *Secrets) OpenLDAPCheckInLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) OpenLDAPCheckInManageLibrary

func (a *Secrets) OpenLDAPCheckInManageLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) OpenLDAPCheckOutLibrary

func (a *Secrets) OpenLDAPCheckOutLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) OpenLDAPDeleteConfig

func (a *Secrets) OpenLDAPDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteConfig

func (*Secrets) OpenLDAPDeleteLibrary

func (a *Secrets) OpenLDAPDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) OpenLDAPDeleteRole

func (a *Secrets) OpenLDAPDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPDeleteStaticRole

func (a *Secrets) OpenLDAPDeleteStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteStaticRole name: Name of the role

func (*Secrets) OpenLDAPListLibraries

func (a *Secrets) OpenLDAPListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListLibraries

func (*Secrets) OpenLDAPListRoles

func (a *Secrets) OpenLDAPListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListRoles

func (*Secrets) OpenLDAPListStaticRoles

func (a *Secrets) OpenLDAPListStaticRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListStaticRoles

func (*Secrets) OpenLDAPReadConfig

func (a *Secrets) OpenLDAPReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadConfig

func (*Secrets) OpenLDAPReadCredentials

func (a *Secrets) OpenLDAPReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadCredentials name: Name of the dynamic role.

func (*Secrets) OpenLDAPReadLibrary

func (a *Secrets) OpenLDAPReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadLibrary Read a library set. name: Name of the set.

func (*Secrets) OpenLDAPReadLibraryStatus

func (a *Secrets) OpenLDAPReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) OpenLDAPReadRole

func (a *Secrets) OpenLDAPReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPReadStaticCredentials

func (a *Secrets) OpenLDAPReadStaticCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadStaticCredentials name: Name of the static role.

func (*Secrets) OpenLDAPReadStaticRole

func (a *Secrets) OpenLDAPReadStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadStaticRole name: Name of the role

func (*Secrets) OpenLDAPRotateRole

func (a *Secrets) OpenLDAPRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPRotateRole name: Name of the static role

func (*Secrets) OpenLDAPRotateRoot

func (a *Secrets) OpenLDAPRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPRotateRoot

func (*Secrets) OpenLDAPWriteConfig

func (a *Secrets) OpenLDAPWriteConfig(ctx context.Context, request schema.OpenLDAPWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteConfig

func (*Secrets) OpenLDAPWriteLibrary

func (a *Secrets) OpenLDAPWriteLibrary(ctx context.Context, name string, request schema.OpenLDAPWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) OpenLDAPWriteRole

func (a *Secrets) OpenLDAPWriteRole(ctx context.Context, name string, request schema.OpenLDAPWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPWriteStaticRole

func (a *Secrets) OpenLDAPWriteStaticRole(ctx context.Context, name string, request schema.OpenLDAPWriteStaticRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteStaticRole name: Name of the role

func (*Secrets) PKIBundleWrite

func (a *Secrets) PKIBundleWrite(ctx context.Context, request schema.PKIBundleWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIBundleWrite

func (*Secrets) PKIDeleteKey

func (a *Secrets) PKIDeleteKey(ctx context.Context, keyRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIDeleteRole

func (a *Secrets) PKIDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteRole name: Name of the role

func (*Secrets) PKIDeleteRoot

func (a *Secrets) PKIDeleteRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteRoot

func (*Secrets) PKIGenerateRoot

func (a *Secrets) PKIGenerateRoot(ctx context.Context, exported string, request schema.PKIGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIGenerateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIImportKeys

func (a *Secrets) PKIImportKeys(ctx context.Context, request schema.PKIImportKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIImportKeys

func (*Secrets) PKIIssuerIssueRole

func (a *Secrets) PKIIssuerIssueRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerIssueRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerIssueRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuerResignCRLs

func (a *Secrets) PKIIssuerResignCRLs(ctx context.Context, issuerRef string, request schema.PKIIssuerResignCRLsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerResignCRLs issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerRevoke

func (a *Secrets) PKIIssuerRevoke(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerRevoke issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignIntermediate

func (a *Secrets) PKIIssuerSignIntermediate(ctx context.Context, issuerRef string, request schema.PKIIssuerSignIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignIntermediate issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignRevocationList

func (a *Secrets) PKIIssuerSignRevocationList(ctx context.Context, issuerRef string, request schema.PKIIssuerSignRevocationListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignRevocationList issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignRole

func (a *Secrets) PKIIssuerSignRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerSignRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuerSignSelfIssued

func (a *Secrets) PKIIssuerSignSelfIssued(ctx context.Context, issuerRef string, request schema.PKIIssuerSignSelfIssuedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignSelfIssued issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignVerbatim

func (a *Secrets) PKIIssuerSignVerbatim(ctx context.Context, issuerRef string, request schema.PKIIssuerSignVerbatimRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignVerbatim issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignVerbatimRole

func (a *Secrets) PKIIssuerSignVerbatimRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerSignVerbatimRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignVerbatimRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuersGenerateIntermediate

func (a *Secrets) PKIIssuersGenerateIntermediate(ctx context.Context, exported string, request schema.PKIIssuersGenerateIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersGenerateIntermediate exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIIssuersGenerateRoot

func (a *Secrets) PKIIssuersGenerateRoot(ctx context.Context, exported string, request schema.PKIIssuersGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersGenerateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIIssuersList

func (a *Secrets) PKIIssuersList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersList

func (*Secrets) PKIListCerts

func (a *Secrets) PKIListCerts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListCerts

func (*Secrets) PKIListCertsRevoked

func (a *Secrets) PKIListCertsRevoked(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListCertsRevoked

func (*Secrets) PKIListKeys

func (a *Secrets) PKIListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListKeys

func (*Secrets) PKIListRoles

func (a *Secrets) PKIListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListRoles

func (*Secrets) PKIReadAutoTidyConfig

func (a *Secrets) PKIReadAutoTidyConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadAutoTidyConfig

func (*Secrets) PKIReadCA

func (a *Secrets) PKIReadCA(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCA

func (*Secrets) PKIReadCAChain

func (a *Secrets) PKIReadCAChain(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCAChain

func (*Secrets) PKIReadCAPem

func (a *Secrets) PKIReadCAPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCAPem

func (*Secrets) PKIReadCRL

func (a *Secrets) PKIReadCRL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRL

func (*Secrets) PKIReadCRLConfig

func (a *Secrets) PKIReadCRLConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLConfig

func (*Secrets) PKIReadCRLRotate

func (a *Secrets) PKIReadCRLRotate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLRotate

func (*Secrets) PKIReadCRLRotateDelta

func (a *Secrets) PKIReadCRLRotateDelta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLRotateDelta

func (*Secrets) PKIReadCert

func (a *Secrets) PKIReadCert(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCert serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadCertCAChain

func (a *Secrets) PKIReadCertCAChain(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertCAChain

func (*Secrets) PKIReadCertRaw

func (a *Secrets) PKIReadCertRaw(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertRaw serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadCertRawPem

func (a *Secrets) PKIReadCertRawPem(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertRawPem serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadClusterConfig

func (a *Secrets) PKIReadClusterConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadClusterConfig

func (*Secrets) PKIReadDeltaCRL

func (a *Secrets) PKIReadDeltaCRL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadDeltaCRL

func (*Secrets) PKIReadIssuersConfig

func (a *Secrets) PKIReadIssuersConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadIssuersConfig

func (*Secrets) PKIReadKey

func (a *Secrets) PKIReadKey(ctx context.Context, keyRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIReadKeysConfig

func (a *Secrets) PKIReadKeysConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadKeysConfig

func (*Secrets) PKIReadOCSPReq

func (a *Secrets) PKIReadOCSPReq(ctx context.Context, req string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadOCSPReq req: base-64 encoded ocsp request

func (*Secrets) PKIReadRole

func (a *Secrets) PKIReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadRole name: Name of the role

func (*Secrets) PKIReadURLConfig

func (a *Secrets) PKIReadURLConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadURLConfig

func (*Secrets) PKIReplaceRoot

func (a *Secrets) PKIReplaceRoot(ctx context.Context, request schema.PKIReplaceRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReplaceRoot

func (*Secrets) PKIRevoke

func (a *Secrets) PKIRevoke(ctx context.Context, request schema.PKIRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRevoke

func (*Secrets) PKIRevokeWithKey

func (a *Secrets) PKIRevokeWithKey(ctx context.Context, request schema.PKIRevokeWithKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRevokeWithKey

func (*Secrets) PKIRootSignIntermediate

func (a *Secrets) PKIRootSignIntermediate(ctx context.Context, request schema.PKIRootSignIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRootSignIntermediate

func (*Secrets) PKIRootSignSelfIssued

func (a *Secrets) PKIRootSignSelfIssued(ctx context.Context, request schema.PKIRootSignSelfIssuedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRootSignSelfIssued

func (*Secrets) PKIRotateRoot

func (a *Secrets) PKIRotateRoot(ctx context.Context, exported string, request schema.PKIRotateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRotateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKISignRole

func (a *Secrets) PKISignRole(ctx context.Context, role string, request schema.PKISignRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignRole role: The desired role with configuration for this request

func (*Secrets) PKISignVerbatim

func (a *Secrets) PKISignVerbatim(ctx context.Context, request schema.PKISignVerbatimRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignVerbatim

func (*Secrets) PKISignVerbatimRole

func (a *Secrets) PKISignVerbatimRole(ctx context.Context, role string, request schema.PKISignVerbatimRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignVerbatimRole role: The desired role with configuration for this request

func (*Secrets) PKITidy

func (a *Secrets) PKITidy(ctx context.Context, request schema.PKITidyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidy

func (*Secrets) PKITidyCancel

func (a *Secrets) PKITidyCancel(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidyCancel

func (*Secrets) PKITidyStatus

func (a *Secrets) PKITidyStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidyStatus

func (*Secrets) PKIWriteAutoTidyConfig

func (a *Secrets) PKIWriteAutoTidyConfig(ctx context.Context, request schema.PKIWriteAutoTidyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteAutoTidyConfig

func (*Secrets) PKIWriteCAConfig

func (a *Secrets) PKIWriteCAConfig(ctx context.Context, request schema.PKIWriteCAConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCAConfig

func (*Secrets) PKIWriteCRLConfig

func (a *Secrets) PKIWriteCRLConfig(ctx context.Context, request schema.PKIWriteCRLConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCRLConfig

func (*Secrets) PKIWriteCerts

func (a *Secrets) PKIWriteCerts(ctx context.Context, request schema.PKIWriteCertsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCerts

func (*Secrets) PKIWriteClusterConfig

func (a *Secrets) PKIWriteClusterConfig(ctx context.Context, request schema.PKIWriteClusterConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteClusterConfig

func (*Secrets) PKIWriteIntermediateCrossSign

func (a *Secrets) PKIWriteIntermediateCrossSign(ctx context.Context, request schema.PKIWriteIntermediateCrossSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateCrossSign

func (*Secrets) PKIWriteIntermediateGenerate

func (a *Secrets) PKIWriteIntermediateGenerate(ctx context.Context, exported string, request schema.PKIWriteIntermediateGenerateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateGenerate exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIWriteIntermediateSetSigned

func (a *Secrets) PKIWriteIntermediateSetSigned(ctx context.Context, request schema.PKIWriteIntermediateSetSignedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateSetSigned

func (*Secrets) PKIWriteInternalExported

func (a *Secrets) PKIWriteInternalExported(ctx context.Context, request schema.PKIWriteInternalExportedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteInternalExported

func (*Secrets) PKIWriteIssueRole

func (a *Secrets) PKIWriteIssueRole(ctx context.Context, role string, request schema.PKIWriteIssueRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIssueRole role: The desired role with configuration for this request

func (*Secrets) PKIWriteIssuersConfig

func (a *Secrets) PKIWriteIssuersConfig(ctx context.Context, request schema.PKIWriteIssuersConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIssuersConfig

func (*Secrets) PKIWriteKMS

func (a *Secrets) PKIWriteKMS(ctx context.Context, request schema.PKIWriteKMSRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKMS

func (*Secrets) PKIWriteKey

func (a *Secrets) PKIWriteKey(ctx context.Context, keyRef string, request schema.PKIWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIWriteKeysConfig

func (a *Secrets) PKIWriteKeysConfig(ctx context.Context, request schema.PKIWriteKeysConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKeysConfig

func (*Secrets) PKIWriteOCSP

func (a *Secrets) PKIWriteOCSP(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteOCSP

func (*Secrets) PKIWriteRole

func (a *Secrets) PKIWriteRole(ctx context.Context, name string, request schema.PKIWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteRole name: Name of the role

func (*Secrets) PKIWriteURLConfig

func (a *Secrets) PKIWriteURLConfig(ctx context.Context, request schema.PKIWriteURLConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteURLConfig

func (*Secrets) PkiDeleteIssuerRefDerPem

func (a *Secrets) PkiDeleteIssuerRefDerPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiDeleteIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiDeleteJson

func (a *Secrets) PkiDeleteJson(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiDeleteJson

func (*Secrets) PkiReadDelta

func (a *Secrets) PkiReadDelta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDelta

func (*Secrets) PkiReadDeltaPem

func (a *Secrets) PkiReadDeltaPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDeltaPem

func (*Secrets) PkiReadDer

func (a *Secrets) PkiReadDer(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDer

func (*Secrets) PkiReadIssuerRefCrlPemDerDeltaPem

func (a *Secrets) PkiReadIssuerRefCrlPemDerDeltaPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadIssuerRefCrlPemDerDeltaPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiReadIssuerRefDerPem

func (a *Secrets) PkiReadIssuerRefDerPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiReadJson

func (a *Secrets) PkiReadJson(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadJson

func (*Secrets) PkiReadPem

func (a *Secrets) PkiReadPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadPem

func (*Secrets) PkiWriteIssuerRefDerPem

func (a *Secrets) PkiWriteIssuerRefDerPem(ctx context.Context, issuerRef string, request schema.PkiWriteIssuerRefDerPemRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiWriteIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiWriteJson

func (a *Secrets) PkiWriteJson(ctx context.Context, request schema.PkiWriteJsonRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiWriteJson

func (*Secrets) RabbitMQDeleteRole

func (a *Secrets) RabbitMQDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQDeleteRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) RabbitMQListRoles

func (a *Secrets) RabbitMQListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQListRoles Manage the roles that can be created with this backend.

func (*Secrets) RabbitMQReadCredentials

func (a *Secrets) RabbitMQReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadCredentials Request RabbitMQ credentials for a certain role. name: Name of the role.

func (*Secrets) RabbitMQReadLeaseConfig

func (a *Secrets) RabbitMQReadLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadLeaseConfig Configure the lease parameters for generated credentials

func (*Secrets) RabbitMQReadRole

func (a *Secrets) RabbitMQReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) RabbitMQWriteConnectionConfig

func (a *Secrets) RabbitMQWriteConnectionConfig(ctx context.Context, request schema.RabbitMQWriteConnectionConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteConnectionConfig Configure the connection URI, username, and password to talk to RabbitMQ management HTTP API.

func (*Secrets) RabbitMQWriteLeaseConfig

func (a *Secrets) RabbitMQWriteLeaseConfig(ctx context.Context, request schema.RabbitMQWriteLeaseConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteLeaseConfig Configure the lease parameters for generated credentials

func (*Secrets) RabbitMQWriteRole

func (a *Secrets) RabbitMQWriteRole(ctx context.Context, name string, request schema.RabbitMQWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) SSHDeleteCAConfig

func (a *Secrets) SSHDeleteCAConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHDeleteKeys

func (a *Secrets) SSHDeleteKeys(ctx context.Context, keyName string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteKeys Register a shared private key with Vault. keyName: [Required] Name of the key

func (*Secrets) SSHDeleteRole

func (a *Secrets) SSHDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHDeleteZeroAddressConfig

func (a *Secrets) SSHDeleteZeroAddressConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) SSHListRoles

func (a *Secrets) SSHListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHListRoles Manage the 'roles' that can be created with this backend.

func (*Secrets) SSHLookup

func (a *Secrets) SSHLookup(ctx context.Context, request schema.SSHLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHLookup List all the roles associated with the given IP address.

func (*Secrets) SSHReadCAConfig

func (a *Secrets) SSHReadCAConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHReadPublicKey

func (a *Secrets) SSHReadPublicKey(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadPublicKey Retrieve the public key.

func (*Secrets) SSHReadRole

func (a *Secrets) SSHReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHReadZeroAddressConfig

func (a *Secrets) SSHReadZeroAddressConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) SSHSign

func (a *Secrets) SSHSign(ctx context.Context, role string, request schema.SSHSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHSign Request signing an SSH key using a certain role with the provided details. role: The desired role with configuration for this request.

func (*Secrets) SSHVerify

func (a *Secrets) SSHVerify(ctx context.Context, request schema.SSHVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHVerify Validate the OTP provided by Vault SSH Agent.

func (*Secrets) SSHWriteCAConfig

func (a *Secrets) SSHWriteCAConfig(ctx context.Context, request schema.SSHWriteCAConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHWriteCredentials

func (a *Secrets) SSHWriteCredentials(ctx context.Context, role string, request schema.SSHWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteCredentials Creates a credential for establishing SSH connection with the remote host. role: [Required] Name of the role

func (*Secrets) SSHWriteIssue

func (a *Secrets) SSHWriteIssue(ctx context.Context, role string, request schema.SSHWriteIssueRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteIssue role: The desired role with configuration for this request.

func (*Secrets) SSHWriteKeys

func (a *Secrets) SSHWriteKeys(ctx context.Context, keyName string, request schema.SSHWriteKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteKeys Register a shared private key with Vault. keyName: [Required] Name of the key

func (*Secrets) SSHWriteRole

func (a *Secrets) SSHWriteRole(ctx context.Context, role string, request schema.SSHWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHWriteZeroAddressConfig

func (a *Secrets) SSHWriteZeroAddressConfig(ctx context.Context, request schema.SSHWriteZeroAddressConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) TOTPDeleteKey

func (a *Secrets) TOTPDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPDeleteKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TOTPListKeys

func (a *Secrets) TOTPListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPListKeys Manage the keys that can be created with this backend.

func (*Secrets) TOTPReadCode

func (a *Secrets) TOTPReadCode(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPReadCode Request time-based one-time use password or validate a password for a certain key . name: Name of the key.

func (*Secrets) TOTPReadKey

func (a *Secrets) TOTPReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPReadKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TOTPWriteCode

func (a *Secrets) TOTPWriteCode(ctx context.Context, name string, request schema.TOTPWriteCodeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPWriteCode Request time-based one-time use password or validate a password for a certain key . name: Name of the key.

func (*Secrets) TOTPWriteKey

func (a *Secrets) TOTPWriteKey(ctx context.Context, name string, request schema.TOTPWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPWriteKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TerraformDeleteConfig

func (a *Secrets) TerraformDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformDeleteConfig

func (*Secrets) TerraformDeleteRole

func (a *Secrets) TerraformDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformDeleteRole name: Name of the role

func (*Secrets) TerraformListRoles

func (a *Secrets) TerraformListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformListRoles

func (*Secrets) TerraformReadConfig

func (a *Secrets) TerraformReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadConfig

func (*Secrets) TerraformReadCredentials

func (a *Secrets) TerraformReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadCredentials Generate a Terraform Cloud or Enterprise API token from a specific Vault role. name: Name of the role

func (*Secrets) TerraformReadRole

func (a *Secrets) TerraformReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadRole name: Name of the role

func (*Secrets) TerraformRotateRole

func (a *Secrets) TerraformRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformRotateRole name: Name of the team or organization role

func (*Secrets) TerraformWriteConfig

func (a *Secrets) TerraformWriteConfig(ctx context.Context, request schema.TerraformWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteConfig

func (*Secrets) TerraformWriteCredentials

func (a *Secrets) TerraformWriteCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteCredentials Generate a Terraform Cloud or Enterprise API token from a specific Vault role. name: Name of the role

func (*Secrets) TerraformWriteRole

func (a *Secrets) TerraformWriteRole(ctx context.Context, name string, request schema.TerraformWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteRole name: Name of the role

func (*Secrets) TransitBackup

func (a *Secrets) TransitBackup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitBackup Backup the named key name: Name of the key

func (*Secrets) TransitDecrypt

func (a *Secrets) TransitDecrypt(ctx context.Context, name string, request schema.TransitDecryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitDecrypt Decrypt a ciphertext value using a named key name: Name of the key

func (*Secrets) TransitDeleteKey

func (a *Secrets) TransitDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitDeleteKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitEncrypt

func (a *Secrets) TransitEncrypt(ctx context.Context, name string, request schema.TransitEncryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitEncrypt Encrypt a plaintext value or a batch of plaintext blocks using a named key name: Name of the key

func (*Secrets) TransitExport

func (a *Secrets) TransitExport(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitExport Export named encryption or signing key name: Name of the key type_: Type of key to export (encryption-key, signing-key, hmac-key)

func (*Secrets) TransitExportVersion

func (a *Secrets) TransitExportVersion(ctx context.Context, name string, type_ string, version string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitExportVersion Export named encryption or signing key name: Name of the key type_: Type of key to export (encryption-key, signing-key, hmac-key) version: Version of the key

func (*Secrets) TransitGenerateDataKey

func (a *Secrets) TransitGenerateDataKey(ctx context.Context, name string, plaintext string, request schema.TransitGenerateDataKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateDataKey Generate a data key name: The backend key used for encrypting the data key plaintext: \"plaintext\" will return the key in both plaintext and ciphertext; \"wrapped\" will return the ciphertext only.

func (*Secrets) TransitGenerateHMAC

func (a *Secrets) TransitGenerateHMAC(ctx context.Context, name string, request schema.TransitGenerateHMACRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateHMAC Generate an HMAC for input data using the named key name: The key to use for the HMAC function

func (*Secrets) TransitGenerateHMACWithAlgorithm

func (a *Secrets) TransitGenerateHMACWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitGenerateHMACWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateHMACWithAlgorithm Generate an HMAC for input data using the named key name: The key to use for the HMAC function urlalgorithm: Algorithm to use (POST URL parameter)

func (*Secrets) TransitGenerateRandom

func (a *Secrets) TransitGenerateRandom(ctx context.Context, request schema.TransitGenerateRandomRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandom Generate random bytes

func (*Secrets) TransitGenerateRandomSource

func (a *Secrets) TransitGenerateRandomSource(ctx context.Context, source string, request schema.TransitGenerateRandomSourceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandomSource Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\".

func (*Secrets) TransitGenerateRandomSourceBytes

func (a *Secrets) TransitGenerateRandomSourceBytes(ctx context.Context, source string, urlbytes string, request schema.TransitGenerateRandomSourceBytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandomSourceBytes Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\". urlbytes: The number of bytes to generate (POST URL parameter)

func (*Secrets) TransitHash

func (a *Secrets) TransitHash(ctx context.Context, request schema.TransitHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitHash Generate a hash sum for input data

func (*Secrets) TransitHashWithAlgorithm

func (a *Secrets) TransitHashWithAlgorithm(ctx context.Context, urlalgorithm string, request schema.TransitHashWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitHashWithAlgorithm Generate a hash sum for input data urlalgorithm: Algorithm to use (POST URL parameter)

func (*Secrets) TransitImportKey

func (a *Secrets) TransitImportKey(ctx context.Context, name string, request schema.TransitImportKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitImportKey Imports an externally-generated key into a new transit key name: The name of the key

func (*Secrets) TransitImportKeyVersion

func (a *Secrets) TransitImportKeyVersion(ctx context.Context, name string, request schema.TransitImportKeyVersionRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitImportKeyVersion Imports an externally-generated key into an existing imported key name: The name of the key

func (*Secrets) TransitListKeys

func (a *Secrets) TransitListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitListKeys Managed named encryption keys

func (*Secrets) TransitReadCacheConfig

func (a *Secrets) TransitReadCacheConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadCacheConfig Returns the size of the active cache

func (*Secrets) TransitReadConfigKeys

func (a *Secrets) TransitReadConfigKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadConfigKeys Configuration common across all keys

func (*Secrets) TransitReadKey

func (a *Secrets) TransitReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitReadWrappingKey

func (a *Secrets) TransitReadWrappingKey(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadWrappingKey Returns the public key to use for wrapping imported keys

func (*Secrets) TransitRestore

func (a *Secrets) TransitRestore(ctx context.Context, request schema.TransitRestoreRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRestore Restore the named key

func (*Secrets) TransitRestoreKey

func (a *Secrets) TransitRestoreKey(ctx context.Context, name string, request schema.TransitRestoreKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRestoreKey Restore the named key name: If set, this will be the name of the restored key.

func (*Secrets) TransitRewrap

func (a *Secrets) TransitRewrap(ctx context.Context, name string, request schema.TransitRewrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRewrap Rewrap ciphertext name: Name of the key

func (*Secrets) TransitRotateKey

func (a *Secrets) TransitRotateKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRotateKey Rotate named encryption key name: Name of the key

func (*Secrets) TransitSign

func (a *Secrets) TransitSign(ctx context.Context, name string, request schema.TransitSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitSign Generate a signature for input data using the named key name: The key to use

func (*Secrets) TransitSignWithAlgorithm

func (a *Secrets) TransitSignWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitSignWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitSignWithAlgorithm Generate a signature for input data using the named key name: The key to use urlalgorithm: Hash algorithm to use (POST URL parameter)

func (*Secrets) TransitTrimKey

func (a *Secrets) TransitTrimKey(ctx context.Context, name string, request schema.TransitTrimKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitTrimKey Trim key versions of a named key name: Name of the key

func (*Secrets) TransitVerify

func (a *Secrets) TransitVerify(ctx context.Context, name string, request schema.TransitVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitVerify Verify a signature or HMAC for input data created using the named key name: The key to use

func (*Secrets) TransitVerifyWithAlgorithm

func (a *Secrets) TransitVerifyWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitVerifyWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitVerifyWithAlgorithm Verify a signature or HMAC for input data created using the named key name: The key to use urlalgorithm: Hash algorithm to use (POST URL parameter)

func (*Secrets) TransitWriteCacheConfig

func (a *Secrets) TransitWriteCacheConfig(ctx context.Context, request schema.TransitWriteCacheConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteCacheConfig Configures a new cache of the specified size

func (*Secrets) TransitWriteConfigKeys

func (a *Secrets) TransitWriteConfigKeys(ctx context.Context, request schema.TransitWriteConfigKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteConfigKeys Configuration common across all keys

func (*Secrets) TransitWriteKey

func (a *Secrets) TransitWriteKey(ctx context.Context, name string, request schema.TransitWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitWriteKeyConfig

func (a *Secrets) TransitWriteKeyConfig(ctx context.Context, name string, request schema.TransitWriteKeyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteKeyConfig Configure a named encryption key name: Name of the key

func (*Secrets) TransitWriteRandomUrlbytes

func (a *Secrets) TransitWriteRandomUrlbytes(ctx context.Context, urlbytes string, request schema.TransitWriteRandomUrlbytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteRandomUrlbytes Generate random bytes urlbytes: The number of bytes to generate (POST URL parameter)

type ServerCertificateEntry

type ServerCertificateEntry struct {
	// FromFile is the path to a PEM-encoded CA certificate file or bundle.
	// Default: "", takes precedence over 'FromBytes' and 'FromDirectory'.
	FromFile string `env:"VAULT_CACERT"`

	// FromBytes is PEM-encoded CA certificate data.
	// Default: nil, takes precedence over 'FromDirectory'.
	FromBytes []byte `env:"VAULT_CACERT_BYTES"`

	// FromDirectory is the path to a directory populated with PEM-encoded
	// certificates.
	// Default: ""
	FromDirectory string `env:"VAULT_CAPATH"`
}

type System

type System struct {
	// contains filtered or unexported fields
}

System is a simple wrapper around the client for System requests

func (*System) CalculateAuditHash

func (a *System) CalculateAuditHash(ctx context.Context, path string, request schema.CalculateAuditHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CalculateAuditHash The hash of the given string via the given audit backend path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) DeleteAuditDevice

func (a *System) DeleteAuditDevice(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteAuditDevice Disable the audit device at the given path. path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) DeleteAuthMethod

func (a *System) DeleteAuthMethod(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteAuthMethod Disable the auth method at the given auth path path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) DeleteConfigAuditingRequestHeader

func (a *System) DeleteConfigAuditingRequestHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigAuditingRequestHeader Disable auditing of the given request header.

func (*System) DeleteConfigCORS

func (a *System) DeleteConfigCORS(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigCORS Remove any CORS settings.

func (*System) DeleteConfigUIHeader

func (a *System) DeleteConfigUIHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigUIHeader Remove a UI header. header: The name of the header.

func (*System) DeleteGenerateRoot

func (a *System) DeleteGenerateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteGenerateRoot Cancels any in-progress root generation attempt.

func (*System) DeleteGenerateRootAttempt

func (a *System) DeleteGenerateRootAttempt(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteGenerateRootAttempt Cancels any in-progress root generation attempt.

func (*System) DeleteLogger

func (a *System) DeleteLogger(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteLogger Revert a single logger to use log level provided in config. name: The name of the logger to be modified.

func (*System) DeleteLoggers

func (a *System) DeleteLoggers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteLoggers Revert the all loggers to use log level provided in config.

func (*System) DeleteMount

func (a *System) DeleteMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteMount Disable the mount point specified at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) DeletePluginsCatalogByTypeByName

func (a *System) DeletePluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePluginsCatalogByTypeByName Remove the plugin with the given name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) DeletePoliciesACL

func (a *System) DeletePoliciesACL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePoliciesACL Delete the ACL policy with the given name. name: The name of the policy. Example: \"ops\"

func (*System) DeletePoliciesPassword

func (a *System) DeletePoliciesPassword(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePoliciesPassword Delete a password policy. name: The name of the password policy.

func (*System) DeletePolicy

func (a *System) DeletePolicy(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePolicy Delete the policy with the given name. name: The name of the policy. Example: \"ops\"

func (*System) DeleteQuotasRateLimit

func (a *System) DeleteQuotasRateLimit(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteQuotasRateLimit name: Name of the quota rule.

func (*System) DeleteRaw

func (a *System) DeleteRaw(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRaw Delete the key with given path.

func (*System) DeleteRawPath

func (a *System) DeleteRawPath(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRawPath Delete the key with given path.

func (*System) DeleteRekeyBackup

func (a *System) DeleteRekeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyBackup Delete the backup copy of PGP-encrypted unseal keys.

func (*System) DeleteRekeyInit

func (a *System) DeleteRekeyInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyInit Cancels any in-progress rekey. This clears the rekey settings as well as any progress made. This must be called to change the parameters of the rekey. Note: verification is still a part of a rekey. If rekeying is canceled during the verification flow, the current unseal keys remain valid.

func (*System) DeleteRekeyRecoveryKeyBackup

func (a *System) DeleteRekeyRecoveryKeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyRecoveryKeyBackup Allows fetching or deleting the backup of the rotated unseal keys.

func (*System) DeleteRekeyVerify

func (a *System) DeleteRekeyVerify(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyVerify Cancel any in-progress rekey verification operation. This clears any progress made and resets the nonce. Unlike a `DELETE` against `sys/rekey/init`, this only resets the current verification operation, not the entire rekey atttempt.

func (*System) ListConfigUIHeaders

func (a *System) ListConfigUIHeaders(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListConfigUIHeaders Return a list of configured UI headers.

func (*System) ListLeasesLookupPrefix

func (a *System) ListLeasesLookupPrefix(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

ListLeasesLookupPrefix Returns a list of lease ids. prefix: The path to list leases under. Example: \"aws/creds/deploy\"

func (*System) ListPluginsCatalogByType

func (a *System) ListPluginsCatalogByType(ctx context.Context, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPluginsCatalogByType List the plugins in the catalog. type_: The type of the plugin, may be auth, secret, or database

func (*System) ListPoliciesACL

func (a *System) ListPoliciesACL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPoliciesACL List the configured access control policies.

func (*System) ListPoliciesPassword

func (a *System) ListPoliciesPassword(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPoliciesPassword List the existing password policies.

func (*System) ListQuotasRateLimits

func (a *System) ListQuotasRateLimits(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListQuotasRateLimits

func (*System) ListVersionHistory

func (a *System) ListVersionHistory(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListVersionHistory Returns map of historical version change entries

func (*System) MFAValidate

func (a *System) MFAValidate(ctx context.Context, request schema.MFAValidateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAValidate Validates the login for the given MFA methods. Upon successful validation, it returns an auth response containing the client token

func (*System) Monitor

func (a *System) Monitor(ctx context.Context, logFormat string, logLevel string, options ...RequestOption) (*Response[map[string]interface{}], error)

Monitor logFormat: Output format of logs. Supported values are \"standard\" and \"json\". The default is \"standard\". logLevel: Log level to view system logs at. Currently supported values are \"trace\", \"debug\", \"info\", \"warn\", \"error\".

func (*System) PprofRead

func (a *System) PprofRead(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofRead Returns an HTML page listing the available profiles. Returns an HTML page listing the available profiles. This should be mainly accessed via browsers or applications that can render pages.

func (*System) PprofReadAllocs

func (a *System) PprofReadAllocs(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadAllocs Returns a sampling of all past memory allocations. Returns a sampling of all past memory allocations.

func (*System) PprofReadBlock

func (a *System) PprofReadBlock(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadBlock Returns stack traces that led to blocking on synchronization primitives Returns stack traces that led to blocking on synchronization primitives

func (*System) PprofReadCmdline

func (a *System) PprofReadCmdline(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadCmdline Returns the running program's command line. Returns the running program's command line, with arguments separated by NUL bytes.

func (*System) PprofReadGoroutine

func (a *System) PprofReadGoroutine(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadGoroutine Returns stack traces of all current goroutines. Returns stack traces of all current goroutines.

func (*System) PprofReadHeap

func (a *System) PprofReadHeap(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadHeap Returns a sampling of memory allocations of live object. Returns a sampling of memory allocations of live object.

func (*System) PprofReadMutex

func (a *System) PprofReadMutex(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadMutex Returns stack traces of holders of contended mutexes Returns stack traces of holders of contended mutexes

func (*System) PprofReadProfile

func (a *System) PprofReadProfile(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadProfile Returns a pprof-formatted cpu profile payload. Returns a pprof-formatted cpu profile payload. Profiling lasts for duration specified in seconds GET parameter, or for 30 seconds if not specified.

func (*System) PprofReadSymbol

func (a *System) PprofReadSymbol(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadSymbol Returns the program counters listed in the request. Returns the program counters listed in the request.

func (*System) PprofReadThreadcreate

func (a *System) PprofReadThreadcreate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadThreadcreate Returns stack traces that led to the creation of new OS threads Returns stack traces that led to the creation of new OS threads

func (*System) PprofReadTrace

func (a *System) PprofReadTrace(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadTrace Returns the execution trace in binary form. Returns the execution trace in binary form. Tracing lasts for duration specified in seconds GET parameter, or for 1 second if not specified.

func (*System) ReadAuditDevices

func (a *System) ReadAuditDevices(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuditDevices List the enabled audit devices.

func (*System) ReadAuthMethod

func (a *System) ReadAuthMethod(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethod Read the configuration of the auth engine at the given path. path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) ReadAuthMethodTune

func (a *System) ReadAuthMethodTune(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethodTune Reads the given auth path's configuration. This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`. path: Tune the configuration parameters for an auth path.

func (*System) ReadAuthMethods

func (a *System) ReadAuthMethods(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethods List the currently enabled credential backends.

func (*System) ReadConfigAuditingRequestHeader

func (a *System) ReadConfigAuditingRequestHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigAuditingRequestHeader List the information for the given request header.

func (*System) ReadConfigAuditingRequestHeaders

func (a *System) ReadConfigAuditingRequestHeaders(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigAuditingRequestHeaders List the request headers that are configured to be audited.

func (*System) ReadConfigCORS

func (a *System) ReadConfigCORS(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigCORS Return the current CORS settings.

func (*System) ReadConfigStateSanitized

func (a *System) ReadConfigStateSanitized(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigStateSanitized Return a sanitized version of the Vault server configuration. The sanitized output strips configuration values in the storage, HA storage, and seals stanzas, which may contain sensitive values such as API tokens. It also removes any token or secret fields in other stanzas, such as the circonus_api_token from telemetry.

func (*System) ReadConfigUIHeader

func (a *System) ReadConfigUIHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigUIHeader Return the given UI header's configuration header: The name of the header.

func (*System) ReadGenerateRoot

func (a *System) ReadGenerateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadGenerateRoot Read the configuration and progress of the current root generation attempt.

func (*System) ReadGenerateRootAttempt

func (a *System) ReadGenerateRootAttempt(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadGenerateRootAttempt Read the configuration and progress of the current root generation attempt.

func (*System) ReadHAStatus

func (a *System) ReadHAStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHAStatus Check the HA status of a Vault cluster

func (*System) ReadHealth

func (a *System) ReadHealth(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHealth Returns the health status of Vault.

func (*System) ReadHostInfo

func (a *System) ReadHostInfo(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHostInfo Information about the host instance that this Vault server is running on. Information about the host instance that this Vault server is running on. The information that gets collected includes host hardware information, and CPU, disk, and memory utilization

func (*System) ReadInFlightRequests

func (a *System) ReadInFlightRequests(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInFlightRequests reports in-flight requests This path responds to the following HTTP methods. GET / Returns a map of in-flight requests.

func (*System) ReadInit

func (a *System) ReadInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInit Returns the initialization status of Vault.

func (*System) ReadInternalCountersActivity

func (a *System) ReadInternalCountersActivity(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivity Report the client count metrics, for this namespace and all child namespaces.

func (*System) ReadInternalCountersActivityExport

func (a *System) ReadInternalCountersActivityExport(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivityExport Report the client count metrics, for this namespace and all child namespaces.

func (*System) ReadInternalCountersActivityMonthly

func (a *System) ReadInternalCountersActivityMonthly(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivityMonthly Report the number of clients for this month, for this namespace and all child namespaces.

func (*System) ReadInternalCountersConfig

func (a *System) ReadInternalCountersConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersConfig Read the client count tracking configuration.

func (*System) ReadInternalCountersEntities

func (a *System) ReadInternalCountersEntities(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersEntities Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalCountersRequests

func (a *System) ReadInternalCountersRequests(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersRequests Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalCountersTokens

func (a *System) ReadInternalCountersTokens(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersTokens Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalInspectRouter

func (a *System) ReadInternalInspectRouter(ctx context.Context, tag string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalInspectRouter Expose the route entry and mount entry tables present in the router tag: Name of subtree being observed

func (*System) ReadInternalSpecsOpenAPI

func (a *System) ReadInternalSpecsOpenAPI(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalSpecsOpenAPI Generate an OpenAPI 3 document of all mounted paths.

func (*System) ReadInternalUIFeatureFlags

func (a *System) ReadInternalUIFeatureFlags(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIFeatureFlags Lists enabled feature flags.

func (*System) ReadInternalUIMount

func (a *System) ReadInternalUIMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIMount Return information about the given mount. path: The path of the mount.

func (*System) ReadInternalUIMounts

func (a *System) ReadInternalUIMounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIMounts Lists all enabled and visible auth and secrets mounts.

func (*System) ReadInternalUINamespaces

func (a *System) ReadInternalUINamespaces(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUINamespaces Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalUIResultantACL

func (a *System) ReadInternalUIResultantACL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIResultantACL Backwards compatibility is not guaranteed for this API

func (*System) ReadKeyStatus

func (a *System) ReadKeyStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadKeyStatus Provides information about the backend encryption key.

func (*System) ReadLeader

func (a *System) ReadLeader(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeader Returns the high availability status and current leader instance of Vault.

func (*System) ReadLeases

func (a *System) ReadLeases(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeases List leases associated with this Vault cluster

func (*System) ReadLeasesCount

func (a *System) ReadLeasesCount(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeasesCount Count of leases associated with this Vault cluster

func (*System) ReadLogger

func (a *System) ReadLogger(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLogger Read the log level for a single logger. name: The name of the logger to be modified.

func (*System) ReadLoggers

func (a *System) ReadLoggers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLoggers Read the log level for all existing loggers.

func (*System) ReadMetrics

func (a *System) ReadMetrics(ctx context.Context, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMetrics Export the metrics aggregated for telemetry purpose. format: Format to export metrics into. Currently accepts only \"prometheus\".

func (*System) ReadMount

func (a *System) ReadMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMount Read the configuration of the secret engine at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) ReadMounts

func (a *System) ReadMounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMounts List the currently mounted backends.

func (*System) ReadMountsConfig

func (a *System) ReadMountsConfig(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMountsConfig Tune backend configuration parameters for this mount. path: The path to mount to. Example: \"aws/east\"

func (*System) ReadPluginsCatalog

func (a *System) ReadPluginsCatalog(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPluginsCatalog Lists all the plugins known to Vault

func (*System) ReadPluginsCatalogByTypeByName

func (a *System) ReadPluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPluginsCatalogByTypeByName Return the configuration data for the plugin with the given name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) ReadPolicies

func (a *System) ReadPolicies(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPolicies List the configured access control policies. list: Return a list if `true`

func (*System) ReadPoliciesACL

func (a *System) ReadPoliciesACL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesACL Retrieve information about the named ACL policy. name: The name of the policy. Example: \"ops\"

func (*System) ReadPoliciesPassword

func (a *System) ReadPoliciesPassword(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesPassword Retrieve an existing password policy. name: The name of the password policy.

func (*System) ReadPoliciesPasswordGenerate

func (a *System) ReadPoliciesPasswordGenerate(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesPasswordGenerate Generate a password from an existing password policy. name: The name of the password policy.

func (*System) ReadPolicy

func (a *System) ReadPolicy(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPolicy Retrieve the policy body for the named policy. name: The name of the policy. Example: \"ops\"

func (*System) ReadQuotasConfig

func (a *System) ReadQuotasConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadQuotasConfig

func (*System) ReadQuotasRateLimit

func (a *System) ReadQuotasRateLimit(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadQuotasRateLimit name: Name of the quota rule.

func (*System) ReadRaw

func (a *System) ReadRaw(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRaw Read the value of the key at the given path. list: Return a list if `true`

func (*System) ReadRawPath

func (a *System) ReadRawPath(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRawPath Read the value of the key at the given path. list: Return a list if `true`

func (*System) ReadRekeyBackup

func (a *System) ReadRekeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyBackup Return the backup copy of PGP-encrypted unseal keys.

func (*System) ReadRekeyInit

func (a *System) ReadRekeyInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyInit Reads the configuration and progress of the current rekey attempt.

func (*System) ReadRekeyRecoveryKeyBackup

func (a *System) ReadRekeyRecoveryKeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyRecoveryKeyBackup Allows fetching or deleting the backup of the rotated unseal keys.

func (*System) ReadRekeyVerify

func (a *System) ReadRekeyVerify(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyVerify Read the configuration and progress of the current rekey verification attempt.

func (*System) ReadRemountStatus

func (a *System) ReadRemountStatus(ctx context.Context, migrationId string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRemountStatus Check status of a mount migration migrationId: The ID of the migration operation

func (*System) ReadReplicationStatus

func (a *System) ReadReplicationStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadReplicationStatus

func (*System) ReadRotateConfig

func (a *System) ReadRotateConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRotateConfig

func (*System) ReadSealStatus

func (a *System) ReadSealStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadSealStatus Check the seal status of a Vault.

func (*System) Remount

func (a *System) Remount(ctx context.Context, request schema.RemountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Remount Initiate a mount migration

func (*System) Renew

func (a *System) Renew(ctx context.Context, request schema.RenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Renew Renews a lease, requesting to extend the lease.

func (*System) RenewFor

func (a *System) RenewFor(ctx context.Context, urlLeaseId string, request schema.RenewForRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RenewFor Renews a lease, requesting to extend the lease. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) Revoke

func (a *System) Revoke(ctx context.Context, request schema.RevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Revoke Revokes a lease immediately.

func (*System) RevokeForce

func (a *System) RevokeForce(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokeForce Revokes all secrets or tokens generated under a given prefix immediately Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) RevokeLease

func (a *System) RevokeLease(ctx context.Context, urlLeaseId string, request schema.RevokeLeaseRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokeLease Revokes a lease immediately. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) RevokePrefix

func (a *System) RevokePrefix(ctx context.Context, prefix string, request schema.RevokePrefixRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokePrefix Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) Rotate

func (a *System) Rotate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

Rotate Rotates the backend encryption key used to persist data.

func (*System) Seal

func (a *System) Seal(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

Seal Seal the Vault.

func (*System) StepDownLeader

func (a *System) StepDownLeader(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

StepDownLeader Cause the node to give up active status. This endpoint forces the node to give up active status. If the node does not have active status, this endpoint does nothing. Note that the node will sleep for ten seconds before attempting to grab the active lock again, but if no standby nodes grab the active lock in the interim, the same node may become the active node again.

func (*System) SysDeletePluginsCatalogName

func (a *System) SysDeletePluginsCatalogName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysDeletePluginsCatalogName Remove the plugin with the given name. name: The name of the plugin

func (*System) SysListLeasesLookup

func (a *System) SysListLeasesLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SysListLeasesLookup Returns a list of lease ids.

func (*System) SysReadPluginsCatalogName

func (a *System) SysReadPluginsCatalogName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysReadPluginsCatalogName Return the configuration data for the plugin with the given name. name: The name of the plugin

func (*System) SysWriteLockedusersMountAccessorUnlockAliasIdentifier

func (a *System) SysWriteLockedusersMountAccessorUnlockAliasIdentifier(ctx context.Context, aliasIdentifier string, mountAccessor string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWriteLockedusersMountAccessorUnlockAliasIdentifier Unlocks the user with given mount_accessor and alias_identifier aliasIdentifier: It is the name of the alias (user). For example, if the alias belongs to userpass backend, the name should be a valid username within userpass auth method. If the alias belongs to an approle auth method, the name should be a valid RoleID mountAccessor: MountAccessor is the identifier of the mount entry to which the user belongs

func (*System) SysWritePluginsCatalogName

func (a *System) SysWritePluginsCatalogName(ctx context.Context, name string, request schema.SysWritePluginsCatalogNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWritePluginsCatalogName Register a new plugin, or updates an existing one with the supplied name. name: The name of the plugin

func (*System) SysWriteToolsRandomUrlbytes

func (a *System) SysWriteToolsRandomUrlbytes(ctx context.Context, urlbytes string, request schema.SysWriteToolsRandomUrlbytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWriteToolsRandomUrlbytes Generate random bytes urlbytes: The number of bytes to generate (POST URL parameter)

func (*System) ToolsGenerateRandom

func (a *System) ToolsGenerateRandom(ctx context.Context, request schema.ToolsGenerateRandomRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandom Generate random bytes

func (*System) ToolsGenerateRandomSource

func (a *System) ToolsGenerateRandomSource(ctx context.Context, source string, request schema.ToolsGenerateRandomSourceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandomSource Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\".

func (*System) ToolsGenerateRandomSourceBytes

func (a *System) ToolsGenerateRandomSourceBytes(ctx context.Context, source string, urlbytes string, request schema.ToolsGenerateRandomSourceBytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandomSourceBytes Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\". urlbytes: The number of bytes to generate (POST URL parameter)

func (*System) ToolsHash

func (a *System) ToolsHash(ctx context.Context, request schema.ToolsHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsHash Generate a hash sum for input data

func (*System) ToolsHashWith

func (a *System) ToolsHashWith(ctx context.Context, urlalgorithm string, request schema.ToolsHashWithRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsHashWith Generate a hash sum for input data urlalgorithm: Algorithm to use (POST URL parameter)

func (*System) Unseal

func (a *System) Unseal(ctx context.Context, request schema.UnsealRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Unseal Unseal the Vault.

func (*System) WrappingReadLookup

func (a *System) WrappingReadLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingReadLookup Look up wrapping properties for the requester's token.

func (*System) WrappingRewrap

func (a *System) WrappingRewrap(ctx context.Context, request schema.WrappingRewrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingRewrap Rotates a response-wrapped token.

func (*System) WrappingUnwrap

func (a *System) WrappingUnwrap(ctx context.Context, request schema.WrappingUnwrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingUnwrap Unwraps a response-wrapped token.

func (*System) WrappingWrap

func (a *System) WrappingWrap(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingWrap Response-wraps an arbitrary JSON object.

func (*System) WrappingWriteLookup

func (a *System) WrappingWriteLookup(ctx context.Context, request schema.WrappingWriteLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingWriteLookup Look up wrapping properties for the given token.

func (*System) WriteAuditDevice

func (a *System) WriteAuditDevice(ctx context.Context, path string, request schema.WriteAuditDeviceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuditDevice Enable a new audit device at the supplied path. path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) WriteAuthMethod

func (a *System) WriteAuthMethod(ctx context.Context, path string, request schema.WriteAuthMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuthMethod Enables a new auth method. After enabling, the auth method can be accessed and configured via the auth path specified as part of the URL. This auth path will be nested under the auth prefix. For example, enable the \"foo\" auth method will make it accessible at /auth/foo. path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) WriteAuthMethodTune

func (a *System) WriteAuthMethodTune(ctx context.Context, path string, request schema.WriteAuthMethodTuneRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuthMethodTune Tune configuration parameters for a given auth path. This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`. path: Tune the configuration parameters for an auth path.

func (*System) WriteCapabilities

func (a *System) WriteCapabilities(ctx context.Context, request schema.WriteCapabilitiesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilities Fetches the capabilities of the given token on the given path.

func (*System) WriteCapabilitiesAccessor

func (a *System) WriteCapabilitiesAccessor(ctx context.Context, request schema.WriteCapabilitiesAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilitiesAccessor Fetches the capabilities of the token associated with the given token, on the given path.

func (*System) WriteCapabilitiesSelf

func (a *System) WriteCapabilitiesSelf(ctx context.Context, request schema.WriteCapabilitiesSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilitiesSelf Fetches the capabilities of the given token on the given path.

func (*System) WriteConfigAuditingRequestHeader

func (a *System) WriteConfigAuditingRequestHeader(ctx context.Context, header string, request schema.WriteConfigAuditingRequestHeaderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigAuditingRequestHeader Enable auditing of a header.

func (*System) WriteConfigCORS

func (a *System) WriteConfigCORS(ctx context.Context, request schema.WriteConfigCORSRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigCORS Configure the CORS settings.

func (*System) WriteConfigReloadSubsystem

func (a *System) WriteConfigReloadSubsystem(ctx context.Context, subsystem string, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigReloadSubsystem Reload the given subsystem

func (*System) WriteConfigUIHeader

func (a *System) WriteConfigUIHeader(ctx context.Context, header string, request schema.WriteConfigUIHeaderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigUIHeader Configure the values to be returned for the UI header. header: The name of the header.

func (*System) WriteGenerateRoot

func (a *System) WriteGenerateRoot(ctx context.Context, request schema.WriteGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRoot Initializes a new root generation attempt. Only a single root generation attempt can take place at a time. One (and only one) of otp or pgp_key are required.

func (*System) WriteGenerateRootAttempt

func (a *System) WriteGenerateRootAttempt(ctx context.Context, request schema.WriteGenerateRootAttemptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRootAttempt Initializes a new root generation attempt. Only a single root generation attempt can take place at a time. One (and only one) of otp or pgp_key are required.

func (*System) WriteGenerateRootUpdate

func (a *System) WriteGenerateRootUpdate(ctx context.Context, request schema.WriteGenerateRootUpdateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRootUpdate Enter a single unseal key share to progress the root generation attempt. If the threshold number of unseal key shares is reached, Vault will complete the root generation and issue the new token. Otherwise, this API must be called multiple times until that threshold is met. The attempt nonce must be provided with each call.

func (*System) WriteInit

func (a *System) WriteInit(ctx context.Context, request schema.WriteInitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteInit Initialize a new Vault. The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM.

func (*System) WriteInternalCountersConfig

func (a *System) WriteInternalCountersConfig(ctx context.Context, request schema.WriteInternalCountersConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteInternalCountersConfig Enable or disable collection of client count, set retention period, or set default reporting period.

func (*System) WriteLeasesLookup

func (a *System) WriteLeasesLookup(ctx context.Context, request schema.WriteLeasesLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesLookup Retrieve lease metadata.

func (*System) WriteLeasesRenew

func (a *System) WriteLeasesRenew(ctx context.Context, request schema.WriteLeasesRenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRenew Renews a lease, requesting to extend the lease.

func (*System) WriteLeasesRenew2

func (a *System) WriteLeasesRenew2(ctx context.Context, urlLeaseId string, request schema.WriteLeasesRenew2Request, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRenew2 Renews a lease, requesting to extend the lease. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) WriteLeasesRevoke

func (a *System) WriteLeasesRevoke(ctx context.Context, request schema.WriteLeasesRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevoke Revokes a lease immediately.

func (*System) WriteLeasesRevoke2

func (a *System) WriteLeasesRevoke2(ctx context.Context, urlLeaseId string, request schema.WriteLeasesRevoke2Request, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevoke2 Revokes a lease immediately. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) WriteLeasesRevokeForce

func (a *System) WriteLeasesRevokeForce(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevokeForce Revokes all secrets or tokens generated under a given prefix immediately Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) WriteLeasesRevokePrefix

func (a *System) WriteLeasesRevokePrefix(ctx context.Context, prefix string, request schema.WriteLeasesRevokePrefixRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevokePrefix Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) WriteLeasesTidy

func (a *System) WriteLeasesTidy(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesTidy This endpoint performs cleanup tasks that can be run if certain error conditions have occurred.

func (*System) WriteLogger

func (a *System) WriteLogger(ctx context.Context, name string, request schema.WriteLoggerRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLogger Modify the log level of a single logger. name: The name of the logger to be modified.

func (*System) WriteLoggers

func (a *System) WriteLoggers(ctx context.Context, request schema.WriteLoggersRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLoggers Modify the log level for all existing loggers.

func (*System) WriteMount

func (a *System) WriteMount(ctx context.Context, path string, request schema.WriteMountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteMount Enable a new secrets engine at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) WriteMountsConfig

func (a *System) WriteMountsConfig(ctx context.Context, path string, request schema.WriteMountsConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteMountsConfig Tune backend configuration parameters for this mount. path: The path to mount to. Example: \"aws/east\"

func (*System) WritePluginsCatalogByTypeByName

func (a *System) WritePluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, request schema.WritePluginsCatalogByTypeByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePluginsCatalogByTypeByName Register a new plugin, or updates an existing one with the supplied name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) WritePluginsReloadBackend

func (a *System) WritePluginsReloadBackend(ctx context.Context, request schema.WritePluginsReloadBackendRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePluginsReloadBackend Reload mounted plugin backends. Either the plugin name (`plugin`) or the desired plugin backend mounts (`mounts`) must be provided, but not both. In the case that the plugin name is provided, all mounted paths that use that plugin backend will be reloaded. If (`scope`) is provided and is (`global`), the plugin(s) are reloaded globally.

func (*System) WritePoliciesACL

func (a *System) WritePoliciesACL(ctx context.Context, name string, request schema.WritePoliciesACLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePoliciesACL Add a new or update an existing ACL policy. name: The name of the policy. Example: \"ops\"

func (*System) WritePoliciesPassword

func (a *System) WritePoliciesPassword(ctx context.Context, name string, request schema.WritePoliciesPasswordRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePoliciesPassword Add a new or update an existing password policy. name: The name of the password policy.

func (*System) WritePolicy

func (a *System) WritePolicy(ctx context.Context, name string, request schema.WritePolicyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePolicy Add a new or update an existing policy. name: The name of the policy. Example: \"ops\"

func (*System) WriteQuotasConfig

func (a *System) WriteQuotasConfig(ctx context.Context, request schema.WriteQuotasConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteQuotasConfig

func (*System) WriteQuotasRateLimit

func (a *System) WriteQuotasRateLimit(ctx context.Context, name string, request schema.WriteQuotasRateLimitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteQuotasRateLimit name: Name of the quota rule.

func (*System) WriteRaw

func (a *System) WriteRaw(ctx context.Context, request schema.WriteRawRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRaw Update the value of the key at the given path.

func (*System) WriteRawPath

func (a *System) WriteRawPath(ctx context.Context, path string, request schema.WriteRawPathRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRawPath Update the value of the key at the given path.

func (*System) WriteRekeyInit

func (a *System) WriteRekeyInit(ctx context.Context, request schema.WriteRekeyInitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyInit Initializes a new rekey attempt. Only a single rekey attempt can take place at a time, and changing the parameters of a rekey requires canceling and starting a new rekey, which will also provide a new nonce.

func (*System) WriteRekeyUpdate

func (a *System) WriteRekeyUpdate(ctx context.Context, request schema.WriteRekeyUpdateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyUpdate Enter a single unseal key share to progress the rekey of the Vault.

func (*System) WriteRekeyVerify

func (a *System) WriteRekeyVerify(ctx context.Context, request schema.WriteRekeyVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyVerify Enter a single new key share to progress the rekey verification operation.

func (*System) WriteRotateConfig

func (a *System) WriteRotateConfig(ctx context.Context, request schema.WriteRotateConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRotateConfig

type TLSConfiguration

type TLSConfiguration struct {
	// ServerCertificate is a PEM-encoded CA certificate, which  the client
	// will use to verify the Vault server TLS certificate. It can be sourced
	// from a file, from a directory or from raw bytes.
	ServerCertificate ServerCertificateEntry

	// ClientCertificate is a PEM-encoded client certificate (signed by a CA or
	// self-signed), which is used to authenticate with Vault via the cert auth
	// method (see https://developer.hashicorp.com/vault/docs/auth/cert)
	ClientCertificate ClientCertificateEntry

	// ClientCertificateKey is a private key, which is used together with
	// ClientCertificate to authenticate with Vault via the cert auth method
	// (see https://developer.hashicorp.com/vault/docs/auth/cert)
	// Default: ""
	ClientCertificateKey ClientCertificateKeyEntry

	// ServerName is used to verify the hostname on the returned certificates
	// unless InsecureSkipVerify is given.
	// Default: ""
	ServerName string `env:"VAULT_TLS_SERVER_NAME"`

	// InsecureSkipVerify controls whether the client verifies the server's
	// certificate chain and hostname.
	// Default: false
	InsecureSkipVerify bool `env:"VAULT_SKIP_VERIFY"`
}

TLSConfiguration is a collection of TLS settings used to configure the internal http.Client.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL