vault

package module
v0.1.0-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2023 License: MPL-2.0 Imports: 32 Imported by: 97

README

[EXPERIMENTAL] Go Client for HashiCorp Vault

A simple client library generated from OpenAPI specification file to interact with HashiCorp Vault.

Warning: This library is currently marked as EXPERIMENTAL. Please try it out and give us feedback! Please do not use it in production.

Warning: The openapi.json file included in this repository is NOT the official Vault OpenAPI specification.

Contents

  1. Installation
  2. Examples
  3. Building the Library
  4. Under Development
  5. Documentation for API Endpoints

Installation

go get github.com/hashicorp/vault-client-go

Examples

Getting Started

Here is a simple example of using the library to read and write your first secret. For the sake of simplicity, we are authenticating with a root token. This example works with a Vault server running in -dev mode:

vault server -dev -dev-root-token-id="my-token"

package main

import (
	"context"
	"log"
	"time"

	"github.com/hashicorp/vault-client-go"
	"github.com/hashicorp/vault-client-go/schema"
)

func main() {
	ctx := context.Background()

	// prepare a client with the given base address
	client, err := vault.New(
		vault.WithBaseAddress("http://127.0.0.1:8200"),
		vault.WithRequestTimeout(30*time.Second),
	)
	if err != nil {
		log.Fatal(err)
	}

	// authenticate with a root token (insecure)
	if err := client.SetToken("my-token"); err != nil {
		log.Fatal(err)
	}

	// write a secret
	_, err = client.Secrets.KVv2Write(ctx, "my-secret", schema.KVv2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		},
	})
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret written successfully")

	// read a secret
	s, err := client.Secrets.KVv2Read(ctx, "my-secret")
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret retrieved:", s.Data)
}
Authentication

In the previous example we used an insecure (root token) authentication method. For production applications, it is recommended to use approle or one of the platform-specific authentication methods instead (e.g. Kubernetes, AWS, Azure, etc.). The functions to access these authentication methods are automatically generated under client.Auth. Below is an example of how to authenticate using approle authentication method. Please refer to the approle documentation for more details.

resp, err := client.Auth.AppRoleLogin(
	ctx,
	vault.AppRoleLoginRequest{
		RoleId:   os.Getenv("MY_APPROLE_ROLE_ID"),
		SecretId: os.Getenv("MY_APPROLE_SECRET_ID"),
	},
	vault.WithMountPath("my/approle/path"), // optional, defaults to "approle"
)
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

The secret identifier is often delivered as a wrapped token. In this case, you should unwrap it first as demonstrated here.

Using Generic Accessors

The library provides the following generic accessors which let you read, modify, and delete an arbitrary path within Vault:

client.Read(...)
client.ReadWithParameters(...)
client.ReadRaw(...)
client.ReadRawWithParameters(...)

client.Write(...)
client.WriteFromBytes(...)
client.WriteFromReader(...)

client.List(...)

client.Delete(...)
client.DeleteWithParameters(...)

For example, client.Secrets.KVv2Write(...) from Getting Started section could be rewritten using a generic client.Write(...) like so:

_, err = client.Write(ctx, "/secret/data/my-secret", map[string]any{
	"data": map[string]any{
		"password1": "abc123",
		"password2": "correct horse battery staple",
	},
})
Using Generated Methods

The library has a number of generated methods corresponding to the known Vault API endpoints. They are organized in four catagories:

client.Auth     // authentication-related methods
client.Secrets  // methods dealing with secrets engines
client.Identity // identity-related methods
client.System   // various system-wide calls

Below is an example of accessing a generated System.ReadMounts method (equivalent to vault secrets list or GET /v1/sys/mounts):

resp, err := client.System.ReadMounts(ctx)
if err != nil {
	log.Fatal(err)
}

for engine := range resp.Data {
	log.Println(engine)
}

Note: the response.Data is currently returned as simple map[string]any maps. Structured (strongly typed) responses are coming soon!

Modifying Requests

You can modify the requests in one of two ways, either at the client level or by decorating individual requests:

// all subsequent requests will use the given token & namespace
_ = client.SetToken("my-token")
_ = client.SetNamespace("my-namespace")

// per-request decorators take precedence over the client-level settings
resp, _ = client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithToken("request-specific-token"),
	vault.WithNamespace("request-specific-namespace"),
)
Overriding Default Mount Path

Vault plugins can be mounted at arbitrary mount paths using -path command-line argument:

vault secrets enable -path=my/mount/path kv-v2

To accomodate this behavior, the requests defined under client.Auth and client.Secrets can be offset with mount path overrides using the following syntax:

// Equivalent to client.Read(ctx, "my/mount/path/data/my-secret")
secret, err := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithMountPath("my/mount/path"),
)
Response Wrapping & Unwrapping

Please refer to the response-wrapping documentation for more background information.

// wrap the response with a 5 minute TTL
resp, _ := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithResponseWrapping(5*time.Minute),
)
wrapped := resp.WrapInfo.Token

// unwrap the response (usually done elsewhere)
unwrapped, _ := vault.Unwrap[map[string]any](ctx, client, wrapped)
Error Handling

There are a couple specialized error types that the client can return:

  • ResponseError is the error returned when Vault responds with a status code outside of the 200 - 399 range.
  • RedirectError is the error returned when the client fails to process a redirect response.

The client also provides a convenience function vault.IsErrorStatus(...) to simplify error handling:

s, err := client.Secrets.KVv2Read(ctx, "my-secret")
if err != nil {
	if vault.IsErrorStatus(err, http.StatusForbidden) {
		// special handling for 403 errors
	}
	if vault.IsErrorStatus(err, http.StatusNotFound) {
		// special handling for 404 errors
	}
	return err
}
Using TLS

To enable TLS, simply specify the location of the Vault server's CA certificate file in the configuration:

tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}
...

You can test this with a -dev-tls Vault server:

vault server -dev-tls -dev-root-token-id="my-token"
Using TLS with Client-side Certificate Authentication
tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"
tls.ClientCertificate.FromFile = "/tmp/client-cert.pem"
tls.ClientCertificateKey.FromFile = "/tmp/client-cert-key.pem"

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}

resp, err := client.Auth.CertLogin(ctx, vault.CertLoginRequest{
	Name: "my-cert",
})
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

Note: this is a temporary solution using a generated method. The user experience will be improved with the introduction of auth wrappers.

Loading Configuration from Environment Variables
client, err := vault.New(
	vault.WithEnvironment(),
)
if err != nil {
	log.Fatal(err)
}

export VAULT_ADDR=http://localhost:8200
export VAULT_TOKEN=my-token
go run main.go
Logging Requests & Responses with Request/Response Callbacks
client.SetRequestCallbacks(func(req *http.Request) {
	// log req
})
client.SetResponseCallbacks(func(req *http.Request, resp *http.Response) {
	// log req, resp
})

Alternatively, vault.WithRequestCallbacks(..) / vault.WithResponseCallbacks(..) may be used to inject callbacks for individual requests.

Enforcing Read-your-writes Replication Semantics

Detailed background information of the read-after-write consistency problem can be found in the consistency and replication documentation pages.

You can enforce read-your-writes semantics for individual requests through callbacks:

var state string

// write
_, err := client.Secrets.KVv2Write(
	ctx,
	"my-secret",
	schema.KVv2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		},
	}
	vault.WithResponseCallbacks(
		vault.RecordReplicationState(
			&state,
		),
	),
)

// read
secret, err := client.Secrets.KVv2Read(
	ctx,
	"my-secret",
	vault.WithRequestCallbacks(
		vault.RequireReplicationStates(
			&state,
		),
	),
)

Alternatively, enforce read-your-writes semantics for all requests using the following setting:

client, err := vault.New(
	vault.WithBaseAddress("https://localhost:8200"),
	vault.WithEnforceReadYourWritesConsistency(),
)

Building the Library

The vast majority of the code, including the client's endpoints, requests and responses is generated from the OpenAPI specification file v1.13.0 using openapi-generator. If you make any changes to the underlying templates (generate/templates/*), make sure to regenerate the files by running the following:

make regen && go build

Under Development

This library is currently under active development. Below is a list of high-level features that have been implemented:

  • TLS
  • Read/Write/Delete/List base accessors
  • Automatic retries on errors (using go-retryablehttp)
  • Custom redirect logic
  • Client-side rate limiting
  • Vault-specific headers (X-Vault-Token, X-Vault-Namespace, etc.) and custom headers
  • Request/Response callbacks
  • Environment variables for configuration
  • Read-your-writes semantics
  • Thread-safe cloning and client modifications
  • Response wrapping & unwrapping
  • CI/CD pipelines

The following features are coming soon:

  • Structured responses (as part of the specification file)
  • Testing framework
  • Authentication wrappers
  • Other helpers & wrappers (KV, SSH, Monitor, Plugins, LifetimeWatcher, etc.)

Documentation for API Endpoints

Documentation

Index

Constants

View Source 
const ClientVersion = "0.1.0-beta"

Variables

This section is empty.

Functions

func DefaultRetryPolicy 

func DefaultRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error)

DefaultRetryPolicy provides a default callback for RetryConfiguration.CheckRetry. In addition to retryablehttp.DefaultRetryPolicy, it retries on 412 responses, which are returned by Vault when a X-Vault-Index header isn't satisfied.

func IsErrorStatus 

func IsErrorStatus(err error, status int) bool

IsErrorStatus returns true if the given error is either a ResponseError or a RedirectError with the given status code.

func MergeReplicationStates 

func MergeReplicationStates(old []string, new string) []string

MergeReplicationStates returns a merged array of replication states by iterating through all states in the `old` slice. An iterated state is merged into the result before the `new` based on the result of compareReplicationStates

Types

type Auth 

type Auth struct {
	// contains filtered or unexported fields
}

Auth is a simple wrapper around the client for Auth requests

func (*Auth) AWSConfigDeleteCertificate 

func (a *Auth) AWSConfigDeleteCertificate(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteCertificate certName: Name of the certificate.

func (*Auth) AWSConfigDeleteClient 

func (a *Auth) AWSConfigDeleteClient(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteClient

func (*Auth) AWSConfigDeleteIdentityAccessList 

func (a *Auth) AWSConfigDeleteIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteIdentityAccessList

func (*Auth) AWSConfigDeleteIdentityWhiteList 

func (a *Auth) AWSConfigDeleteIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteIdentityWhiteList

func (*Auth) AWSConfigDeleteRoleTagBlackList 

func (a *Auth) AWSConfigDeleteRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteRoleTagBlackList

func (*Auth) AWSConfigDeleteRoleTagDenyList 

func (a *Auth) AWSConfigDeleteRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteRoleTagDenyList

func (*Auth) AWSConfigDeleteSecurityTokenServiceAccount 

func (a *Auth) AWSConfigDeleteSecurityTokenServiceAccount(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigDeleteSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSConfigListCertificates 

func (a *Auth) AWSConfigListCertificates(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigListCertificates

func (*Auth) AWSConfigListSecurityTokenService 

func (a *Auth) AWSConfigListSecurityTokenService(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigListSecurityTokenService

func (*Auth) AWSConfigReadCertificate 

func (a *Auth) AWSConfigReadCertificate(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadCertificate certName: Name of the certificate.

func (*Auth) AWSConfigReadClient 

func (a *Auth) AWSConfigReadClient(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadClient

func (*Auth) AWSConfigReadIdentity 

func (a *Auth) AWSConfigReadIdentity(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentity

func (*Auth) AWSConfigReadIdentityAccessList 

func (a *Auth) AWSConfigReadIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentityAccessList

func (*Auth) AWSConfigReadIdentityWhiteList 

func (a *Auth) AWSConfigReadIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadIdentityWhiteList

func (*Auth) AWSConfigReadRoleTagBlackList 

func (a *Auth) AWSConfigReadRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRoleTagBlackList

func (*Auth) AWSConfigReadRoleTagDenyList 

func (a *Auth) AWSConfigReadRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRoleTagDenyList

func (*Auth) AWSConfigReadSecurityTokenServiceAccount 

func (a *Auth) AWSConfigReadSecurityTokenServiceAccount(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSConfigRotateRoot 

func (a *Auth) AWSConfigRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigRotateRoot

func (*Auth) AWSConfigWriteCertificate 

func (a *Auth) AWSConfigWriteCertificate(ctx context.Context, certName string, request schema.AWSConfigWriteCertificateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteCertificate certName: Name of the certificate.

func (*Auth) AWSConfigWriteClient 

func (a *Auth) AWSConfigWriteClient(ctx context.Context, request schema.AWSConfigWriteClientRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteClient

func (*Auth) AWSConfigWriteIdentity 

func (a *Auth) AWSConfigWriteIdentity(ctx context.Context, request schema.AWSConfigWriteIdentityRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentity

func (*Auth) AWSConfigWriteIdentityAccessList 

func (a *Auth) AWSConfigWriteIdentityAccessList(ctx context.Context, request schema.AWSConfigWriteIdentityAccessListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentityAccessList

func (*Auth) AWSConfigWriteIdentityWhiteList 

func (a *Auth) AWSConfigWriteIdentityWhiteList(ctx context.Context, request schema.AWSConfigWriteIdentityWhiteListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteIdentityWhiteList

func (*Auth) AWSConfigWriteRoleTagBlackList 

func (a *Auth) AWSConfigWriteRoleTagBlackList(ctx context.Context, request schema.AWSConfigWriteRoleTagBlackListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRoleTagBlackList

func (*Auth) AWSConfigWriteRoleTagDenyList 

func (a *Auth) AWSConfigWriteRoleTagDenyList(ctx context.Context, request schema.AWSConfigWriteRoleTagDenyListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRoleTagDenyList

func (*Auth) AWSConfigWriteSecurityTokenServiceAccount 

func (a *Auth) AWSConfigWriteSecurityTokenServiceAccount(ctx context.Context, accountId string, request schema.AWSConfigWriteSecurityTokenServiceAccountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteSecurityTokenServiceAccount accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AWSDeleteAuthRole 

func (a *Auth) AWSDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteAuthRole role: Name of the role.

func (*Auth) AWSDeleteIdentityAccessListFor 

func (a *Auth) AWSDeleteIdentityAccessListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteIdentityAccessListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSDeleteIdentityWhiteListFor 

func (a *Auth) AWSDeleteIdentityWhiteListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteIdentityWhiteListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSDeleteRoleTagBlackListFor 

func (a *Auth) AWSDeleteRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSDeleteRoleTagDenyListFor 

func (a *Auth) AWSDeleteRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSListAuthRoles 

func (a *Auth) AWSListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListAuthRoles

func (*Auth) AWSListAuthRoles2 

func (a *Auth) AWSListAuthRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListAuthRoles2

func (*Auth) AWSListIdentityAccessList 

func (a *Auth) AWSListIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListIdentityAccessList

func (*Auth) AWSListIdentityWhiteList 

func (a *Auth) AWSListIdentityWhiteList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListIdentityWhiteList

func (*Auth) AWSListRoleTagBlackList 

func (a *Auth) AWSListRoleTagBlackList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoleTagBlackList

func (*Auth) AWSListRoleTagDenyList 

func (a *Auth) AWSListRoleTagDenyList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoleTagDenyList

func (*Auth) AWSLogin 

func (a *Auth) AWSLogin(ctx context.Context, request schema.AWSLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSLogin

func (*Auth) AWSReadAuthRole 

func (a *Auth) AWSReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadAuthRole role: Name of the role.

func (*Auth) AWSReadIdentityAccessListFor 

func (a *Auth) AWSReadIdentityAccessListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadIdentityAccessListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSReadIdentityWhiteListFor 

func (a *Auth) AWSReadIdentityWhiteListFor(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadIdentityWhiteListFor instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AWSReadRoleTagBlackListFor 

func (a *Auth) AWSReadRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSReadRoleTagDenyListFor 

func (a *Auth) AWSReadRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteAuthRole 

func (a *Auth) AWSWriteAuthRole(ctx context.Context, role string, request schema.AWSWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteAuthRole role: Name of the role.

func (*Auth) AWSWriteAuthRoleTag 

func (a *Auth) AWSWriteAuthRoleTag(ctx context.Context, role string, request schema.AWSWriteAuthRoleTagRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteAuthRoleTag role: Name of the role.

func (*Auth) AWSWriteIdentityAccessListTidySettings 

func (a *Auth) AWSWriteIdentityAccessListTidySettings(ctx context.Context, request schema.AWSWriteIdentityAccessListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteIdentityAccessListTidySettings

func (*Auth) AWSWriteIdentityWhiteListTidySettings 

func (a *Auth) AWSWriteIdentityWhiteListTidySettings(ctx context.Context, request schema.AWSWriteIdentityWhiteListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteIdentityWhiteListTidySettings

func (*Auth) AWSWriteRoleTagBlackListFor 

func (a *Auth) AWSWriteRoleTagBlackListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagBlackListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteRoleTagBlackListTidySettings 

func (a *Auth) AWSWriteRoleTagBlackListTidySettings(ctx context.Context, request schema.AWSWriteRoleTagBlackListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagBlackListTidySettings

func (*Auth) AWSWriteRoleTagDenyListFor 

func (a *Auth) AWSWriteRoleTagDenyListFor(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagDenyListFor roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AWSWriteRoleTagDenyListTidySettings 

func (a *Auth) AWSWriteRoleTagDenyListTidySettings(ctx context.Context, request schema.AWSWriteRoleTagDenyListTidySettingsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRoleTagDenyListTidySettings

func (*Auth) AliCloudDeleteAuthRole 

func (a *Auth) AliCloudDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudListAuthRoles 

func (a *Auth) AliCloudListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListAuthRoles Lists all the roles that are registered with Vault.

func (*Auth) AliCloudListAuthRoles2 

func (a *Auth) AliCloudListAuthRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListAuthRoles2 Lists all the roles that are registered with Vault.

func (*Auth) AliCloudLogin 

func (a *Auth) AliCloudLogin(ctx context.Context, request schema.AliCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudLogin Authenticates an RAM entity with Vault.

func (*Auth) AliCloudReadAuthRole 

func (a *Auth) AliCloudReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudWriteAuthRole 

func (a *Auth) AliCloudWriteAuthRole(ctx context.Context, role string, request schema.AliCloudWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AppRoleDeleteBindSecretID 

func (a *Auth) AppRoleDeleteBindSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteBoundCIDRList 

func (a *Auth) AppRoleDeleteBoundCIDRList(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePeriod 

func (a *Auth) AppRoleDeletePeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePolicies 

func (a *Auth) AppRoleDeletePolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteRole 

func (a *Auth) AppRoleDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDAccessorDestroy 

func (a *Auth) AppRoleDeleteSecretIDAccessorDestroy(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDAccessorDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDBoundCIDRs 

func (a *Auth) AppRoleDeleteSecretIDBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDDestroy 

func (a *Auth) AppRoleDeleteSecretIDDestroy(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDNumUses 

func (a *Auth) AppRoleDeleteSecretIDNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIDTTL 

func (a *Auth) AppRoleDeleteSecretIDTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenBoundCIDRs 

func (a *Auth) AppRoleDeleteTokenBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenMaxTTL 

func (a *Auth) AppRoleDeleteTokenMaxTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenNumUses 

func (a *Auth) AppRoleDeleteTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenTTL 

func (a *Auth) AppRoleDeleteTokenTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleListRoles 

func (a *Auth) AppRoleListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.AppRoleListRolesResponse], error)

AppRoleListRoles

func (*Auth) AppRoleListSecretID 

func (a *Auth) AppRoleListSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleListSecretIDResponse], error)

AppRoleListSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleLogin 

func (a *Auth) AppRoleLogin(ctx context.Context, request schema.AppRoleLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleLogin

func (*Auth) AppRoleReadBindSecretID 

func (a *Auth) AppRoleReadBindSecretID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBindSecretIDResponse], error)

AppRoleReadBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadBoundCIDRList 

func (a *Auth) AppRoleReadBoundCIDRList(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBoundCIDRListResponse], error)

AppRoleReadBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadLocalSecretIDs 

func (a *Auth) AppRoleReadLocalSecretIDs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadLocalSecretIDsResponse], error)

AppRoleReadLocalSecretIDs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPeriod 

func (a *Auth) AppRoleReadPeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPeriodResponse], error)

AppRoleReadPeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPolicies 

func (a *Auth) AppRoleReadPolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPoliciesResponse], error)

AppRoleReadPolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRole 

func (a *Auth) AppRoleReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleResponse], error)

AppRoleReadRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRoleID 

func (a *Auth) AppRoleReadRoleID(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleIDResponse], error)

AppRoleReadRoleID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDBoundCIDRs 

func (a *Auth) AppRoleReadSecretIDBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDBoundCIDRsResponse], error)

AppRoleReadSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDNumUses 

func (a *Auth) AppRoleReadSecretIDNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDNumUsesResponse], error)

AppRoleReadSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIDTTL 

func (a *Auth) AppRoleReadSecretIDTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIDTTLResponse], error)

AppRoleReadSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenBoundCIDRs 

func (a *Auth) AppRoleReadTokenBoundCIDRs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenBoundCIDRsResponse], error)

AppRoleReadTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenMaxTTL 

func (a *Auth) AppRoleReadTokenMaxTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenMaxTTLResponse], error)

AppRoleReadTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenNumUses 

func (a *Auth) AppRoleReadTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenNumUsesResponse], error)

AppRoleReadTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenTTL 

func (a *Auth) AppRoleReadTokenTTL(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenTTLResponse], error)

AppRoleReadTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleTidySecretID 

func (a *Auth) AppRoleTidySecretID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleTidySecretID Trigger the clean-up of expired SecretID entries.

func (*Auth) AppRoleWriteBindSecretID 

func (a *Auth) AppRoleWriteBindSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteBindSecretIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBindSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteBoundCIDRList 

func (a *Auth) AppRoleWriteBoundCIDRList(ctx context.Context, roleName string, request schema.AppRoleWriteBoundCIDRListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBoundCIDRList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteCustomSecretID 

func (a *Auth) AppRoleWriteCustomSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteCustomSecretIDRequest, options ...RequestOption) (*Response[schema.AppRoleWriteCustomSecretIDResponse], error)

AppRoleWriteCustomSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePeriod 

func (a *Auth) AppRoleWritePeriod(ctx context.Context, roleName string, request schema.AppRoleWritePeriodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePolicies 

func (a *Auth) AppRoleWritePolicies(ctx context.Context, roleName string, request schema.AppRoleWritePoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRole 

func (a *Auth) AppRoleWriteRole(ctx context.Context, roleName string, request schema.AppRoleWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRoleID 

func (a *Auth) AppRoleWriteRoleID(ctx context.Context, roleName string, request schema.AppRoleWriteRoleIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRoleID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretID 

func (a *Auth) AppRoleWriteSecretID(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDResponse], error)

AppRoleWriteSecretID roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDAccessorDestroy 

func (a *Auth) AppRoleWriteSecretIDAccessorDestroy(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDAccessorDestroyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDAccessorDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDAccessorLookup 

func (a *Auth) AppRoleWriteSecretIDAccessorLookup(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDAccessorLookupRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDAccessorLookupResponse], error)

AppRoleWriteSecretIDAccessorLookup roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDBoundCIDRs 

func (a *Auth) AppRoleWriteSecretIDBoundCIDRs(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDBoundCIDRsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDDestroy 

func (a *Auth) AppRoleWriteSecretIDDestroy(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDDestroyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDDestroy roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDLookup 

func (a *Auth) AppRoleWriteSecretIDLookup(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDLookupRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIDLookupResponse], error)

AppRoleWriteSecretIDLookup roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDNumUses 

func (a *Auth) AppRoleWriteSecretIDNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIDTTL 

func (a *Auth) AppRoleWriteSecretIDTTL(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIDTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIDTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenBoundCIDRs 

func (a *Auth) AppRoleWriteTokenBoundCIDRs(ctx context.Context, roleName string, request schema.AppRoleWriteTokenBoundCIDRsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenBoundCIDRs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenMaxTTL 

func (a *Auth) AppRoleWriteTokenMaxTTL(ctx context.Context, roleName string, request schema.AppRoleWriteTokenMaxTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenMaxTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenNumUses 

func (a *Auth) AppRoleWriteTokenNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteTokenNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenTTL 

func (a *Auth) AppRoleWriteTokenTTL(ctx context.Context, roleName string, request schema.AppRoleWriteTokenTTLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenTTL roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AzureDeleteAuthConfig 

func (a *Auth) AzureDeleteAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthConfig

func (*Auth) AzureDeleteAuthRole 

func (a *Auth) AzureDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthRole name: Name of the role.

func (*Auth) AzureListAuthRoles 

func (a *Auth) AzureListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureListAuthRoles

func (*Auth) AzureLogin 

func (a *Auth) AzureLogin(ctx context.Context, request schema.AzureLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureLogin

func (*Auth) AzureReadAuthConfig 

func (a *Auth) AzureReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthConfig

func (*Auth) AzureReadAuthRole 

func (a *Auth) AzureReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthRole name: Name of the role.

func (*Auth) AzureWriteAuthConfig 

func (a *Auth) AzureWriteAuthConfig(ctx context.Context, request schema.AzureWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteAuthConfig

func (*Auth) AzureWriteAuthRole 

func (a *Auth) AzureWriteAuthRole(ctx context.Context, name string, request schema.AzureWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteAuthRole name: Name of the role.

func (*Auth) CentrifyLogin 

func (a *Auth) CentrifyLogin(ctx context.Context, request schema.CentrifyLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyLogin Log in with a username and password.

func (*Auth) CentrifyReadConfig 

func (a *Auth) CentrifyReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyReadConfig This path allows you to configure the centrify auth provider to interact with the Centrify Identity Services Platform for authenticating users.

func (*Auth) CentrifyWriteConfig 

func (a *Auth) CentrifyWriteConfig(ctx context.Context, request schema.CentrifyWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyWriteConfig This path allows you to configure the centrify auth provider to interact with the Centrify Identity Services Platform for authenticating users.

func (*Auth) CertificatesDelete 

func (a *Auth) CertificatesDelete(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesDelete Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesDeleteCRL 

func (a *Auth) CertificatesDeleteCRL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesDeleteCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesList 

func (a *Auth) CertificatesList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesList Manage trusted certificates used for authentication.

func (*Auth) CertificatesListCRLs 

func (a *Auth) CertificatesListCRLs(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesListCRLs

func (*Auth) CertificatesLogin 

func (a *Auth) CertificatesLogin(ctx context.Context, request schema.CertificatesLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesLogin

func (*Auth) CertificatesRead 

func (a *Auth) CertificatesRead(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesRead Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesReadCRL 

func (a *Auth) CertificatesReadCRL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesReadCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesReadConfig 

func (a *Auth) CertificatesReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesReadConfig

func (*Auth) CertificatesWrite 

func (a *Auth) CertificatesWrite(ctx context.Context, name string, request schema.CertificatesWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWrite Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertificatesWriteCRL 

func (a *Auth) CertificatesWriteCRL(ctx context.Context, name string, request schema.CertificatesWriteCRLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWriteCRL Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertificatesWriteConfig 

func (a *Auth) CertificatesWriteConfig(ctx context.Context, request schema.CertificatesWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertificatesWriteConfig

func (*Auth) CloudFoundryDeleteConfig 

func (a *Auth) CloudFoundryDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteConfig

func (*Auth) CloudFoundryDeleteRole 

func (a *Auth) CloudFoundryDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteRole role: The name of the role.

func (*Auth) CloudFoundryListRoles 

func (a *Auth) CloudFoundryListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryListRoles

func (*Auth) CloudFoundryLogin 

func (a *Auth) CloudFoundryLogin(ctx context.Context, request schema.CloudFoundryLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryLogin

func (*Auth) CloudFoundryReadConfig 

func (a *Auth) CloudFoundryReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadConfig

func (*Auth) CloudFoundryReadRole 

func (a *Auth) CloudFoundryReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadRole role: The name of the role.

func (*Auth) CloudFoundryWriteConfig 

func (a *Auth) CloudFoundryWriteConfig(ctx context.Context, request schema.CloudFoundryWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryWriteConfig

func (*Auth) CloudFoundryWriteRole 

func (a *Auth) CloudFoundryWriteRole(ctx context.Context, role string, request schema.CloudFoundryWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryWriteRole role: The name of the role.

func (*Auth) GitHubDeleteMapTeam 

func (a *Auth) GitHubDeleteMapTeam(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubDeleteMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubDeleteMapUser 

func (a *Auth) GitHubDeleteMapUser(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubDeleteMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GitHubLogin 

func (a *Auth) GitHubLogin(ctx context.Context, request schema.GitHubLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubLogin

func (*Auth) GitHubReadConfig 

func (a *Auth) GitHubReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadConfig

func (*Auth) GitHubReadMapTeam 

func (a *Auth) GitHubReadMapTeam(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubReadMapTeams 

func (a *Auth) GitHubReadMapTeams(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapTeams Read mappings for teams list: Return a list if `true`

func (*Auth) GitHubReadMapUser 

func (a *Auth) GitHubReadMapUser(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GitHubReadMapUsers 

func (a *Auth) GitHubReadMapUsers(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubReadMapUsers Read mappings for users list: Return a list if `true`

func (*Auth) GitHubWriteConfig 

func (a *Auth) GitHubWriteConfig(ctx context.Context, request schema.GitHubWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteConfig

func (*Auth) GitHubWriteMapTeam 

func (a *Auth) GitHubWriteMapTeam(ctx context.Context, key string, request schema.GitHubWriteMapTeamRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteMapTeam Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GitHubWriteMapUser 

func (a *Auth) GitHubWriteMapUser(ctx context.Context, key string, request schema.GitHubWriteMapUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GitHubWriteMapUser Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GoogleCloudDeleteRole 

func (a *Auth) GoogleCloudDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudListRoles 

func (a *Auth) GoogleCloudListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRoles Lists all the roles that are registered with Vault.

func (*Auth) GoogleCloudListRoles2 

func (a *Auth) GoogleCloudListRoles2(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRoles2 Lists all the roles that are registered with Vault.

func (*Auth) GoogleCloudLogin 

func (a *Auth) GoogleCloudLogin(ctx context.Context, request schema.GoogleCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudLogin

func (*Auth) GoogleCloudReadAuthConfig 

func (a *Auth) GoogleCloudReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadAuthConfig Configure credentials used to query the GCP IAM API to verify authenticating service accounts

func (*Auth) GoogleCloudReadRole 

func (a *Auth) GoogleCloudReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudWriteAuthConfig 

func (a *Auth) GoogleCloudWriteAuthConfig(ctx context.Context, request schema.GoogleCloudWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteAuthConfig Configure credentials used to query the GCP IAM API to verify authenticating service accounts

func (*Auth) GoogleCloudWriteRole 

func (a *Auth) GoogleCloudWriteRole(ctx context.Context, name string, request schema.GoogleCloudWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudWriteRoleLabels 

func (a *Auth) GoogleCloudWriteRoleLabels(ctx context.Context, name string, request schema.GoogleCloudWriteRoleLabelsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleLabels Add or remove labels for an existing 'gce' role name: Name of the role.

func (*Auth) GoogleCloudWriteRoleServiceAccounts 

func (a *Auth) GoogleCloudWriteRoleServiceAccounts(ctx context.Context, name string, request schema.GoogleCloudWriteRoleServiceAccountsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleServiceAccounts Add or remove service accounts for an existing `iam` role name: Name of the role.

func (*Auth) JWTDeleteRole 

func (a *Auth) JWTDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTDeleteRole Delete an existing role. name: Name of the role.

func (*Auth) JWTListRoles 

func (a *Auth) JWTListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTListRoles Lists all the roles registered with the backend. The list will contain the names of the roles.

func (*Auth) JWTLogin 

func (a *Auth) JWTLogin(ctx context.Context, request schema.JWTLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTLogin Authenticates to Vault using a JWT (or OIDC) token.

func (*Auth) JWTReadConfig 

func (a *Auth) JWTReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadConfig Read the current JWT authentication backend configuration.

func (*Auth) JWTReadOIDCCallback 

func (a *Auth) JWTReadOIDCCallback(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadOIDCCallback Callback endpoint to complete an OIDC login.

func (*Auth) JWTReadRole 

func (a *Auth) JWTReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTReadRole Read an existing role. name: Name of the role.

func (*Auth) JWTWriteConfig 

func (a *Auth) JWTWriteConfig(ctx context.Context, request schema.JWTWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteConfig Configure the JWT authentication backend. The JWT authentication backend validates JWTs (or OIDC) using the configured credentials. If using OIDC Discovery, the URL must be provided, along with (optionally) the CA cert to use for the connection. If performing JWT validation locally, a set of public keys must be provided.

func (*Auth) JWTWriteOIDCAuthURL 

func (a *Auth) JWTWriteOIDCAuthURL(ctx context.Context, request schema.JWTWriteOIDCAuthURLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteOIDCAuthURL Request an authorization URL to start an OIDC login flow.

func (*Auth) JWTWriteOIDCCallback 

func (a *Auth) JWTWriteOIDCCallback(ctx context.Context, request schema.JWTWriteOIDCCallbackRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteOIDCCallback Callback endpoint to handle form_posts.

func (*Auth) JWTWriteRole 

func (a *Auth) JWTWriteRole(ctx context.Context, name string, request schema.JWTWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JWTWriteRole Register an role with the backend. A role is required to authenticate with this backend. The role binds JWT token information with token policies and settings. The bindings, token polices and token settings can all be configured using this endpoint name: Name of the role.

func (*Auth) KerberosDeleteGroup 

func (a *Auth) KerberosDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosDeleteGroup name: Name of the LDAP group.

func (*Auth) KerberosListGroups 

func (a *Auth) KerberosListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosListGroups

func (*Auth) KerberosLogin 

func (a *Auth) KerberosLogin(ctx context.Context, request schema.KerberosLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosLogin

func (*Auth) KerberosReadConfig 

func (a *Auth) KerberosReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadConfig

func (*Auth) KerberosReadGroup 

func (a *Auth) KerberosReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadGroup name: Name of the LDAP group.

func (*Auth) KerberosReadLDAPConfig 

func (a *Auth) KerberosReadLDAPConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadLDAPConfig

func (*Auth) KerberosWriteConfig 

func (a *Auth) KerberosWriteConfig(ctx context.Context, request schema.KerberosWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteConfig

func (*Auth) KerberosWriteGroup 

func (a *Auth) KerberosWriteGroup(ctx context.Context, name string, request schema.KerberosWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteGroup name: Name of the LDAP group.

func (*Auth) KerberosWriteLDAPConfig 

func (a *Auth) KerberosWriteLDAPConfig(ctx context.Context, request schema.KerberosWriteLDAPConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteLDAPConfig

func (*Auth) KubernetesDeleteAuthRole 

func (a *Auth) KubernetesDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesListAuthRoles 

func (a *Auth) KubernetesListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesListAuthRoles Lists all the roles registered with the backend.

func (*Auth) KubernetesLogin 

func (a *Auth) KubernetesLogin(ctx context.Context, request schema.KubernetesLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesLogin Authenticates Kubernetes service accounts with Vault.

func (*Auth) KubernetesReadAuthConfig 

func (a *Auth) KubernetesReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthConfig Configures the JWT Public Key and Kubernetes API information.

func (*Auth) KubernetesReadAuthRole 

func (a *Auth) KubernetesReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesWriteAuthConfig 

func (a *Auth) KubernetesWriteAuthConfig(ctx context.Context, request schema.KubernetesWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteAuthConfig Configures the JWT Public Key and Kubernetes API information.

func (*Auth) KubernetesWriteAuthRole 

func (a *Auth) KubernetesWriteAuthRole(ctx context.Context, name string, request schema.KubernetesWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) LDAPDeleteGroup 

func (a *Auth) LDAPDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPDeleteUser 

func (a *Auth) LDAPDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LDAPListGroups 

func (a *Auth) LDAPListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListGroups Manage additional groups for users allowed to authenticate.

func (*Auth) LDAPListUsers 

func (a *Auth) LDAPListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListUsers Manage users allowed to authenticate.

func (*Auth) LDAPLogin 

func (a *Auth) LDAPLogin(ctx context.Context, username string, request schema.LDAPLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPLogin Log in with a username and password. username: DN (distinguished name) to be used for login.

func (*Auth) LDAPReadAuthConfig 

func (a *Auth) LDAPReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadAuthConfig Configure the LDAP server to connect to, along with its options.

func (*Auth) LDAPReadGroup 

func (a *Auth) LDAPReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPReadUser 

func (a *Auth) LDAPReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LDAPWriteAuthConfig 

func (a *Auth) LDAPWriteAuthConfig(ctx context.Context, request schema.LDAPWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteAuthConfig Configure the LDAP server to connect to, along with its options.

func (*Auth) LDAPWriteGroup 

func (a *Auth) LDAPWriteGroup(ctx context.Context, name string, request schema.LDAPWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LDAPWriteUser 

func (a *Auth) LDAPWriteUser(ctx context.Context, name string, request schema.LDAPWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) OCIDeleteConfig 

func (a *Auth) OCIDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIDeleteConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIDeleteRole 

func (a *Auth) OCIDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIDeleteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OCIListRoles 

func (a *Auth) OCIListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIListRoles Lists all the roles that are registered with Vault.

func (*Auth) OCILoginWithRole 

func (a *Auth) OCILoginWithRole(ctx context.Context, role string, request schema.OCILoginWithRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCILoginWithRole Authenticates to Vault using OCI credentials role: Name of the role.

func (*Auth) OCIReadConfig 

func (a *Auth) OCIReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIReadConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIReadRole 

func (a *Auth) OCIReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIReadRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OCIWriteConfig 

func (a *Auth) OCIWriteConfig(ctx context.Context, request schema.OCIWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIWriteConfig Manages the configuration for the Vault Auth Plugin.

func (*Auth) OCIWriteRole 

func (a *Auth) OCIWriteRole(ctx context.Context, role string, request schema.OCIWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OCIWriteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OIDCDeleteAuthRole 

func (a *Auth) OIDCDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteAuthRole Delete an existing role. name: Name of the role.

func (*Auth) OIDCListAuthRoles 

func (a *Auth) OIDCListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListAuthRoles Lists all the roles registered with the backend. The list will contain the names of the roles.

func (*Auth) OIDCLogin 

func (a *Auth) OIDCLogin(ctx context.Context, request schema.OIDCLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCLogin Authenticates to Vault using a JWT (or OIDC) token.

func (*Auth) OIDCReadAuthConfig 

func (a *Auth) OIDCReadAuthConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAuthConfig Read the current JWT authentication backend configuration.

func (*Auth) OIDCReadAuthRole 

func (a *Auth) OIDCReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAuthRole Read an existing role. name: Name of the role.

func (*Auth) OIDCReadCallback 

func (a *Auth) OIDCReadCallback(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadCallback Callback endpoint to complete an OIDC login.

func (*Auth) OIDCWriteAuthConfig 

func (a *Auth) OIDCWriteAuthConfig(ctx context.Context, request schema.OIDCWriteAuthConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthConfig Configure the JWT authentication backend. The JWT authentication backend validates JWTs (or OIDC) using the configured credentials. If using OIDC Discovery, the URL must be provided, along with (optionally) the CA cert to use for the connection. If performing JWT validation locally, a set of public keys must be provided.

func (*Auth) OIDCWriteAuthRole 

func (a *Auth) OIDCWriteAuthRole(ctx context.Context, name string, request schema.OIDCWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthRole Register an role with the backend. A role is required to authenticate with this backend. The role binds JWT token information with token policies and settings. The bindings, token polices and token settings can all be configured using this endpoint name: Name of the role.

func (*Auth) OIDCWriteAuthURL 

func (a *Auth) OIDCWriteAuthURL(ctx context.Context, request schema.OIDCWriteAuthURLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAuthURL Request an authorization URL to start an OIDC login flow.

func (*Auth) OIDCWriteCallback 

func (a *Auth) OIDCWriteCallback(ctx context.Context, request schema.OIDCWriteCallbackRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteCallback Callback endpoint to handle form_posts.

func (*Auth) OktaDeleteGroup 

func (a *Auth) OktaDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaDeleteUser 

func (a *Auth) OktaDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaListGroups 

func (a *Auth) OktaListGroups(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaListGroups Manage users allowed to authenticate.

func (*Auth) OktaListUsers 

func (a *Auth) OktaListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaListUsers Manage additional groups for users allowed to authenticate.

func (*Auth) OktaLogin 

func (a *Auth) OktaLogin(ctx context.Context, username string, request schema.OktaLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaLogin Log in with a username and password. username: Username to be used for login.

func (*Auth) OktaReadConfig 

func (a *Auth) OktaReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadConfig This endpoint allows you to configure the Okta and its configuration options. The Okta organization are the characters at the front of the URL for Okta. Example https://ORG.okta.com

func (*Auth) OktaReadGroup 

func (a *Auth) OktaReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaReadUser 

func (a *Auth) OktaReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaVerify 

func (a *Auth) OktaVerify(ctx context.Context, nonce string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaVerify nonce: Nonce provided during a login request to retrieve the number verification challenge for the matching request.

func (*Auth) OktaWriteConfig 

func (a *Auth) OktaWriteConfig(ctx context.Context, request schema.OktaWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteConfig This endpoint allows you to configure the Okta and its configuration options. The Okta organization are the characters at the front of the URL for Okta. Example https://ORG.okta.com

func (*Auth) OktaWriteGroup 

func (a *Auth) OktaWriteGroup(ctx context.Context, name string, request schema.OktaWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaWriteUser 

func (a *Auth) OktaWriteUser(ctx context.Context, name string, request schema.OktaWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) RadiusDeleteUser 

func (a *Auth) RadiusDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusDeleteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusListUsers 

func (a *Auth) RadiusListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusListUsers Manage users allowed to authenticate.

func (*Auth) RadiusLogin 

func (a *Auth) RadiusLogin(ctx context.Context, request schema.RadiusLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLogin Log in with a username and password.

func (*Auth) RadiusLoginWithUsername 

func (a *Auth) RadiusLoginWithUsername(ctx context.Context, urlusername string, request schema.RadiusLoginWithUsernameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLoginWithUsername Log in with a username and password. urlusername: Username to be used for login. (URL parameter)

func (*Auth) RadiusReadConfig 

func (a *Auth) RadiusReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadConfig Configure the RADIUS server to connect to, along with its options.

func (*Auth) RadiusReadUser 

func (a *Auth) RadiusReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusWriteConfig 

func (a *Auth) RadiusWriteConfig(ctx context.Context, request schema.RadiusWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusWriteConfig Configure the RADIUS server to connect to, along with its options.

func (*Auth) RadiusWriteUser 

func (a *Auth) RadiusWriteUser(ctx context.Context, name string, request schema.RadiusWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusWriteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) TokenDeleteRole 

func (a *Auth) TokenDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenDeleteRole roleName: Name of the role

func (*Auth) TokenListAccessors 

func (a *Auth) TokenListAccessors(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenListAccessors List token accessors, which can then be be used to iterate and discover their properties or revoke them. Because this can be used to cause a denial of service, this endpoint requires 'sudo' capability in addition to 'list'.

func (*Auth) TokenListRoles 

func (a *Auth) TokenListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenListRoles This endpoint lists configured roles.

func (*Auth) TokenReadLookup 

func (a *Auth) TokenReadLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadLookup This endpoint will lookup a token and its properties.

func (*Auth) TokenReadLookupSelf 

func (a *Auth) TokenReadLookupSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadLookupSelf This endpoint will lookup a token and its properties.

func (*Auth) TokenReadRole 

func (a *Auth) TokenReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadRole roleName: Name of the role

func (*Auth) TokenRenew 

func (a *Auth) TokenRenew(ctx context.Context, request schema.TokenRenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenew This endpoint will renew the given token and prevent expiration.

func (*Auth) TokenRenewAccessor 

func (a *Auth) TokenRenewAccessor(ctx context.Context, request schema.TokenRenewAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewAccessor This endpoint will renew a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenRenewSelf 

func (a *Auth) TokenRenewSelf(ctx context.Context, request schema.TokenRenewSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewSelf This endpoint will renew the token used to call it and prevent expiration.

func (*Auth) TokenRevoke 

func (a *Auth) TokenRevoke(ctx context.Context, request schema.TokenRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevoke This endpoint will delete the given token and all of its child tokens.

func (*Auth) TokenRevokeAccessor 

func (a *Auth) TokenRevokeAccessor(ctx context.Context, request schema.TokenRevokeAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeAccessor This endpoint will delete the token associated with the accessor and all of its child tokens.

func (*Auth) TokenRevokeOrphan 

func (a *Auth) TokenRevokeOrphan(ctx context.Context, request schema.TokenRevokeOrphanRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeOrphan This endpoint will delete the token and orphan its child tokens.

func (*Auth) TokenRevokeSelf 

func (a *Auth) TokenRevokeSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeSelf This endpoint will delete the token used to call it and all of its child tokens.

func (*Auth) TokenTidy 

func (a *Auth) TokenTidy(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenTidy This endpoint performs cleanup tasks that can be run if certain error conditions have occurred.

func (*Auth) TokenWriteCreate 

func (a *Auth) TokenWriteCreate(ctx context.Context, request schema.TokenWriteCreateRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreate The token create path is used to create new tokens. format: Return json formatted output

func (*Auth) TokenWriteCreateOrphan 

func (a *Auth) TokenWriteCreateOrphan(ctx context.Context, request schema.TokenWriteCreateOrphanRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreateOrphan The token create path is used to create new orphan tokens. format: Return json formatted output

func (*Auth) TokenWriteCreateWithRole 

func (a *Auth) TokenWriteCreateWithRole(ctx context.Context, roleName string, request schema.TokenWriteCreateWithRoleRequest, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteCreateWithRole This token create path is used to create new tokens adhering to the given role. roleName: Name of the role format: Return json formatted output

func (*Auth) TokenWriteLookup 

func (a *Auth) TokenWriteLookup(ctx context.Context, request schema.TokenWriteLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookup This endpoint will lookup a token and its properties.

func (*Auth) TokenWriteLookupAccessor 

func (a *Auth) TokenWriteLookupAccessor(ctx context.Context, request schema.TokenWriteLookupAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookupAccessor This endpoint will lookup a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenWriteLookupSelf 

func (a *Auth) TokenWriteLookupSelf(ctx context.Context, request schema.TokenWriteLookupSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteLookupSelf This endpoint will lookup a token and its properties.

func (*Auth) TokenWriteRole 

func (a *Auth) TokenWriteRole(ctx context.Context, roleName string, request schema.TokenWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteRole roleName: Name of the role

func (*Auth) UserpassDeleteUser 

func (a *Auth) UserpassDeleteUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassDeleteUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassListUsers 

func (a *Auth) UserpassListUsers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassListUsers Manage users allowed to authenticate.

func (*Auth) UserpassLogin 

func (a *Auth) UserpassLogin(ctx context.Context, username string, request schema.UserpassLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassLogin Log in with a username and password. username: Username of the user.

func (*Auth) UserpassReadUser 

func (a *Auth) UserpassReadUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassReadUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassWriteUser 

func (a *Auth) UserpassWriteUser(ctx context.Context, username string, request schema.UserpassWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassWriteUserPassword 

func (a *Auth) UserpassWriteUserPassword(ctx context.Context, username string, request schema.UserpassWriteUserPasswordRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUserPassword Reset user's password. username: Username for this user.

func (*Auth) UserpassWriteUserPolicies 

func (a *Auth) UserpassWriteUserPolicies(ctx context.Context, username string, request schema.UserpassWriteUserPoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUserPolicies Update the policies associated with the username. username: Username for this user.

type Client 

type Client struct {

	// API wrappers
	Auth     Auth
	Identity Identity
	Secrets  Secrets
	System   System
	// contains filtered or unexported fields
}

Client manages communication with Vault, initialize it with vault.New(...)

func New 

func New(options ...ClientOption) (*Client, error)

New returns a new client decorated with the given configuration options

func (*Client) ClearCustomHeaders 

func (c *Client) ClearCustomHeaders()

ClearsCustomHeaders clears all custom headers from the subsequent requests.

func (*Client) ClearMFACredentials 

func (c *Client) ClearMFACredentials()

ClearMFACredentials clears multi-factor authentication credentials from all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) ClearNamespace 

func (c *Client) ClearNamespace()

ClearNamespace clears the namespace from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) ClearReplicationForwardingMode 

func (c *Client) ClearReplicationForwardingMode()

ReplicationForwardingMode clears the X-Vault-Forward / X-Vault-Inconsistent headers from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) ClearRequestCallbacks 

func (c *Client) ClearRequestCallbacks()

ClearRequestCallbacks clears all request callbacks.

func (*Client) ClearResponseCallbacks 

func (c *Client) ClearResponseCallbacks()

ClearResponseCallbacks clears all response callbacks.

func (*Client) ClearResponseWrapping 

func (c *Client) ClearResponseWrapping()

ClearResponseWrapping clears the response-wrapping header from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) ClearToken 

func (c *Client) ClearToken()

ClearToken clears the token for all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Clone 

func (c *Client) Clone() *Client

Clone creates a new client with the same configuration, request modifiers, and replication states as the original client. Note that the cloned client will point to the same base http.Client and retryablehttp.Client objects.

func (*Client) Configuration 

func (c *Client) Configuration() ClientConfiguration

Configuration returns a copy of the configuration object used to initialize this client

func (*Client) Delete 

func (c *Client) Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Delete attempts to permanently delete the value stored at the given Vault path.

func (*Client) DeleteWithParameters 

func (c *Client) DeleteWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*Response[map[string]interface{}], error)

Delete attempts to permanently delete the value stored at the given Vault path, adding the given query parameters to the request.

func (*Client) List 

func (c *Client) List(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

List attempts to list the keys stored at the given Vault path.

func (*Client) Read 

func (c *Client) Read(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Read attempts to read the stored at the given Vault path.

func (*Client) ReadRaw 

func (c *Client) ReadRaw(ctx context.Context, path string, options ...RequestOption) (*http.Response, error)

ReadRaw attempts to read the value stored at the given Vault path and returns a raw *http.Response. Compared to Read, this function:

  • does not parse the response
  • does not check the response for errors
  • does not apply the client-level request timeout

func (*Client) ReadRawWithParameters 

func (c *Client) ReadRawWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*http.Response, error)

ReadRawWithParameters attempts to read the value stored at the given Vault path (adding the given query parameters to the request) and returns a raw *http.Response. Compared to ReadRawWithParameters, this function:

  • does not parse the response
  • does not check the response for errors
  • does not apply the client-level request timeout

func (*Client) ReadWithParameters 

func (c *Client) ReadWithParameters(ctx context.Context, path string, parameters url.Values, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadWithParameters attempts to read the value stored at the given Vault path, adding the given query parameters to the request.

func (*Client) SetCustomHeaders 

func (c *Client) SetCustomHeaders(headers http.Header) error

SetCustomHeaders sets custom headers to be used in all subsequent requests. The internal prefix 'X-Vault-' is not permitted for the header keys.

func (*Client) SetMFACredentials 

func (c *Client) SetMFACredentials(credentials ...string) error

SetMFACredentials sets multi-factor authentication credentials to be used with all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) SetNamespace 

func (c *Client) SetNamespace(namespace string) error

SetNamespace sets the namespace to be used with all subsequent requests. Use an empty string to clear the namespace.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) SetReplicationForwardingMode 

func (c *Client) SetReplicationForwardingMode(mode ReplicationForwardingMode)

SetReplicationForwardingMode sets a replication forwarding header for all subsequent requests: 

ReplicationForwardNone         - no forwarding header
ReplicationForwardAlways       - 'X-Vault-Forward'
ReplicationForwardInconsistent - 'X-Vault-Inconsistent'

Note: this feature must be enabled in Vault's configuration.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) SetRequestCallbacks 

func (c *Client) SetRequestCallbacks(callbacks ...RequestCallback) error

SetRequestCallbacks sets callbacks which will be invoked before each request.

func (*Client) SetResponseCallbacks 

func (c *Client) SetResponseCallbacks(callbacks ...ResponseCallback) error

SetResponseCallbacks sets callbacks which will be invoked after each successful response.

func (*Client) SetResponseWrapping 

func (c *Client) SetResponseWrapping(ttl time.Duration) error

SetResponseWrapping sets the response-wrapping TTL to the given duration for all subsequent requests, telling Vault to wrap responses and return response-wrapping tokens instead.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) SetToken 

func (c *Client) SetToken(token string) error

SetToken sets the token to be used with all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Write 

func (c *Client) Write(ctx context.Context, path string, body map[string]interface{}, options ...RequestOption) (*Response[map[string]interface{}], error)

Write attempts to write the given map to the given Vault path.

func (*Client) WriteFromBytes 

func (c *Client) WriteFromBytes(ctx context.Context, path string, body []byte, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromBytes attempts to write the given bytes slice to the given Vault path.

func (*Client) WriteFromReader 

func (c *Client) WriteFromReader(ctx context.Context, path string, body io.Reader, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromReader attempts to write the given io.Reader data to the given Vault path.

type ClientCertificateEntry 

type ClientCertificateEntry struct {
	// FromFile is the path to a PEM-encoded client certificate file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_CERT"`

	// FromBytes is PEM-encoded certificate data.
	// Default: nil
	FromBytes []byte
}

type ClientCertificateKeyEntry 

type ClientCertificateKeyEntry struct {
	// FromFile is the path to a PEM-encoded private key file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_KEY"`

	// FromBytes is PEM-encoded private key data.
	// Default: nil
	FromBytes []byte
}

type ClientConfiguration 

type ClientConfiguration struct {
	// BaseAddress specifies the Vault server base address in the form of
	// scheme://host:port
	// Default: https://127.0.0.1:8200
	BaseAddress string `env:"VAULT_ADDR,VAULT_AGENT_ADDR"`

	// BaseClient is the HTTP client to use for all API requests.
	// DefaultConfiguration() sets reasonable defaults for the BaseClient and
	// its associated http.Transport. If you must modify Vault's defaults, it
	// is suggested that you start with that client and modify it as needed
	// rather than starting with an empty client or http.DefaultClient.
	BaseClient *http.Client

	// RequestTimeout, given a non-negative value, will apply the timeout to
	// each request function unless an earlier deadline is passed to the
	// request function through context.Context. Note that this timeout is
	// not applicable to client.ReadRaw or client.ReadRawWithParameters.
	// Default: 60s
	RequestTimeout time.Duration `env:"VAULT_CLIENT_TIMEOUT"`

	// TLS is a collection of TLS settings used to configure the internal
	// http.Client.
	TLS TLSConfiguration

	// RetryConfiguration is a collection of settings used to configure the
	// internal go-retryablehttp client.
	RetryConfiguration RetryConfiguration

	// RateLimiter controls how frequently requests are allowed to happen.
	// If this pointer is nil, then there will be no limit set. Note that an
	// empty struct rate.Limiter is equivalent to blocking all requests.
	// Default: nil
	RateLimiter *rate.Limiter `env:"VAULT_RATE_LIMIT"`

	// EnforceReadYourWritesConsistency ensures isolated read-after-write
	// semantics by providing discovered cluster replication states in each
	// request.
	//
	// Background: when running in a cluster, Vault has an eventual consistency
	// model. Only one node (the leader) can write to Vault's storage. Users
	// generally expect read-after-write consistency: in other words, after
	// writing foo=1, a subsequent read of foo should return 1.
	//
	// Setting this to true will enable "Conditional Forwarding" as described in
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations
	//
	// Note: careful consideration should be made prior to enabling this setting
	// since there will be a performance penalty paid upon each request.
	// This feature requires enterprise server-side.
	EnforceReadYourWritesConsistency bool

	// EnableSRVLookup enables the client to look up the Vault server host
	// through DNS SRV lookup. The lookup will happen on each request. The base
	// address' port must be empty for this setting to be respected.
	//
	// Note: this feature is not designed for high availability, just
	// discovery.
	//
	// See https://datatracker.ietf.org/doc/html/draft-andrews-http-srv-02
	// for more information
	EnableSRVLookup bool `env:"VAULT_SRV_LOOKUP"`

	// DisableRedirects prevents the client from automatically following
	// redirects. Any redirect responses will result in `RedirectError` instead.
	//
	// Background: by default, the client follows a single redirect; disabling
	// redirects could cause issues with certain requests, e.g. raft-related
	// calls will fail to redirect to the primary node.
	DisableRedirects bool `env:"VAULT_DISABLE_REDIRECTS"`
	// contains filtered or unexported fields
}

ClientConfiguration is used to configure the creation of the client

func DefaultConfiguration 

func DefaultConfiguration() ClientConfiguration

DefaultConfiguration returns the default configuration for the client. It is recommended to start with this configuration and modify it as needed.

type ClientOption 

type ClientOption func(*ClientConfiguration) error

ClientOption is a configuration option to initialize a client.

func WithBaseAddress 

func WithBaseAddress(address string) ClientOption

WithBaseAddress specifies the Vault server base address in the form of scheme://host:port

Default: https://127.0.0.1:8200

func WithBaseClient 

func WithBaseClient(client *http.Client) ClientOption

WithBaseClient sets the HTTP client to use for all API requests. The library sets reasonable defaults for the BaseClient and its associated http.Transport. If you must modify Vault's defaults, it is suggested that you start with DefaultConfiguration().BaseClient and modify it as needed rather than starting with an empty client or http.DefaultClient.

func WithConfiguration 

func WithConfiguration(configuration ClientConfiguration) ClientOption

WithConfiguration overwrites the default configuration object with the given one. It is recommended to start with DefaultConfiguration() and modify it as necessary. If only an individual configuration field needs to be modified, consider using other ClientOption functions.

func WithDisableRedirects 

func WithDisableRedirects() ClientOption

WithDisableRedirects prevents the client from automatically following redirects. Any redirect responses will result in `RedirectError` instead.

Background: by default, the client follows a single redirect; disabling redirects could cause issues with certain requests, e.g. raft-related calls will fail to redirect to the primary node.

func WithEnableSRVLookup 

func WithEnableSRVLookup() ClientOption

WithEnableSRVLookup enables the client to look up the Vault server host through DNS SRV lookup. The lookup will happen on each request. The base address' port must be empty for this setting to be respected.

Note: this feature is not designed for high availability, just discovery.

See https://datatracker.ietf.org/doc/html/draft-andrews-http-srv-02 for more information

func WithEnforceReadYourWritesConsistency 

func WithEnforceReadYourWritesConsistency() ClientOption

WithEnforceReadYourWritesConsistency ensures isolated read-after-write semantics by providing discovered cluster replication states in each request.

Background: when running in a cluster, Vault has an eventual consistency model. Only one node (the leader) can write to Vault's storage. Users generally expect read-after-write consistency: in other words, after writing foo=1, a subsequent read of foo should return 1.

Setting this to true will enable "Conditional Forwarding" as described in https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

Note: careful consideration should be made prior to enabling this setting since there will be a performance penalty paid upon each request. This feature requires enterprise server-side.

func WithEnvironment 

func WithEnvironment() ClientOption

WithEnvironment populates the client's configuration object with values from environment values. The following environment variables are currently supported: 

VAULT_ADDR, VAULT_AGENT_ADDR (vault's address, e.g. https://127.0.0.1:8200/)
VAULT_CLIENT_TIMEOUT         (request timeout)
VAULT_RATE_LIMIT             (rate[:burst] in operations per second)
VAULT_SRV_LOOKUP             (enable DNS SRV lookup)
VAULT_DISABLE_REDIRECTS      (prevents vault client from following redirects)
VAULT_TOKEN                  (the initial authentication token)
VAULT_NAMESPACE              (the initial namespace to use)
VAULT_SKIP_VERIFY            (do not veirfy vault's presented certificate)
VAULT_CACERT                 (PEM-encoded CA certificate file path)
VAULT_CACERT_BYTES           (PEM-encoded CA certificate bytes)
VAULT_CAPATH                 (PEM-encoded CA certificate directory path)
VAULT_CLIENT_CERT            (PEM-encoded client certificate file path)
VAULT_CLIENT_KEY             (PEM-encoded client certificate key file path)
VAULT_TLS_SERVER_NAME        (used to verify the hostname on returned certificates)
VAULT_RETRY_WAIT_MIN         (minimum time to wait before retrying)
VAULT_RETRY_WAIT_MAX         (maximum time to wait before retrying)
VAULT_MAX_RETRIES            (maximum number of retries for certain error codes)

func WithRateLimiter 

func WithRateLimiter(limiter *rate.Limiter) ClientOption

WithRateLimiter configures how frequently requests are allowed to happen. If this pointer is nil, then there will be no limit set. Note that an empty struct rate.Limiter is equivalent to blocking all requests.

Default: nil

func WithRequestTimeout 

func WithRequestTimeout(timeout time.Duration) ClientOption

WithRequestTimeout, given a non-negative value, will apply the timeout to each request function unless an earlier deadline is passed to the request function through context.Context. Note that this timeout is not applicable to client.ReadRaw(...) or client.ReadRawWithParameters(...).

Default: 60s

func WithRetryConfiguration 

func WithRetryConfiguration(configuration RetryConfiguration) ClientOption

WithRetryConfiguration configures the internal go-retryablehttp client. The library sets reasonable defaults for this setting.

func WithTLS 

func WithTLS(configuration TLSConfiguration) ClientOption

WithTLS configures the TLS settings in the base http.Client.

type Identity 

type Identity struct {
	// contains filtered or unexported fields
}

Identity is a simple wrapper around the client for Identity requests

func (*Identity) AliasDeleteByID 

func (a *Identity) AliasDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasDeleteByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) AliasListByID 

func (a *Identity) AliasListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasListByID List all the alias IDs.

func (*Identity) AliasReadByID 

func (a *Identity) AliasReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasReadByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) AliasWrite 

func (a *Identity) AliasWrite(ctx context.Context, request schema.AliasWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasWrite Create a new alias.

func (*Identity) AliasWriteByID 

func (a *Identity) AliasWriteByID(ctx context.Context, id string, request schema.AliasWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasWriteByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityBatchDelete 

func (a *Identity) EntityBatchDelete(ctx context.Context, request schema.EntityBatchDeleteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityBatchDelete Delete all of the entities provided

func (*Identity) EntityDeleteAliasByID 

func (a *Identity) EntityDeleteAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityDeleteByID 

func (a *Identity) EntityDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityDeleteByName 

func (a *Identity) EntityDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) EntityListAliasesByID 

func (a *Identity) EntityListAliasesByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListAliasesByID List all the alias IDs.

func (*Identity) EntityListByID 

func (a *Identity) EntityListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListByID List all the entity IDs

func (*Identity) EntityListByName 

func (a *Identity) EntityListByName(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityListByName List all the entity names

func (*Identity) EntityLookup 

func (a *Identity) EntityLookup(ctx context.Context, request schema.EntityLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityLookup Query entities based on various properties.

func (*Identity) EntityMerge 

func (a *Identity) EntityMerge(ctx context.Context, request schema.EntityMergeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityMerge Merge two or more entities together

func (*Identity) EntityReadAliasByID 

func (a *Identity) EntityReadAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityReadByID 

func (a *Identity) EntityReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityReadByName 

func (a *Identity) EntityReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) EntityWrite 

func (a *Identity) EntityWrite(ctx context.Context, request schema.EntityWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWrite Create a new entity

func (*Identity) EntityWriteAlias 

func (a *Identity) EntityWriteAlias(ctx context.Context, request schema.EntityWriteAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteAlias Create a new alias.

func (*Identity) EntityWriteAliasByID 

func (a *Identity) EntityWriteAliasByID(ctx context.Context, id string, request schema.EntityWriteAliasByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteAliasByID Update, read or delete an alias ID. id: ID of the alias

func (*Identity) EntityWriteByID 

func (a *Identity) EntityWriteByID(ctx context.Context, id string, request schema.EntityWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteByID Update, read or delete an entity using entity ID id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityWriteByName 

func (a *Identity) EntityWriteByName(ctx context.Context, name string, request schema.EntityWriteByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityWriteByName Update, read or delete an entity using entity name name: Name of the entity

func (*Identity) GroupDeleteAliasByID 

func (a *Identity) GroupDeleteAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteAliasByID id: ID of the group alias.

func (*Identity) GroupDeleteByID 

func (a *Identity) GroupDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupDeleteByName 

func (a *Identity) GroupDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteByName name: Name of the group.

func (*Identity) GroupListAliasesByID 

func (a *Identity) GroupListAliasesByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListAliasesByID List all the group alias IDs.

func (*Identity) GroupListByID 

func (a *Identity) GroupListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListByID List all the group IDs.

func (*Identity) GroupListByName 

func (a *Identity) GroupListByName(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupListByName

func (*Identity) GroupLookup 

func (a *Identity) GroupLookup(ctx context.Context, request schema.GroupLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupLookup Query groups based on various properties.

func (*Identity) GroupReadAliasByID 

func (a *Identity) GroupReadAliasByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadAliasByID id: ID of the group alias.

func (*Identity) GroupReadByID 

func (a *Identity) GroupReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupReadByName 

func (a *Identity) GroupReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadByName name: Name of the group.

func (*Identity) GroupWrite 

func (a *Identity) GroupWrite(ctx context.Context, request schema.GroupWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWrite Create a new group.

func (*Identity) GroupWriteAlias 

func (a *Identity) GroupWriteAlias(ctx context.Context, request schema.GroupWriteAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteAlias Creates a new group alias, or updates an existing one.

func (*Identity) GroupWriteAliasByID 

func (a *Identity) GroupWriteAliasByID(ctx context.Context, id string, request schema.GroupWriteAliasByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteAliasByID id: ID of the group alias.

func (*Identity) GroupWriteByID 

func (a *Identity) GroupWriteByID(ctx context.Context, id string, request schema.GroupWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteByID Update or delete an existing group using its ID. id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupWriteByName 

func (a *Identity) GroupWriteByName(ctx context.Context, name string, request schema.GroupWriteByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupWriteByName name: Name of the group.

func (*Identity) MFADeleteLoginEnforcement 

func (a *Identity) MFADeleteLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFADeleteLoginEnforcement Delete a login enforcement name: Name for this login enforcement configuration

func (*Identity) MFAListLoginEnforcements 

func (a *Identity) MFAListLoginEnforcements(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAListLoginEnforcements List login enforcements

func (*Identity) MFAMethodAdminDestroyTOTP 

func (a *Identity) MFAMethodAdminDestroyTOTP(ctx context.Context, request schema.MFAMethodAdminDestroyTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodAdminDestroyTOTP Destroys a TOTP secret for the given MFA method ID on the given entity

func (*Identity) MFAMethodAdminGenerateTOTP 

func (a *Identity) MFAMethodAdminGenerateTOTP(ctx context.Context, request schema.MFAMethodAdminGenerateTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodAdminGenerateTOTP Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MFAMethodDeleteDuo 

func (a *Identity) MFAMethodDeleteDuo(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteDuo Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeleteOkta 

func (a *Identity) MFAMethodDeleteOkta(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteOkta Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeletePingID 

func (a *Identity) MFAMethodDeletePingID(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeletePingID Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodDeleteTOTP 

func (a *Identity) MFAMethodDeleteTOTP(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodDeleteTOTP Delete a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodGenerateTOTP 

func (a *Identity) MFAMethodGenerateTOTP(ctx context.Context, request schema.MFAMethodGenerateTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodGenerateTOTP Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MFAMethodList 

func (a *Identity) MFAMethodList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodList List MFA method configurations for all MFA methods

func (*Identity) MFAMethodListDuo 

func (a *Identity) MFAMethodListDuo(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListDuo List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListOkta 

func (a *Identity) MFAMethodListOkta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListOkta List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListPingID 

func (a *Identity) MFAMethodListPingID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListPingID List MFA method configurations for the given MFA method

func (*Identity) MFAMethodListTOTP 

func (a *Identity) MFAMethodListTOTP(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodListTOTP List MFA method configurations for the given MFA method

func (*Identity) MFAMethodRead 

func (a *Identity) MFAMethodRead(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodRead Read the current configuration for the given ID regardless of the MFA method type methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadDuo 

func (a *Identity) MFAMethodReadDuo(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadDuo Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadOkta 

func (a *Identity) MFAMethodReadOkta(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadOkta Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadPingID 

func (a *Identity) MFAMethodReadPingID(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadPingID Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodReadTOTP 

func (a *Identity) MFAMethodReadTOTP(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodReadTOTP Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteDuo 

func (a *Identity) MFAMethodWriteDuo(ctx context.Context, methodId string, request schema.MFAMethodWriteDuoRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteDuo Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteOkta 

func (a *Identity) MFAMethodWriteOkta(ctx context.Context, methodId string, request schema.MFAMethodWriteOktaRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteOkta Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWritePingID 

func (a *Identity) MFAMethodWritePingID(ctx context.Context, methodId string, request schema.MFAMethodWritePingIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWritePingID Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAMethodWriteTOTP 

func (a *Identity) MFAMethodWriteTOTP(ctx context.Context, methodId string, request schema.MFAMethodWriteTOTPRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAMethodWriteTOTP Update or create a configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MFAReadLoginEnforcement 

func (a *Identity) MFAReadLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAReadLoginEnforcement Read the current login enforcement name: Name for this login enforcement configuration

func (*Identity) MFAWriteLoginEnforcement 

func (a *Identity) MFAWriteLoginEnforcement(ctx context.Context, name string, request schema.MFAWriteLoginEnforcementRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAWriteLoginEnforcement Create or update a login enforcement name: Name for this login enforcement configuration

func (*Identity) OIDCDeleteAssignment 

func (a *Identity) OIDCDeleteAssignment(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteAssignment name: Name of the assignment

func (*Identity) OIDCDeleteClient 

func (a *Identity) OIDCDeleteClient(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteClient name: Name of the client.

func (*Identity) OIDCDeleteKey 

func (a *Identity) OIDCDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCDeleteProvider 

func (a *Identity) OIDCDeleteProvider(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteProvider name: Name of the provider

func (*Identity) OIDCDeleteRole 

func (a *Identity) OIDCDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCDeleteScope 

func (a *Identity) OIDCDeleteScope(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCDeleteScope name: Name of the scope

func (*Identity) OIDCIntrospect 

func (a *Identity) OIDCIntrospect(ctx context.Context, request schema.OIDCIntrospectRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCIntrospect Verify the authenticity of an OIDC token

func (*Identity) OIDCListAssignments 

func (a *Identity) OIDCListAssignments(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListAssignments

func (*Identity) OIDCListClients 

func (a *Identity) OIDCListClients(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListClients

func (*Identity) OIDCListKeys 

func (a *Identity) OIDCListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListKeys List OIDC keys

func (*Identity) OIDCListProviders 

func (a *Identity) OIDCListProviders(ctx context.Context, allowedClientId string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListProviders allowedClientId: Filters the list of OIDC providers to those that allow the given client ID in their set of allowed_client_ids.

func (*Identity) OIDCListRoles 

func (a *Identity) OIDCListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListRoles List configured OIDC roles

func (*Identity) OIDCListScopes 

func (a *Identity) OIDCListScopes(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCListScopes

func (*Identity) OIDCReadAssignment 

func (a *Identity) OIDCReadAssignment(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadAssignment name: Name of the assignment

func (*Identity) OIDCReadClient 

func (a *Identity) OIDCReadClient(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadClient name: Name of the client.

func (*Identity) OIDCReadConfig 

func (a *Identity) OIDCReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadConfig OIDC configuration

func (*Identity) OIDCReadKey 

func (a *Identity) OIDCReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCReadProvider 

func (a *Identity) OIDCReadProvider(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProvider name: Name of the provider

func (*Identity) OIDCReadProviderAuthorize 

func (a *Identity) OIDCReadProviderAuthorize(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderAuthorize name: Name of the provider

func (*Identity) OIDCReadProviderUserInfo 

func (a *Identity) OIDCReadProviderUserInfo(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderUserInfo name: Name of the provider

func (*Identity) OIDCReadProviderWellKnownKeys 

func (a *Identity) OIDCReadProviderWellKnownKeys(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderWellKnownKeys name: Name of the provider

func (*Identity) OIDCReadProviderWellKnownOpenIDConfiguration 

func (a *Identity) OIDCReadProviderWellKnownOpenIDConfiguration(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadProviderWellKnownOpenIDConfiguration name: Name of the provider

func (*Identity) OIDCReadRole 

func (a *Identity) OIDCReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCReadScope 

func (a *Identity) OIDCReadScope(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadScope name: Name of the scope

func (*Identity) OIDCReadToken 

func (a *Identity) OIDCReadToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadToken Generate an OIDC token name: Name of the role

func (*Identity) OIDCReadWellKnownKeys 

func (a *Identity) OIDCReadWellKnownKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadWellKnownKeys Retrieve public keys

func (*Identity) OIDCReadWellKnownOpenIDConfiguration 

func (a *Identity) OIDCReadWellKnownOpenIDConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCReadWellKnownOpenIDConfiguration Query OIDC configurations

func (*Identity) OIDCRotateKey 

func (a *Identity) OIDCRotateKey(ctx context.Context, name string, request schema.OIDCRotateKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCRotateKey Rotate a named OIDC key. name: Name of the key

func (*Identity) OIDCWriteAssignment 

func (a *Identity) OIDCWriteAssignment(ctx context.Context, name string, request schema.OIDCWriteAssignmentRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteAssignment name: Name of the assignment

func (*Identity) OIDCWriteClient 

func (a *Identity) OIDCWriteClient(ctx context.Context, name string, request schema.OIDCWriteClientRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteClient name: Name of the client.

func (*Identity) OIDCWriteConfig 

func (a *Identity) OIDCWriteConfig(ctx context.Context, request schema.OIDCWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteConfig OIDC configuration

func (*Identity) OIDCWriteKey 

func (a *Identity) OIDCWriteKey(ctx context.Context, name string, request schema.OIDCWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OIDCWriteProvider 

func (a *Identity) OIDCWriteProvider(ctx context.Context, name string, request schema.OIDCWriteProviderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProvider name: Name of the provider

func (*Identity) OIDCWriteProviderAuthorize 

func (a *Identity) OIDCWriteProviderAuthorize(ctx context.Context, name string, request schema.OIDCWriteProviderAuthorizeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderAuthorize name: Name of the provider

func (*Identity) OIDCWriteProviderToken 

func (a *Identity) OIDCWriteProviderToken(ctx context.Context, name string, request schema.OIDCWriteProviderTokenRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderToken name: Name of the provider

func (*Identity) OIDCWriteProviderUserInfo 

func (a *Identity) OIDCWriteProviderUserInfo(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteProviderUserInfo name: Name of the provider

func (*Identity) OIDCWriteRole 

func (a *Identity) OIDCWriteRole(ctx context.Context, name string, request schema.OIDCWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OIDCWriteScope 

func (a *Identity) OIDCWriteScope(ctx context.Context, name string, request schema.OIDCWriteScopeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OIDCWriteScope name: Name of the scope

func (*Identity) PersonaIDDeleteByID 

func (a *Identity) PersonaIDDeleteByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDDeleteByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaIDReadByID 

func (a *Identity) PersonaIDReadByID(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDReadByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaIDWriteByID 

func (a *Identity) PersonaIDWriteByID(ctx context.Context, id string, request schema.PersonaIDWriteByIDRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaIDWriteByID Update, read or delete an alias ID. id: ID of the persona

func (*Identity) PersonaListByID 

func (a *Identity) PersonaListByID(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaListByID List all the alias IDs.

func (*Identity) PersonaWrite 

func (a *Identity) PersonaWrite(ctx context.Context, request schema.PersonaWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PersonaWrite Create a new alias.

type MFAConstraintAny 

type MFAConstraintAny struct {
	Any []MFAMethodID `json:"any"`
}

type MFAMethodID 

type MFAMethodID struct {
	Type         string `json:"type"`
	ID           string `json:"id"`
	UsesPasscode bool   `json:"uses_passcode"`
}

type MFARequirement 

type MFARequirement struct {
	MFARequestID   string                      `json:"mfa_request_id"`
	MFAConstraints map[string]MFAConstraintAny `json:"mfa_constraints"`
}

type RedirectError 

type RedirectError struct {
	// StatusCode is the HTTP status code returned in the response
	StatusCode int

	// Message is the error message
	Message string

	// RedirectLocation is populated with the "Location" header, if set
	RedirectLocation string

	// OriginalRequest is a pointer to the request that caused this error
	OriginalRequest *http.Request
}

RedirectError is the error returned when the client receives a redirect response and either

  1. the redirects are disabled in configuration
  2. more than one redirect was encountered
  3. the redirect response could not be properly parsed

func (*RedirectError) Error 

func (e *RedirectError) Error() string

type ReplicationForwardingMode 

type ReplicationForwardingMode uint8
const (
	// Setting this mode will clear all forwarding headers
	ReplicationForwardNone ReplicationForwardingMode = iota

	// Setting this mode will add 'X-Vault-Forward' header to all subsequent
	// requests, telling any performance standbys handling the requests to
	// forward them to the active node.
	//
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#unconditional-forwarding-performance-standbys-only
	ReplicationForwardAlways

	// Setting this mode will add 'X-Vault-Inconsistent' header to  all
	// subsequent requests; any performance standbys handling the requests will
	// conditionally forward them to the active node if the state required
	// isn't present on the node receiving this request. This should be used
	// in conjunction with RequireReplicationState(...).
	//
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only
	ReplicationForwardInconsistent
)

type ReplicationState 

type ReplicationState struct {
	Cluster         string
	LocalIndex      uint64
	ReplicatedIndex uint64
}

ReplicationState is analogous to the WALState in github.com/vault/sdk

func ParseReplicationState 

func ParseReplicationState(raw string, hmacKey []byte) (ReplicationState, error)

ParseReplicationState will parse the raw base64-encoded replication state into its individual components. If an optional hmacKey is provided, it will used to verify the replication state contents. The format of the string (after decoding) is expected to be: 

v1:cluster-id-string:local-index:replicated-index:hmac

type RequestCallback 

type RequestCallback func(*http.Request)

func RequireReplicationStates 

func RequireReplicationStates(states ...string) RequestCallback

RequireReplicationStates returns a request callback that will add request headers to specify the replication states we require of Vault. These states were obtained from the previously-seen response headers captured with RecordReplicationState(...).

https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only

type RequestOption 

type RequestOption func(*requestModifiers) error

RequestOption is a functional parameter used to modify a request

func WithCustomHeaders 

func WithCustomHeaders(headers http.Header) RequestOption

WithCustomHeaders sets custom headers for the next request; these headers take precedence over the client-level custom headers. The internal prefix 'X-Vault-' is not permitted for the header keys.

func WithMFACredentials 

func WithMFACredentials(credentials ...string) RequestOption

WithMFACredentials sets the multi-factor authentication credentials for the next request, it takes precedence over the client-level MFA credentials.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func WithMountPath 

func WithMountPath(path string) RequestOption

WithMountPath overwrites the default mount path in client.Auth and client.Secrets requests with the given mount path string.

func WithNamespace 

func WithNamespace(namespace string) RequestOption

WithNamespace sets the namespace for the next request; it takes precedence over the client-level namespace. Use an empty string to clear the namespace from the next request.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func WithReplicationForwardingMode 

func WithReplicationForwardingMode(mode ReplicationForwardingMode) RequestOption

WithReplicationForwardingMode sets a replication forwarding header to the given value for the next request; it takes precedence over the client-level replication forwarding header. 

ReplicationForwardNone         - no forwarding headers
ReplicationForwardAlways       - 'X-Vault-Forward'
ReplicationForwardInconsistent - 'X-Vault-Inconsistent'

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func WithRequestCallbacks 

func WithRequestCallbacks(callbacks ...RequestCallback) RequestOption

WithRequestCallbacks sets callbacks which will be invoked before the next request; these take precedence over the client-level request callbacks.

func WithResponseCallbacks 

func WithResponseCallbacks(callbacks ...ResponseCallback) RequestOption

WithResponseCallbacks sets callbacks which will be invoked after a successful response within the next request; these take precedence over the client-level response callbacks.

func WithResponseWrapping 

func WithResponseWrapping(ttl time.Duration) RequestOption

WithResponseWrapping sets the response-wrapping TTL to the given duration for the next request; it takes precedence over the client-level response-wrapping TTL. A non-zero duration will tell Vault to wrap the response and return a response-wrapping token instead. Set `ttl` to zero to clear the response-wrapping header from the next request.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func WithToken 

func WithToken(token string) RequestOption

WithToken sets the token for the next request; it takes precedence over the client-level token.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

type Response 

type Response[T any] struct {
	// The request ID that generated this response
	RequestID string `json:"request_id"`

	LeaseID       string `json:"lease_id"`
	LeaseDuration int    `json:"lease_duration"`
	Renewable     bool   `json:"renewable"`

	// Data is the actual contents of the response. The format of the data
	// is arbitrary and is up to the secret backend.
	Data T `json:"data"`

	// Warnings contains any warnings related to the operation. These
	// are not issues that caused the command to fail, but things that the
	// client should be aware of.
	Warnings []string `json:"warnings"`

	// Auth, if non-nil, means that there was authentication information
	// attached to this response.
	Auth *ResponseAuth `json:"auth,omitempty"`

	// WrapInfo, if non-nil, means that the initial response was wrapped in the
	// cubbyhole of the given token (which has a TTL of the given number of
	// seconds)
	WrapInfo *ResponseWrapInfo `json:"wrap_info,omitempty"`
}

Response is the structure returned by the majority of the requests to Vault

func Unwrap 

func Unwrap[T any](ctx context.Context, client *Client, wrappingToken string, options ...RequestOption) (*Response[T], error)

Unwrap sends a request with the given wrapping token and returns the original wrapped response.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping

type ResponseAuth 

type ResponseAuth struct {
	ClientToken      string            `json:"client_token"`
	Accessor         string            `json:"accessor"`
	Policies         []string          `json:"policies"`
	TokenPolicies    []string          `json:"token_policies"`
	IdentityPolicies []string          `json:"identity_policies"`
	Metadata         map[string]string `json:"metadata"`
	Orphan           bool              `json:"orphan"`
	EntityID         string            `json:"entity_id"`

	LeaseDuration int  `json:"lease_duration"`
	Renewable     bool `json:"renewable"`

	MFARequirement *MFARequirement `json:"mfa_requirement,omitempty"`
}

ResponseAuth contains authentication information if we have it.

type ResponseCallback 

type ResponseCallback func(*http.Request, *http.Response)

func RecordReplicationState 

func RecordReplicationState(state *string) ResponseCallback

RecordReplicationState returns a response callback that will record the replication state returned by Vault in a response header.

https://developer.hashicorp.com/vault/docs/enterprise/consistency#conditional-forwarding-performance-standbys-only

type ResponseError 

type ResponseError struct {
	// StatusCode is the HTTP status code returned in the response
	StatusCode int

	// Errors are the underlying error messages returned in the response body
	Errors []string

	// OriginalRequest is a pointer to the request that caused this error
	OriginalRequest *http.Request
}

ResponseError is the error returned when Vault responds with an HTTP status code outside of the 200 - 399 range. If a request to Vault fails due to a network error, a different error message will be returned.

func (*ResponseError) Error 

func (e *ResponseError) Error() string

type ResponseWrapInfo 

type ResponseWrapInfo struct {
	Token           string    `json:"token"`
	Accessor        string    `json:"accessor"`
	TTL             int       `json:"ttl"`
	CreationTime    time.Time `json:"creation_time"`
	CreationPath    string    `json:"creation_path"`
	WrappedAccessor string    `json:"wrapped_accessor"`
}

ResponseWrapInfo contains wrapping information if we have it. If what is contained is an authentication token, the accessor for the token will be available in WrappedAccessor.

type RetryConfiguration 

type RetryConfiguration struct {
	// RetryWaitMin controls the minimum time to wait before retrying when
	// a 5xx or 412 error occurs.
	// Default: 1000 milliseconds
	RetryWaitMin time.Duration `env:"VAULT_RETRY_WAIT_MIN"`

	// MaxRetryWait controls the maximum time to wait before retrying when
	// a 5xx or 412 error occurs.
	// Default: 1500 milliseconds
	RetryWaitMax time.Duration `env:"VAULT_RETRY_WAIT_MAX"`

	// RetryMax controls the maximum number of times to retry when a 5xx or 412
	// error occurs. Set to -1 to disable retrying.
	// Default: 2 (for a total of three tries)
	RetryMax int `env:"VAULT_MAX_RETRIES"`

	// CheckRetry specifies a policy for handling retries. It is called after
	// each request with the response and error values returned by the http.Client.
	// Default: retryablehttp.DefaultRetryPolicy + retry on 412 responses
	CheckRetry retryablehttp.CheckRetry

	// Backoff specifies a policy for how long to wait between retries.
	// Default: retryablehttp.LinearJitterBackoff
	Backoff retryablehttp.Backoff

	// ErrorHandler specifies the custom error handler to use if any.
	// Default: retryablehttp.PassthroughErrorHandler
	ErrorHandler retryablehttp.ErrorHandler

	// Logger is a custom retryablehttp.Logger or retryablehttp.LeveledLogger.
	// Default: nil
	Logger interface{}
}

RetryConfiguration is a collection of settings used to configure the internal go-retryablehttp client.

type Secrets 

type Secrets struct {
	// contains filtered or unexported fields
}

Secrets is a simple wrapper around the client for Secrets requests

func (*Secrets) AWSConfigReadLease 

func (a *Secrets) AWSConfigReadLease(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadLease Configure the default lease information for generated credentials.

func (*Secrets) AWSConfigReadRootIAMCredentials 

func (a *Secrets) AWSConfigReadRootIAMCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigReadRootIAMCredentials Configure the root credentials that are used to manage IAM.

func (*Secrets) AWSConfigRotateRootIAMCredentials 

func (a *Secrets) AWSConfigRotateRootIAMCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigRotateRootIAMCredentials

func (*Secrets) AWSConfigWriteLease 

func (a *Secrets) AWSConfigWriteLease(ctx context.Context, request schema.AWSConfigWriteLeaseRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteLease Configure the default lease information for generated credentials.

func (*Secrets) AWSConfigWriteRootIAMCredentials 

func (a *Secrets) AWSConfigWriteRootIAMCredentials(ctx context.Context, request schema.AWSConfigWriteRootIAMCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSConfigWriteRootIAMCredentials Configure the root credentials that are used to manage IAM.

func (*Secrets) AWSDeleteRole 

func (a *Secrets) AWSDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSDeleteRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSListRoles 

func (a *Secrets) AWSListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSListRoles List the existing roles in this backend

func (*Secrets) AWSReadCredentials 

func (a *Secrets) AWSReadCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadCredentials Generate AWS credentials from a specific Vault role.

func (*Secrets) AWSReadRole 

func (a *Secrets) AWSReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSReadSecurityTokenService 

func (a *Secrets) AWSReadSecurityTokenService(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSReadSecurityTokenService Generate AWS credentials from a specific Vault role. name: Name of the role

func (*Secrets) AWSWriteCredentials 

func (a *Secrets) AWSWriteCredentials(ctx context.Context, request schema.AWSWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteCredentials Generate AWS credentials from a specific Vault role.

func (*Secrets) AWSWriteRole 

func (a *Secrets) AWSWriteRole(ctx context.Context, name string, request schema.AWSWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteRole Read, write and reference IAM policies that access keys can be made for. name: Name of the policy

func (*Secrets) AWSWriteSecurityTokenService 

func (a *Secrets) AWSWriteSecurityTokenService(ctx context.Context, name string, request schema.AWSWriteSecurityTokenServiceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AWSWriteSecurityTokenService Generate AWS credentials from a specific Vault role. name: Name of the role

func (*Secrets) ActiveDirectoryCheckInLibrary 

func (a *Secrets) ActiveDirectoryCheckInLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) ActiveDirectoryCheckInManageLibrary 

func (a *Secrets) ActiveDirectoryCheckInManageLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) ActiveDirectoryCheckOutLibrary 

func (a *Secrets) ActiveDirectoryCheckOutLibrary(ctx context.Context, name string, request schema.ActiveDirectoryCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) ActiveDirectoryDeleteConfig 

func (a *Secrets) ActiveDirectoryDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryDeleteLibrary 

func (a *Secrets) ActiveDirectoryDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryDeleteRole 

func (a *Secrets) ActiveDirectoryDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryDeleteRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) ActiveDirectoryListLibraries 

func (a *Secrets) ActiveDirectoryListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryListLibraries

func (*Secrets) ActiveDirectoryListRoles 

func (a *Secrets) ActiveDirectoryListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryListRoles List the name of each role currently stored.

func (*Secrets) ActiveDirectoryReadConfig 

func (a *Secrets) ActiveDirectoryReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryReadCredentials 

func (a *Secrets) ActiveDirectoryReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadCredentials name: Name of the role

func (*Secrets) ActiveDirectoryReadLibrary 

func (a *Secrets) ActiveDirectoryReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadLibrary Read a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryReadLibraryStatus 

func (a *Secrets) ActiveDirectoryReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryReadRole 

func (a *Secrets) ActiveDirectoryReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryReadRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) ActiveDirectoryRotateRole 

func (a *Secrets) ActiveDirectoryRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryRotateRole name: Name of the static role

func (*Secrets) ActiveDirectoryRotateRoot 

func (a *Secrets) ActiveDirectoryRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryRotateRoot

func (*Secrets) ActiveDirectoryWriteConfig 

func (a *Secrets) ActiveDirectoryWriteConfig(ctx context.Context, request schema.ActiveDirectoryWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteConfig Configure the AD server to connect to, along with password options.

func (*Secrets) ActiveDirectoryWriteLibrary 

func (a *Secrets) ActiveDirectoryWriteLibrary(ctx context.Context, name string, request schema.ActiveDirectoryWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) ActiveDirectoryWriteRole 

func (a *Secrets) ActiveDirectoryWriteRole(ctx context.Context, name string, request schema.ActiveDirectoryWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ActiveDirectoryWriteRole Manage roles to build links between Vault and Active Directory service accounts. name: Name of the role

func (*Secrets) AliCloudDeleteConfig 

func (a *Secrets) AliCloudDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudDeleteRole 

func (a *Secrets) AliCloudDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AliCloudListRoles 

func (a *Secrets) AliCloudListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudListRoles List the existing roles in this backend.

func (*Secrets) AliCloudReadConfig 

func (a *Secrets) AliCloudReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudReadCredentials 

func (a *Secrets) AliCloudReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadCredentials Generate an API key or STS credential using the given role's configuration.' name: The name of the role.

func (*Secrets) AliCloudReadRole 

func (a *Secrets) AliCloudReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AliCloudWriteConfig 

func (a *Secrets) AliCloudWriteConfig(ctx context.Context, request schema.AliCloudWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteConfig Configure the access key and secret to use for RAM and STS calls.

func (*Secrets) AliCloudWriteRole 

func (a *Secrets) AliCloudWriteRole(ctx context.Context, name string, request schema.AliCloudWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteRole Read, write and reference policies and roles that API keys or STS credentials can be made for. name: The name of the role.

func (*Secrets) AzureDeleteConfig 

func (a *Secrets) AzureDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteConfig

func (*Secrets) AzureDeleteRole 

func (a *Secrets) AzureDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) AzureListRoles 

func (a *Secrets) AzureListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureListRoles List existing roles.

func (*Secrets) AzureReadConfig 

func (a *Secrets) AzureReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadConfig

func (*Secrets) AzureReadCredentials 

func (a *Secrets) AzureReadCredentials(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadCredentials role: Name of the Vault role

func (*Secrets) AzureReadRole 

func (a *Secrets) AzureReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) AzureRotateRoot 

func (a *Secrets) AzureRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureRotateRoot

func (*Secrets) AzureWriteConfig 

func (a *Secrets) AzureWriteConfig(ctx context.Context, request schema.AzureWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteConfig

func (*Secrets) AzureWriteRole 

func (a *Secrets) AzureWriteRole(ctx context.Context, name string, request schema.AzureWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteRole Manage the Vault roles used to generate Azure credentials. name: Name of the role.

func (*Secrets) ConsulDeleteRole 

func (a *Secrets) ConsulDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulDeleteRole name: Name of the role.

func (*Secrets) ConsulListRoles 

func (a *Secrets) ConsulListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulListRoles

func (*Secrets) ConsulReadAccessConfig 

func (a *Secrets) ConsulReadAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadAccessConfig

func (*Secrets) ConsulReadCredentials 

func (a *Secrets) ConsulReadCredentials(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadCredentials role: Name of the role.

func (*Secrets) ConsulReadRole 

func (a *Secrets) ConsulReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulReadRole name: Name of the role.

func (*Secrets) ConsulWriteAccessConfig 

func (a *Secrets) ConsulWriteAccessConfig(ctx context.Context, request schema.ConsulWriteAccessConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulWriteAccessConfig

func (*Secrets) ConsulWriteRole 

func (a *Secrets) ConsulWriteRole(ctx context.Context, name string, request schema.ConsulWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ConsulWriteRole name: Name of the role.

func (*Secrets) CubbyholeDelete 

func (a *Secrets) CubbyholeDelete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeDelete Deletes the secret at the specified location. path: Specifies the path of the secret.

func (*Secrets) CubbyholeRead 

func (a *Secrets) CubbyholeRead(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeRead Retrieve the secret at the specified location. path: Specifies the path of the secret. list: Return a list if `true`

func (*Secrets) CubbyholeWrite 

func (a *Secrets) CubbyholeWrite(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

CubbyholeWrite Store a secret at the specified location. path: Specifies the path of the secret.

func (*Secrets) GoogleCloudDeleteRoleset 

func (a *Secrets) GoogleCloudDeleteRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudDeleteStaticAccount 

func (a *Secrets) GoogleCloudDeleteStaticAccount(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudKMSDecrypt 

func (a *Secrets) GoogleCloudKMSDecrypt(ctx context.Context, key string, request schema.GoogleCloudKMSDecryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDecrypt Decrypt a ciphertext value using a named key key: Name of the key in Vault to use for decryption. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSDeleteConfig 

func (a *Secrets) GoogleCloudKMSDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeleteConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSDeleteKey 

func (a *Secrets) GoogleCloudKMSDeleteKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeleteKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSDeregisterKey 

func (a *Secrets) GoogleCloudKMSDeregisterKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSDeregisterKey Deregister an existing key in Vault key: Name of the key to deregister in Vault. If the key exists in Google Cloud KMS, it will be left untouched.

func (*Secrets) GoogleCloudKMSEncrypt 

func (a *Secrets) GoogleCloudKMSEncrypt(ctx context.Context, key string, request schema.GoogleCloudKMSEncryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSEncrypt Encrypt a plaintext value using a named key key: Name of the key in Vault to use for encryption. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSListKeys 

func (a *Secrets) GoogleCloudKMSListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSListKeys List named keys

func (*Secrets) GoogleCloudKMSReadConfig 

func (a *Secrets) GoogleCloudKMSReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSReadKey 

func (a *Secrets) GoogleCloudKMSReadKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSReadKeyConfig 

func (a *Secrets) GoogleCloudKMSReadKeyConfig(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadKeyConfig Configure the key in Vault key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSReadPubkey 

func (a *Secrets) GoogleCloudKMSReadPubkey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReadPubkey Retrieve the public key associated with the named key key: Name of the key for which to get the public key. This key must already exist in Vault and Google Cloud KMS.

func (*Secrets) GoogleCloudKMSReencrypt 

func (a *Secrets) GoogleCloudKMSReencrypt(ctx context.Context, key string, request schema.GoogleCloudKMSReencryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSReencrypt Re-encrypt existing ciphertext data to a new version key: Name of the key to use for encryption. This key must already exist in Vault and Google Cloud KMS.

func (*Secrets) GoogleCloudKMSRegisterKey 

func (a *Secrets) GoogleCloudKMSRegisterKey(ctx context.Context, key string, request schema.GoogleCloudKMSRegisterKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSRegisterKey Register an existing crypto key in Google Cloud KMS key: Name of the key to register in Vault. This will be the named used to refer to the underlying crypto key when encrypting or decrypting data.

func (*Secrets) GoogleCloudKMSRotateKey 

func (a *Secrets) GoogleCloudKMSRotateKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSRotateKey Rotate a crypto key to a new primary version key: Name of the key to rotate. This key must already be registered with Vault and point to a valid Google Cloud KMS crypto key.

func (*Secrets) GoogleCloudKMSSign 

func (a *Secrets) GoogleCloudKMSSign(ctx context.Context, key string, request schema.GoogleCloudKMSSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSSign Signs a message or digest using a named key key: Name of the key in Vault to use for signing. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSTrimKey 

func (a *Secrets) GoogleCloudKMSTrimKey(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSTrimKey Delete old crypto key versions from Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSVerify 

func (a *Secrets) GoogleCloudKMSVerify(ctx context.Context, key string, request schema.GoogleCloudKMSVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSVerify Verify a signature using a named key key: Name of the key in Vault to use for verification. This key must already exist in Vault and must map back to a Google Cloud KMS key.

func (*Secrets) GoogleCloudKMSWriteConfig 

func (a *Secrets) GoogleCloudKMSWriteConfig(ctx context.Context, request schema.GoogleCloudKMSWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteConfig Configure the GCP KMS secrets engine

func (*Secrets) GoogleCloudKMSWriteKey 

func (a *Secrets) GoogleCloudKMSWriteKey(ctx context.Context, key string, request schema.GoogleCloudKMSWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteKey Interact with crypto keys in Vault and Google Cloud KMS key: Name of the key in Vault.

func (*Secrets) GoogleCloudKMSWriteKeyConfig 

func (a *Secrets) GoogleCloudKMSWriteKeyConfig(ctx context.Context, key string, request schema.GoogleCloudKMSWriteKeyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudKMSWriteKeyConfig Configure the key in Vault key: Name of the key in Vault.

func (*Secrets) GoogleCloudListRolesets 

func (a *Secrets) GoogleCloudListRolesets(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListRolesets

func (*Secrets) GoogleCloudListStaticAccounts 

func (a *Secrets) GoogleCloudListStaticAccounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudListStaticAccounts

func (*Secrets) GoogleCloudReadConfig 

func (a *Secrets) GoogleCloudReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadConfig

func (*Secrets) GoogleCloudReadKey 

func (a *Secrets) GoogleCloudReadKey(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadRoleset 

func (a *Secrets) GoogleCloudReadRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudReadRolesetKey 

func (a *Secrets) GoogleCloudReadRolesetKey(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRolesetKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadRolesetToken 

func (a *Secrets) GoogleCloudReadRolesetToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRolesetToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudReadStaticAccount 

func (a *Secrets) GoogleCloudReadStaticAccount(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudReadStaticAccountKey 

func (a *Secrets) GoogleCloudReadStaticAccountKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccountKey name: Required. Name of the static account.

func (*Secrets) GoogleCloudReadStaticAccountToken 

func (a *Secrets) GoogleCloudReadStaticAccountToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadStaticAccountToken name: Required. Name of the static account.

func (*Secrets) GoogleCloudReadToken 

func (a *Secrets) GoogleCloudReadToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudRotateRoleset 

func (a *Secrets) GoogleCloudRotateRoleset(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRoleset name: Name of the role.

func (*Secrets) GoogleCloudRotateRolesetKey 

func (a *Secrets) GoogleCloudRotateRolesetKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRolesetKey name: Name of the role.

func (*Secrets) GoogleCloudRotateRoot 

func (a *Secrets) GoogleCloudRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateRoot

func (*Secrets) GoogleCloudRotateStaticAccountKey 

func (a *Secrets) GoogleCloudRotateStaticAccountKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudRotateStaticAccountKey name: Name of the account.

func (*Secrets) GoogleCloudWriteConfig 

func (a *Secrets) GoogleCloudWriteConfig(ctx context.Context, request schema.GoogleCloudWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteConfig

func (*Secrets) GoogleCloudWriteKey 

func (a *Secrets) GoogleCloudWriteKey(ctx context.Context, roleset string, request schema.GoogleCloudWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteRoleset 

func (a *Secrets) GoogleCloudWriteRoleset(ctx context.Context, name string, request schema.GoogleCloudWriteRolesetRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRoleset name: Required. Name of the role.

func (*Secrets) GoogleCloudWriteRolesetKey 

func (a *Secrets) GoogleCloudWriteRolesetKey(ctx context.Context, roleset string, request schema.GoogleCloudWriteRolesetKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRolesetKey roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteRolesetToken 

func (a *Secrets) GoogleCloudWriteRolesetToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRolesetToken roleset: Required. Name of the role set.

func (*Secrets) GoogleCloudWriteStaticAccount 

func (a *Secrets) GoogleCloudWriteStaticAccount(ctx context.Context, name string, request schema.GoogleCloudWriteStaticAccountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccount name: Required. Name to refer to this static account in Vault. Cannot be updated.

func (*Secrets) GoogleCloudWriteStaticAccountKey 

func (a *Secrets) GoogleCloudWriteStaticAccountKey(ctx context.Context, name string, request schema.GoogleCloudWriteStaticAccountKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccountKey name: Required. Name of the static account.

func (*Secrets) GoogleCloudWriteStaticAccountToken 

func (a *Secrets) GoogleCloudWriteStaticAccountToken(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteStaticAccountToken name: Required. Name of the static account.

func (*Secrets) GoogleCloudWriteToken 

func (a *Secrets) GoogleCloudWriteToken(ctx context.Context, roleset string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteToken roleset: Required. Name of the role set.

func (*Secrets) KVv1Delete 

func (a *Secrets) KVv1Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Delete Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret.

func (*Secrets) KVv1Read 

func (a *Secrets) KVv1Read(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Read Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret. list: Return a list if `true`

func (*Secrets) KVv1Write 

func (a *Secrets) KVv1Write(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv1Write Pass-through secret storage to the storage backend, allowing you to read/write arbitrary data into secret storage. path: Location of the secret.

func (*Secrets) KVv2Delete 

func (a *Secrets) KVv2Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Delete Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2DeleteMetadata 

func (a *Secrets) KVv2DeleteMetadata(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DeleteMetadata Configures settings for the KV store path: Location of the secret.

func (*Secrets) KVv2DeleteVersions 

func (a *Secrets) KVv2DeleteVersions(ctx context.Context, path string, request schema.KVv2DeleteVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DeleteVersions Marks one or more versions as deleted in the KV store. path: Location of the secret.

func (*Secrets) KVv2DestroyVersions 

func (a *Secrets) KVv2DestroyVersions(ctx context.Context, path string, request schema.KVv2DestroyVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2DestroyVersions Permanently removes one or more versions in the KV store path: Location of the secret.

func (*Secrets) KVv2Read 

func (a *Secrets) KVv2Read(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Read Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2ReadConfig 

func (a *Secrets) KVv2ReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadConfig Read the backend level settings.

func (*Secrets) KVv2ReadMetadata 

func (a *Secrets) KVv2ReadMetadata(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadMetadata Configures settings for the KV store path: Location of the secret. list: Return a list if `true`

func (*Secrets) KVv2ReadSubkeys 

func (a *Secrets) KVv2ReadSubkeys(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2ReadSubkeys Read the structure of a secret entry from the Key-Value store with the values removed. path: Location of the secret.

func (*Secrets) KVv2UndeleteVersions 

func (a *Secrets) KVv2UndeleteVersions(ctx context.Context, path string, request schema.KVv2UndeleteVersionsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2UndeleteVersions Undeletes one or more versions from the KV store. path: Location of the secret.

func (*Secrets) KVv2Write 

func (a *Secrets) KVv2Write(ctx context.Context, path string, request schema.KVv2WriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2Write Write, Patch, Read, and Delete data in the Key-Value Store. path: Location of the secret.

func (*Secrets) KVv2WriteConfig 

func (a *Secrets) KVv2WriteConfig(ctx context.Context, request schema.KVv2WriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2WriteConfig Configure backend level settings that are applied to every key in the key-value store.

func (*Secrets) KVv2WriteMetadata 

func (a *Secrets) KVv2WriteMetadata(ctx context.Context, path string, request schema.KVv2WriteMetadataRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KVv2WriteMetadata Configures settings for the KV store path: Location of the secret.

func (*Secrets) KubernetesDeleteConfig 

func (a *Secrets) KubernetesDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteConfig

func (*Secrets) KubernetesDeleteRole 

func (a *Secrets) KubernetesDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteRole name: Name of the role

func (*Secrets) KubernetesListRoles 

func (a *Secrets) KubernetesListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesListRoles

func (*Secrets) KubernetesReadConfig 

func (a *Secrets) KubernetesReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadConfig

func (*Secrets) KubernetesReadRole 

func (a *Secrets) KubernetesReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadRole name: Name of the role

func (*Secrets) KubernetesWriteConfig 

func (a *Secrets) KubernetesWriteConfig(ctx context.Context, request schema.KubernetesWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteConfig

func (*Secrets) KubernetesWriteCredentials 

func (a *Secrets) KubernetesWriteCredentials(ctx context.Context, name string, request schema.KubernetesWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteCredentials name: Name of the Vault role

func (*Secrets) KubernetesWriteRole 

func (a *Secrets) KubernetesWriteRole(ctx context.Context, name string, request schema.KubernetesWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteRole name: Name of the role

func (*Secrets) LDAPCheckInLibrary 

func (a *Secrets) LDAPCheckInLibrary(ctx context.Context, name string, request schema.LDAPCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) LDAPCheckInManageLibrary 

func (a *Secrets) LDAPCheckInManageLibrary(ctx context.Context, name string, request schema.LDAPCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) LDAPCheckOutLibrary 

func (a *Secrets) LDAPCheckOutLibrary(ctx context.Context, name string, request schema.LDAPCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) LDAPDeleteConfig 

func (a *Secrets) LDAPDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteConfig

func (*Secrets) LDAPDeleteLibrary 

func (a *Secrets) LDAPDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) LDAPDeleteRole 

func (a *Secrets) LDAPDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteRole name: Name of the role (lowercase)

func (*Secrets) LDAPDeleteStaticRole 

func (a *Secrets) LDAPDeleteStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPDeleteStaticRole name: Name of the role

func (*Secrets) LDAPListLibraries 

func (a *Secrets) LDAPListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListLibraries

func (*Secrets) LDAPListRoles 

func (a *Secrets) LDAPListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListRoles

func (*Secrets) LDAPListStaticRoles 

func (a *Secrets) LDAPListStaticRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPListStaticRoles

func (*Secrets) LDAPReadConfig 

func (a *Secrets) LDAPReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadConfig

func (*Secrets) LDAPReadCredentials 

func (a *Secrets) LDAPReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadCredentials name: Name of the dynamic role.

func (*Secrets) LDAPReadLibrary 

func (a *Secrets) LDAPReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadLibrary Read a library set. name: Name of the set.

func (*Secrets) LDAPReadLibraryStatus 

func (a *Secrets) LDAPReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) LDAPReadRole 

func (a *Secrets) LDAPReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadRole name: Name of the role (lowercase)

func (*Secrets) LDAPReadStaticCredentials 

func (a *Secrets) LDAPReadStaticCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadStaticCredentials name: Name of the static role.

func (*Secrets) LDAPReadStaticRole 

func (a *Secrets) LDAPReadStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPReadStaticRole name: Name of the role

func (*Secrets) LDAPRotateRole 

func (a *Secrets) LDAPRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPRotateRole name: Name of the static role

func (*Secrets) LDAPRotateRoot 

func (a *Secrets) LDAPRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPRotateRoot

func (*Secrets) LDAPWriteConfig 

func (a *Secrets) LDAPWriteConfig(ctx context.Context, request schema.LDAPWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteConfig

func (*Secrets) LDAPWriteLibrary 

func (a *Secrets) LDAPWriteLibrary(ctx context.Context, name string, request schema.LDAPWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) LDAPWriteRole 

func (a *Secrets) LDAPWriteRole(ctx context.Context, name string, request schema.LDAPWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteRole name: Name of the role (lowercase)

func (*Secrets) LDAPWriteStaticRole 

func (a *Secrets) LDAPWriteStaticRole(ctx context.Context, name string, request schema.LDAPWriteStaticRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LDAPWriteStaticRole name: Name of the role

func (*Secrets) MongoDBAtlasDeleteRole 

func (a *Secrets) MongoDBAtlasDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasDeleteRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) MongoDBAtlasListRoles 

func (a *Secrets) MongoDBAtlasListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasListRoles List the existing roles in this backend

func (*Secrets) MongoDBAtlasReadConfig 

func (a *Secrets) MongoDBAtlasReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadConfig Configure the credentials that are used to manage Database Users.

func (*Secrets) MongoDBAtlasReadCredentials 

func (a *Secrets) MongoDBAtlasReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadCredentials Generate MongoDB Atlas Programmatic API from a specific Vault role. name: Name of the role

func (*Secrets) MongoDBAtlasReadRole 

func (a *Secrets) MongoDBAtlasReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasReadRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) MongoDBAtlasWriteConfig 

func (a *Secrets) MongoDBAtlasWriteConfig(ctx context.Context, request schema.MongoDBAtlasWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteConfig Configure the credentials that are used to manage Database Users.

func (*Secrets) MongoDBAtlasWriteCredentials 

func (a *Secrets) MongoDBAtlasWriteCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteCredentials Generate MongoDB Atlas Programmatic API from a specific Vault role. name: Name of the role

func (*Secrets) MongoDBAtlasWriteRole 

func (a *Secrets) MongoDBAtlasWriteRole(ctx context.Context, name string, request schema.MongoDBAtlasWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MongoDBAtlasWriteRole Manage the roles used to generate MongoDB Atlas Programmatic API Keys. name: Name of the Roles

func (*Secrets) NomadDeleteAccessConfig 

func (a *Secrets) NomadDeleteAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteAccessConfig

func (*Secrets) NomadDeleteLeaseConfig 

func (a *Secrets) NomadDeleteLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadDeleteRole 

func (a *Secrets) NomadDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadDeleteRole name: Name of the role

func (*Secrets) NomadListRoles 

func (a *Secrets) NomadListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadListRoles

func (*Secrets) NomadReadAccessConfig 

func (a *Secrets) NomadReadAccessConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadAccessConfig

func (*Secrets) NomadReadCredentials 

func (a *Secrets) NomadReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadCredentials name: Name of the role

func (*Secrets) NomadReadLeaseConfig 

func (a *Secrets) NomadReadLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadReadRole 

func (a *Secrets) NomadReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadReadRole name: Name of the role

func (*Secrets) NomadWriteAccessConfig 

func (a *Secrets) NomadWriteAccessConfig(ctx context.Context, request schema.NomadWriteAccessConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteAccessConfig

func (*Secrets) NomadWriteLeaseConfig 

func (a *Secrets) NomadWriteLeaseConfig(ctx context.Context, request schema.NomadWriteLeaseConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteLeaseConfig Configure the lease parameters for generated tokens

func (*Secrets) NomadWriteRole 

func (a *Secrets) NomadWriteRole(ctx context.Context, name string, request schema.NomadWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

NomadWriteRole name: Name of the role

func (*Secrets) OpenLDAPCheckInLibrary 

func (a *Secrets) OpenLDAPCheckInLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckInLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckInLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) OpenLDAPCheckInManageLibrary 

func (a *Secrets) OpenLDAPCheckInManageLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckInManageLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckInManageLibrary Check service accounts in to the library. name: Name of the set.

func (*Secrets) OpenLDAPCheckOutLibrary 

func (a *Secrets) OpenLDAPCheckOutLibrary(ctx context.Context, name string, request schema.OpenLDAPCheckOutLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPCheckOutLibrary Check a service account out from the library. name: Name of the set

func (*Secrets) OpenLDAPDeleteConfig 

func (a *Secrets) OpenLDAPDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteConfig

func (*Secrets) OpenLDAPDeleteLibrary 

func (a *Secrets) OpenLDAPDeleteLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteLibrary Delete a library set. name: Name of the set.

func (*Secrets) OpenLDAPDeleteRole 

func (a *Secrets) OpenLDAPDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPDeleteStaticRole 

func (a *Secrets) OpenLDAPDeleteStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPDeleteStaticRole name: Name of the role

func (*Secrets) OpenLDAPListLibraries 

func (a *Secrets) OpenLDAPListLibraries(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListLibraries

func (*Secrets) OpenLDAPListRoles 

func (a *Secrets) OpenLDAPListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListRoles

func (*Secrets) OpenLDAPListStaticRoles 

func (a *Secrets) OpenLDAPListStaticRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPListStaticRoles

func (*Secrets) OpenLDAPReadConfig 

func (a *Secrets) OpenLDAPReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadConfig

func (*Secrets) OpenLDAPReadCredentials 

func (a *Secrets) OpenLDAPReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadCredentials name: Name of the dynamic role.

func (*Secrets) OpenLDAPReadLibrary 

func (a *Secrets) OpenLDAPReadLibrary(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadLibrary Read a library set. name: Name of the set.

func (*Secrets) OpenLDAPReadLibraryStatus 

func (a *Secrets) OpenLDAPReadLibraryStatus(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadLibraryStatus Check the status of the service accounts in a library set. name: Name of the set.

func (*Secrets) OpenLDAPReadRole 

func (a *Secrets) OpenLDAPReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPReadStaticCredentials 

func (a *Secrets) OpenLDAPReadStaticCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadStaticCredentials name: Name of the static role.

func (*Secrets) OpenLDAPReadStaticRole 

func (a *Secrets) OpenLDAPReadStaticRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPReadStaticRole name: Name of the role

func (*Secrets) OpenLDAPRotateRole 

func (a *Secrets) OpenLDAPRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPRotateRole name: Name of the static role

func (*Secrets) OpenLDAPRotateRoot 

func (a *Secrets) OpenLDAPRotateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPRotateRoot

func (*Secrets) OpenLDAPWriteConfig 

func (a *Secrets) OpenLDAPWriteConfig(ctx context.Context, request schema.OpenLDAPWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteConfig

func (*Secrets) OpenLDAPWriteLibrary 

func (a *Secrets) OpenLDAPWriteLibrary(ctx context.Context, name string, request schema.OpenLDAPWriteLibraryRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteLibrary Update a library set. name: Name of the set.

func (*Secrets) OpenLDAPWriteRole 

func (a *Secrets) OpenLDAPWriteRole(ctx context.Context, name string, request schema.OpenLDAPWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteRole name: Name of the role (lowercase)

func (*Secrets) OpenLDAPWriteStaticRole 

func (a *Secrets) OpenLDAPWriteStaticRole(ctx context.Context, name string, request schema.OpenLDAPWriteStaticRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OpenLDAPWriteStaticRole name: Name of the role

func (*Secrets) PKIBundleWrite 

func (a *Secrets) PKIBundleWrite(ctx context.Context, request schema.PKIBundleWriteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIBundleWrite

func (*Secrets) PKIDeleteKey 

func (a *Secrets) PKIDeleteKey(ctx context.Context, keyRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIDeleteRole 

func (a *Secrets) PKIDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteRole name: Name of the role

func (*Secrets) PKIDeleteRoot 

func (a *Secrets) PKIDeleteRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIDeleteRoot

func (*Secrets) PKIGenerateRoot 

func (a *Secrets) PKIGenerateRoot(ctx context.Context, exported string, request schema.PKIGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIGenerateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIImportKeys 

func (a *Secrets) PKIImportKeys(ctx context.Context, request schema.PKIImportKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIImportKeys

func (*Secrets) PKIIssuerIssueRole 

func (a *Secrets) PKIIssuerIssueRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerIssueRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerIssueRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuerResignCRLs 

func (a *Secrets) PKIIssuerResignCRLs(ctx context.Context, issuerRef string, request schema.PKIIssuerResignCRLsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerResignCRLs issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerRevoke 

func (a *Secrets) PKIIssuerRevoke(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerRevoke issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignIntermediate 

func (a *Secrets) PKIIssuerSignIntermediate(ctx context.Context, issuerRef string, request schema.PKIIssuerSignIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignIntermediate issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignRevocationList 

func (a *Secrets) PKIIssuerSignRevocationList(ctx context.Context, issuerRef string, request schema.PKIIssuerSignRevocationListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignRevocationList issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignRole 

func (a *Secrets) PKIIssuerSignRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerSignRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuerSignSelfIssued 

func (a *Secrets) PKIIssuerSignSelfIssued(ctx context.Context, issuerRef string, request schema.PKIIssuerSignSelfIssuedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignSelfIssued issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignVerbatim 

func (a *Secrets) PKIIssuerSignVerbatim(ctx context.Context, issuerRef string, request schema.PKIIssuerSignVerbatimRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignVerbatim issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PKIIssuerSignVerbatimRole 

func (a *Secrets) PKIIssuerSignVerbatimRole(ctx context.Context, issuerRef string, role string, request schema.PKIIssuerSignVerbatimRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuerSignVerbatimRole issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer. role: The desired role with configuration for this request

func (*Secrets) PKIIssuersGenerateIntermediate 

func (a *Secrets) PKIIssuersGenerateIntermediate(ctx context.Context, exported string, request schema.PKIIssuersGenerateIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersGenerateIntermediate exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIIssuersGenerateRoot 

func (a *Secrets) PKIIssuersGenerateRoot(ctx context.Context, exported string, request schema.PKIIssuersGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersGenerateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIIssuersList 

func (a *Secrets) PKIIssuersList(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIIssuersList

func (*Secrets) PKIListCerts 

func (a *Secrets) PKIListCerts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListCerts

func (*Secrets) PKIListCertsRevoked 

func (a *Secrets) PKIListCertsRevoked(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListCertsRevoked

func (*Secrets) PKIListKeys 

func (a *Secrets) PKIListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListKeys

func (*Secrets) PKIListRoles 

func (a *Secrets) PKIListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIListRoles

func (*Secrets) PKIReadAutoTidyConfig 

func (a *Secrets) PKIReadAutoTidyConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadAutoTidyConfig

func (*Secrets) PKIReadCA 

func (a *Secrets) PKIReadCA(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCA

func (*Secrets) PKIReadCAChain 

func (a *Secrets) PKIReadCAChain(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCAChain

func (*Secrets) PKIReadCAPem 

func (a *Secrets) PKIReadCAPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCAPem

func (*Secrets) PKIReadCRL 

func (a *Secrets) PKIReadCRL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRL

func (*Secrets) PKIReadCRLConfig 

func (a *Secrets) PKIReadCRLConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLConfig

func (*Secrets) PKIReadCRLRotate 

func (a *Secrets) PKIReadCRLRotate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLRotate

func (*Secrets) PKIReadCRLRotateDelta 

func (a *Secrets) PKIReadCRLRotateDelta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCRLRotateDelta

func (*Secrets) PKIReadCert 

func (a *Secrets) PKIReadCert(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCert serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadCertCAChain 

func (a *Secrets) PKIReadCertCAChain(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertCAChain

func (*Secrets) PKIReadCertRaw 

func (a *Secrets) PKIReadCertRaw(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertRaw serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadCertRawPem 

func (a *Secrets) PKIReadCertRawPem(ctx context.Context, serial string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadCertRawPem serial: Certificate serial number, in colon- or hyphen-separated octal

func (*Secrets) PKIReadClusterConfig 

func (a *Secrets) PKIReadClusterConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadClusterConfig

func (*Secrets) PKIReadDeltaCRL 

func (a *Secrets) PKIReadDeltaCRL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadDeltaCRL

func (*Secrets) PKIReadIssuersConfig 

func (a *Secrets) PKIReadIssuersConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadIssuersConfig

func (*Secrets) PKIReadKey 

func (a *Secrets) PKIReadKey(ctx context.Context, keyRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIReadKeysConfig 

func (a *Secrets) PKIReadKeysConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadKeysConfig

func (*Secrets) PKIReadOCSPReq 

func (a *Secrets) PKIReadOCSPReq(ctx context.Context, req string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadOCSPReq req: base-64 encoded ocsp request

func (*Secrets) PKIReadRole 

func (a *Secrets) PKIReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadRole name: Name of the role

func (*Secrets) PKIReadURLConfig 

func (a *Secrets) PKIReadURLConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReadURLConfig

func (*Secrets) PKIReplaceRoot 

func (a *Secrets) PKIReplaceRoot(ctx context.Context, request schema.PKIReplaceRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIReplaceRoot

func (*Secrets) PKIRevoke 

func (a *Secrets) PKIRevoke(ctx context.Context, request schema.PKIRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRevoke

func (*Secrets) PKIRevokeWithKey 

func (a *Secrets) PKIRevokeWithKey(ctx context.Context, request schema.PKIRevokeWithKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRevokeWithKey

func (*Secrets) PKIRootSignIntermediate 

func (a *Secrets) PKIRootSignIntermediate(ctx context.Context, request schema.PKIRootSignIntermediateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRootSignIntermediate

func (*Secrets) PKIRootSignSelfIssued 

func (a *Secrets) PKIRootSignSelfIssued(ctx context.Context, request schema.PKIRootSignSelfIssuedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRootSignSelfIssued

func (*Secrets) PKIRotateRoot 

func (a *Secrets) PKIRotateRoot(ctx context.Context, exported string, request schema.PKIRotateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIRotateRoot exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKISignRole 

func (a *Secrets) PKISignRole(ctx context.Context, role string, request schema.PKISignRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignRole role: The desired role with configuration for this request

func (*Secrets) PKISignVerbatim 

func (a *Secrets) PKISignVerbatim(ctx context.Context, request schema.PKISignVerbatimRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignVerbatim

func (*Secrets) PKISignVerbatimRole 

func (a *Secrets) PKISignVerbatimRole(ctx context.Context, role string, request schema.PKISignVerbatimRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKISignVerbatimRole role: The desired role with configuration for this request

func (*Secrets) PKITidy 

func (a *Secrets) PKITidy(ctx context.Context, request schema.PKITidyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidy

func (*Secrets) PKITidyCancel 

func (a *Secrets) PKITidyCancel(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidyCancel

func (*Secrets) PKITidyStatus 

func (a *Secrets) PKITidyStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKITidyStatus

func (*Secrets) PKIWriteAutoTidyConfig 

func (a *Secrets) PKIWriteAutoTidyConfig(ctx context.Context, request schema.PKIWriteAutoTidyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteAutoTidyConfig

func (*Secrets) PKIWriteCAConfig 

func (a *Secrets) PKIWriteCAConfig(ctx context.Context, request schema.PKIWriteCAConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCAConfig

func (*Secrets) PKIWriteCRLConfig 

func (a *Secrets) PKIWriteCRLConfig(ctx context.Context, request schema.PKIWriteCRLConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCRLConfig

func (*Secrets) PKIWriteCerts 

func (a *Secrets) PKIWriteCerts(ctx context.Context, request schema.PKIWriteCertsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteCerts

func (*Secrets) PKIWriteClusterConfig 

func (a *Secrets) PKIWriteClusterConfig(ctx context.Context, request schema.PKIWriteClusterConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteClusterConfig

func (*Secrets) PKIWriteIntermediateCrossSign 

func (a *Secrets) PKIWriteIntermediateCrossSign(ctx context.Context, request schema.PKIWriteIntermediateCrossSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateCrossSign

func (*Secrets) PKIWriteIntermediateGenerate 

func (a *Secrets) PKIWriteIntermediateGenerate(ctx context.Context, exported string, request schema.PKIWriteIntermediateGenerateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateGenerate exported: Must be \"internal\", \"exported\" or \"kms\". If set to \"exported\", the generated private key will be returned. This is your *only* chance to retrieve the private key!

func (*Secrets) PKIWriteIntermediateSetSigned 

func (a *Secrets) PKIWriteIntermediateSetSigned(ctx context.Context, request schema.PKIWriteIntermediateSetSignedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIntermediateSetSigned

func (*Secrets) PKIWriteInternalExported 

func (a *Secrets) PKIWriteInternalExported(ctx context.Context, request schema.PKIWriteInternalExportedRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteInternalExported

func (*Secrets) PKIWriteIssueRole 

func (a *Secrets) PKIWriteIssueRole(ctx context.Context, role string, request schema.PKIWriteIssueRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIssueRole role: The desired role with configuration for this request

func (*Secrets) PKIWriteIssuersConfig 

func (a *Secrets) PKIWriteIssuersConfig(ctx context.Context, request schema.PKIWriteIssuersConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteIssuersConfig

func (*Secrets) PKIWriteKMS 

func (a *Secrets) PKIWriteKMS(ctx context.Context, request schema.PKIWriteKMSRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKMS

func (*Secrets) PKIWriteKey 

func (a *Secrets) PKIWriteKey(ctx context.Context, keyRef string, request schema.PKIWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKey keyRef: Reference to key; either \"default\" for the configured default key, an identifier of a key, or the name assigned to the key.

func (*Secrets) PKIWriteKeysConfig 

func (a *Secrets) PKIWriteKeysConfig(ctx context.Context, request schema.PKIWriteKeysConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteKeysConfig

func (*Secrets) PKIWriteOCSP 

func (a *Secrets) PKIWriteOCSP(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteOCSP

func (*Secrets) PKIWriteRole 

func (a *Secrets) PKIWriteRole(ctx context.Context, name string, request schema.PKIWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteRole name: Name of the role

func (*Secrets) PKIWriteURLConfig 

func (a *Secrets) PKIWriteURLConfig(ctx context.Context, request schema.PKIWriteURLConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PKIWriteURLConfig

func (*Secrets) PkiDeleteIssuerRefDerPem 

func (a *Secrets) PkiDeleteIssuerRefDerPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiDeleteIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiDeleteJson 

func (a *Secrets) PkiDeleteJson(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiDeleteJson

func (*Secrets) PkiReadDelta 

func (a *Secrets) PkiReadDelta(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDelta

func (*Secrets) PkiReadDeltaPem 

func (a *Secrets) PkiReadDeltaPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDeltaPem

func (*Secrets) PkiReadDer 

func (a *Secrets) PkiReadDer(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadDer

func (*Secrets) PkiReadIssuerRefCrlPemDerDeltaPem 

func (a *Secrets) PkiReadIssuerRefCrlPemDerDeltaPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadIssuerRefCrlPemDerDeltaPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiReadIssuerRefDerPem 

func (a *Secrets) PkiReadIssuerRefDerPem(ctx context.Context, issuerRef string, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiReadJson 

func (a *Secrets) PkiReadJson(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadJson

func (*Secrets) PkiReadPem 

func (a *Secrets) PkiReadPem(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiReadPem

func (*Secrets) PkiWriteIssuerRefDerPem 

func (a *Secrets) PkiWriteIssuerRefDerPem(ctx context.Context, issuerRef string, request schema.PkiWriteIssuerRefDerPemRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiWriteIssuerRefDerPem issuerRef: Reference to a existing issuer; either \"default\" for the configured default issuer, an identifier or the name assigned to the issuer.

func (*Secrets) PkiWriteJson 

func (a *Secrets) PkiWriteJson(ctx context.Context, request schema.PkiWriteJsonRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

PkiWriteJson

func (*Secrets) RabbitMQDeleteRole 

func (a *Secrets) RabbitMQDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQDeleteRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) RabbitMQListRoles 

func (a *Secrets) RabbitMQListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQListRoles Manage the roles that can be created with this backend.

func (*Secrets) RabbitMQReadCredentials 

func (a *Secrets) RabbitMQReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadCredentials Request RabbitMQ credentials for a certain role. name: Name of the role.

func (*Secrets) RabbitMQReadLeaseConfig 

func (a *Secrets) RabbitMQReadLeaseConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadLeaseConfig Configure the lease parameters for generated credentials

func (*Secrets) RabbitMQReadRole 

func (a *Secrets) RabbitMQReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQReadRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) RabbitMQWriteConnectionConfig 

func (a *Secrets) RabbitMQWriteConnectionConfig(ctx context.Context, request schema.RabbitMQWriteConnectionConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteConnectionConfig Configure the connection URI, username, and password to talk to RabbitMQ management HTTP API.

func (*Secrets) RabbitMQWriteLeaseConfig 

func (a *Secrets) RabbitMQWriteLeaseConfig(ctx context.Context, request schema.RabbitMQWriteLeaseConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteLeaseConfig Configure the lease parameters for generated credentials

func (*Secrets) RabbitMQWriteRole 

func (a *Secrets) RabbitMQWriteRole(ctx context.Context, name string, request schema.RabbitMQWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RabbitMQWriteRole Manage the roles that can be created with this backend. name: Name of the role.

func (*Secrets) SSHDeleteCAConfig 

func (a *Secrets) SSHDeleteCAConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHDeleteKeys 

func (a *Secrets) SSHDeleteKeys(ctx context.Context, keyName string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteKeys Register a shared private key with Vault. keyName: [Required] Name of the key

func (*Secrets) SSHDeleteRole 

func (a *Secrets) SSHDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHDeleteZeroAddressConfig 

func (a *Secrets) SSHDeleteZeroAddressConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHDeleteZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) SSHListRoles 

func (a *Secrets) SSHListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHListRoles Manage the 'roles' that can be created with this backend.

func (*Secrets) SSHLookup 

func (a *Secrets) SSHLookup(ctx context.Context, request schema.SSHLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHLookup List all the roles associated with the given IP address.

func (*Secrets) SSHReadCAConfig 

func (a *Secrets) SSHReadCAConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHReadPublicKey 

func (a *Secrets) SSHReadPublicKey(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadPublicKey Retrieve the public key.

func (*Secrets) SSHReadRole 

func (a *Secrets) SSHReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHReadZeroAddressConfig 

func (a *Secrets) SSHReadZeroAddressConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHReadZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) SSHSign 

func (a *Secrets) SSHSign(ctx context.Context, role string, request schema.SSHSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHSign Request signing an SSH key using a certain role with the provided details. role: The desired role with configuration for this request.

func (*Secrets) SSHVerify 

func (a *Secrets) SSHVerify(ctx context.Context, request schema.SSHVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHVerify Validate the OTP provided by Vault SSH Agent.

func (*Secrets) SSHWriteCAConfig 

func (a *Secrets) SSHWriteCAConfig(ctx context.Context, request schema.SSHWriteCAConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteCAConfig Set the SSH private key used for signing certificates.

func (*Secrets) SSHWriteCredentials 

func (a *Secrets) SSHWriteCredentials(ctx context.Context, role string, request schema.SSHWriteCredentialsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteCredentials Creates a credential for establishing SSH connection with the remote host. role: [Required] Name of the role

func (*Secrets) SSHWriteIssue 

func (a *Secrets) SSHWriteIssue(ctx context.Context, role string, request schema.SSHWriteIssueRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteIssue role: The desired role with configuration for this request.

func (*Secrets) SSHWriteKeys 

func (a *Secrets) SSHWriteKeys(ctx context.Context, keyName string, request schema.SSHWriteKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteKeys Register a shared private key with Vault. keyName: [Required] Name of the key

func (*Secrets) SSHWriteRole 

func (a *Secrets) SSHWriteRole(ctx context.Context, role string, request schema.SSHWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteRole Manage the 'roles' that can be created with this backend. role: [Required for all types] Name of the role being created.

func (*Secrets) SSHWriteZeroAddressConfig 

func (a *Secrets) SSHWriteZeroAddressConfig(ctx context.Context, request schema.SSHWriteZeroAddressConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SSHWriteZeroAddressConfig Assign zero address as default CIDR block for select roles.

func (*Secrets) TOTPDeleteKey 

func (a *Secrets) TOTPDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPDeleteKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TOTPListKeys 

func (a *Secrets) TOTPListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPListKeys Manage the keys that can be created with this backend.

func (*Secrets) TOTPReadCode 

func (a *Secrets) TOTPReadCode(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPReadCode Request time-based one-time use password or validate a password for a certain key . name: Name of the key.

func (*Secrets) TOTPReadKey 

func (a *Secrets) TOTPReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPReadKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TOTPWriteCode 

func (a *Secrets) TOTPWriteCode(ctx context.Context, name string, request schema.TOTPWriteCodeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPWriteCode Request time-based one-time use password or validate a password for a certain key . name: Name of the key.

func (*Secrets) TOTPWriteKey 

func (a *Secrets) TOTPWriteKey(ctx context.Context, name string, request schema.TOTPWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TOTPWriteKey Manage the keys that can be created with this backend. name: Name of the key.

func (*Secrets) TerraformDeleteConfig 

func (a *Secrets) TerraformDeleteConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformDeleteConfig

func (*Secrets) TerraformDeleteRole 

func (a *Secrets) TerraformDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformDeleteRole name: Name of the role

func (*Secrets) TerraformListRoles 

func (a *Secrets) TerraformListRoles(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformListRoles

func (*Secrets) TerraformReadConfig 

func (a *Secrets) TerraformReadConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadConfig

func (*Secrets) TerraformReadCredentials 

func (a *Secrets) TerraformReadCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadCredentials Generate a Terraform Cloud or Enterprise API token from a specific Vault role. name: Name of the role

func (*Secrets) TerraformReadRole 

func (a *Secrets) TerraformReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformReadRole name: Name of the role

func (*Secrets) TerraformRotateRole 

func (a *Secrets) TerraformRotateRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformRotateRole name: Name of the team or organization role

func (*Secrets) TerraformWriteConfig 

func (a *Secrets) TerraformWriteConfig(ctx context.Context, request schema.TerraformWriteConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteConfig

func (*Secrets) TerraformWriteCredentials 

func (a *Secrets) TerraformWriteCredentials(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteCredentials Generate a Terraform Cloud or Enterprise API token from a specific Vault role. name: Name of the role

func (*Secrets) TerraformWriteRole 

func (a *Secrets) TerraformWriteRole(ctx context.Context, name string, request schema.TerraformWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TerraformWriteRole name: Name of the role

func (*Secrets) TransitBackup 

func (a *Secrets) TransitBackup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitBackup Backup the named key name: Name of the key

func (*Secrets) TransitDecrypt 

func (a *Secrets) TransitDecrypt(ctx context.Context, name string, request schema.TransitDecryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitDecrypt Decrypt a ciphertext value using a named key name: Name of the key

func (*Secrets) TransitDeleteKey 

func (a *Secrets) TransitDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitDeleteKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitEncrypt 

func (a *Secrets) TransitEncrypt(ctx context.Context, name string, request schema.TransitEncryptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitEncrypt Encrypt a plaintext value or a batch of plaintext blocks using a named key name: Name of the key

func (*Secrets) TransitExport 

func (a *Secrets) TransitExport(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitExport Export named encryption or signing key name: Name of the key type_: Type of key to export (encryption-key, signing-key, hmac-key)

func (*Secrets) TransitExportVersion 

func (a *Secrets) TransitExportVersion(ctx context.Context, name string, type_ string, version string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitExportVersion Export named encryption or signing key name: Name of the key type_: Type of key to export (encryption-key, signing-key, hmac-key) version: Version of the key

func (*Secrets) TransitGenerateDataKey 

func (a *Secrets) TransitGenerateDataKey(ctx context.Context, name string, plaintext string, request schema.TransitGenerateDataKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateDataKey Generate a data key name: The backend key used for encrypting the data key plaintext: \"plaintext\" will return the key in both plaintext and ciphertext; \"wrapped\" will return the ciphertext only.

func (*Secrets) TransitGenerateHMAC 

func (a *Secrets) TransitGenerateHMAC(ctx context.Context, name string, request schema.TransitGenerateHMACRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateHMAC Generate an HMAC for input data using the named key name: The key to use for the HMAC function

func (*Secrets) TransitGenerateHMACWithAlgorithm 

func (a *Secrets) TransitGenerateHMACWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitGenerateHMACWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateHMACWithAlgorithm Generate an HMAC for input data using the named key name: The key to use for the HMAC function urlalgorithm: Algorithm to use (POST URL parameter)

func (*Secrets) TransitGenerateRandom 

func (a *Secrets) TransitGenerateRandom(ctx context.Context, request schema.TransitGenerateRandomRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandom Generate random bytes

func (*Secrets) TransitGenerateRandomSource 

func (a *Secrets) TransitGenerateRandomSource(ctx context.Context, source string, request schema.TransitGenerateRandomSourceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandomSource Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\".

func (*Secrets) TransitGenerateRandomSourceBytes 

func (a *Secrets) TransitGenerateRandomSourceBytes(ctx context.Context, source string, urlbytes string, request schema.TransitGenerateRandomSourceBytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitGenerateRandomSourceBytes Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\". urlbytes: The number of bytes to generate (POST URL parameter)

func (*Secrets) TransitHash 

func (a *Secrets) TransitHash(ctx context.Context, request schema.TransitHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitHash Generate a hash sum for input data

func (*Secrets) TransitHashWithAlgorithm 

func (a *Secrets) TransitHashWithAlgorithm(ctx context.Context, urlalgorithm string, request schema.TransitHashWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitHashWithAlgorithm Generate a hash sum for input data urlalgorithm: Algorithm to use (POST URL parameter)

func (*Secrets) TransitImportKey 

func (a *Secrets) TransitImportKey(ctx context.Context, name string, request schema.TransitImportKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitImportKey Imports an externally-generated key into a new transit key name: The name of the key

func (*Secrets) TransitImportKeyVersion 

func (a *Secrets) TransitImportKeyVersion(ctx context.Context, name string, request schema.TransitImportKeyVersionRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitImportKeyVersion Imports an externally-generated key into an existing imported key name: The name of the key

func (*Secrets) TransitListKeys 

func (a *Secrets) TransitListKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitListKeys Managed named encryption keys

func (*Secrets) TransitReadCacheConfig 

func (a *Secrets) TransitReadCacheConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadCacheConfig Returns the size of the active cache

func (*Secrets) TransitReadConfigKeys 

func (a *Secrets) TransitReadConfigKeys(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadConfigKeys Configuration common across all keys

func (*Secrets) TransitReadKey 

func (a *Secrets) TransitReadKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitReadWrappingKey 

func (a *Secrets) TransitReadWrappingKey(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitReadWrappingKey Returns the public key to use for wrapping imported keys

func (*Secrets) TransitRestore 

func (a *Secrets) TransitRestore(ctx context.Context, request schema.TransitRestoreRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRestore Restore the named key

func (*Secrets) TransitRestoreKey 

func (a *Secrets) TransitRestoreKey(ctx context.Context, name string, request schema.TransitRestoreKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRestoreKey Restore the named key name: If set, this will be the name of the restored key.

func (*Secrets) TransitRewrap 

func (a *Secrets) TransitRewrap(ctx context.Context, name string, request schema.TransitRewrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRewrap Rewrap ciphertext name: Name of the key

func (*Secrets) TransitRotateKey 

func (a *Secrets) TransitRotateKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitRotateKey Rotate named encryption key name: Name of the key

func (*Secrets) TransitSign 

func (a *Secrets) TransitSign(ctx context.Context, name string, request schema.TransitSignRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitSign Generate a signature for input data using the named key name: The key to use

func (*Secrets) TransitSignWithAlgorithm 

func (a *Secrets) TransitSignWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitSignWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitSignWithAlgorithm Generate a signature for input data using the named key name: The key to use urlalgorithm: Hash algorithm to use (POST URL parameter)

func (*Secrets) TransitTrimKey 

func (a *Secrets) TransitTrimKey(ctx context.Context, name string, request schema.TransitTrimKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitTrimKey Trim key versions of a named key name: Name of the key

func (*Secrets) TransitVerify 

func (a *Secrets) TransitVerify(ctx context.Context, name string, request schema.TransitVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitVerify Verify a signature or HMAC for input data created using the named key name: The key to use

func (*Secrets) TransitVerifyWithAlgorithm 

func (a *Secrets) TransitVerifyWithAlgorithm(ctx context.Context, name string, urlalgorithm string, request schema.TransitVerifyWithAlgorithmRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitVerifyWithAlgorithm Verify a signature or HMAC for input data created using the named key name: The key to use urlalgorithm: Hash algorithm to use (POST URL parameter)

func (*Secrets) TransitWriteCacheConfig 

func (a *Secrets) TransitWriteCacheConfig(ctx context.Context, request schema.TransitWriteCacheConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteCacheConfig Configures a new cache of the specified size

func (*Secrets) TransitWriteConfigKeys 

func (a *Secrets) TransitWriteConfigKeys(ctx context.Context, request schema.TransitWriteConfigKeysRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteConfigKeys Configuration common across all keys

func (*Secrets) TransitWriteKey 

func (a *Secrets) TransitWriteKey(ctx context.Context, name string, request schema.TransitWriteKeyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteKey Managed named encryption keys name: Name of the key

func (*Secrets) TransitWriteKeyConfig 

func (a *Secrets) TransitWriteKeyConfig(ctx context.Context, name string, request schema.TransitWriteKeyConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteKeyConfig Configure a named encryption key name: Name of the key

func (*Secrets) TransitWriteRandomUrlbytes 

func (a *Secrets) TransitWriteRandomUrlbytes(ctx context.Context, urlbytes string, request schema.TransitWriteRandomUrlbytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TransitWriteRandomUrlbytes Generate random bytes urlbytes: The number of bytes to generate (POST URL parameter)

type ServerCertificateEntry 

type ServerCertificateEntry struct {
	// FromFile is the path to a PEM-encoded CA certificate file or bundle.
	// Default: "", takes precedence over 'FromBytes' and 'FromDirectory'.
	FromFile string `env:"VAULT_CACERT"`

	// FromBytes is PEM-encoded CA certificate data.
	// Default: nil, takes precedence over 'FromDirectory'.
	FromBytes []byte `env:"VAULT_CACERT_BYTES"`

	// FromDirectory is the path to a directory populated with PEM-encoded
	// certificates.
	// Default: ""
	FromDirectory string `env:"VAULT_CAPATH"`
}

type System 

type System struct {
	// contains filtered or unexported fields
}

System is a simple wrapper around the client for System requests

func (*System) CalculateAuditHash 

func (a *System) CalculateAuditHash(ctx context.Context, path string, request schema.CalculateAuditHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CalculateAuditHash The hash of the given string via the given audit backend path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) DeleteAuditDevice 

func (a *System) DeleteAuditDevice(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteAuditDevice Disable the audit device at the given path. path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) DeleteAuthMethod 

func (a *System) DeleteAuthMethod(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteAuthMethod Disable the auth method at the given auth path path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) DeleteConfigAuditingRequestHeader 

func (a *System) DeleteConfigAuditingRequestHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigAuditingRequestHeader Disable auditing of the given request header.

func (*System) DeleteConfigCORS 

func (a *System) DeleteConfigCORS(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigCORS Remove any CORS settings.

func (*System) DeleteConfigUIHeader 

func (a *System) DeleteConfigUIHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteConfigUIHeader Remove a UI header. header: The name of the header.

func (*System) DeleteGenerateRoot 

func (a *System) DeleteGenerateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteGenerateRoot Cancels any in-progress root generation attempt.

func (*System) DeleteGenerateRootAttempt 

func (a *System) DeleteGenerateRootAttempt(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteGenerateRootAttempt Cancels any in-progress root generation attempt.

func (*System) DeleteLogger 

func (a *System) DeleteLogger(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteLogger Revert a single logger to use log level provided in config. name: The name of the logger to be modified.

func (*System) DeleteLoggers 

func (a *System) DeleteLoggers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteLoggers Revert the all loggers to use log level provided in config.

func (*System) DeleteMount 

func (a *System) DeleteMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteMount Disable the mount point specified at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) DeletePluginsCatalogByTypeByName 

func (a *System) DeletePluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePluginsCatalogByTypeByName Remove the plugin with the given name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) DeletePoliciesACL 

func (a *System) DeletePoliciesACL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePoliciesACL Delete the ACL policy with the given name. name: The name of the policy. Example: \"ops\"

func (*System) DeletePoliciesPassword 

func (a *System) DeletePoliciesPassword(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePoliciesPassword Delete a password policy. name: The name of the password policy.

func (*System) DeletePolicy 

func (a *System) DeletePolicy(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeletePolicy Delete the policy with the given name. name: The name of the policy. Example: \"ops\"

func (*System) DeleteQuotasRateLimit 

func (a *System) DeleteQuotasRateLimit(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteQuotasRateLimit name: Name of the quota rule.

func (*System) DeleteRaw 

func (a *System) DeleteRaw(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRaw Delete the key with given path.

func (*System) DeleteRawPath 

func (a *System) DeleteRawPath(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRawPath Delete the key with given path.

func (*System) DeleteRekeyBackup 

func (a *System) DeleteRekeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyBackup Delete the backup copy of PGP-encrypted unseal keys.

func (*System) DeleteRekeyInit 

func (a *System) DeleteRekeyInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyInit Cancels any in-progress rekey. This clears the rekey settings as well as any progress made. This must be called to change the parameters of the rekey. Note: verification is still a part of a rekey. If rekeying is canceled during the verification flow, the current unseal keys remain valid.

func (*System) DeleteRekeyRecoveryKeyBackup 

func (a *System) DeleteRekeyRecoveryKeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyRecoveryKeyBackup Allows fetching or deleting the backup of the rotated unseal keys.

func (*System) DeleteRekeyVerify 

func (a *System) DeleteRekeyVerify(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

DeleteRekeyVerify Cancel any in-progress rekey verification operation. This clears any progress made and resets the nonce. Unlike a `DELETE` against `sys/rekey/init`, this only resets the current verification operation, not the entire rekey atttempt.

func (*System) ListConfigUIHeaders 

func (a *System) ListConfigUIHeaders(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListConfigUIHeaders Return a list of configured UI headers.

func (*System) ListLeasesLookupPrefix 

func (a *System) ListLeasesLookupPrefix(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

ListLeasesLookupPrefix Returns a list of lease ids. prefix: The path to list leases under. Example: \"aws/creds/deploy\"

func (*System) ListPluginsCatalogByType 

func (a *System) ListPluginsCatalogByType(ctx context.Context, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPluginsCatalogByType List the plugins in the catalog. type_: The type of the plugin, may be auth, secret, or database

func (*System) ListPoliciesACL 

func (a *System) ListPoliciesACL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPoliciesACL List the configured access control policies.

func (*System) ListPoliciesPassword 

func (a *System) ListPoliciesPassword(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListPoliciesPassword List the existing password policies.

func (*System) ListQuotasRateLimits 

func (a *System) ListQuotasRateLimits(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListQuotasRateLimits

func (*System) ListVersionHistory 

func (a *System) ListVersionHistory(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ListVersionHistory Returns map of historical version change entries

func (*System) MFAValidate 

func (a *System) MFAValidate(ctx context.Context, request schema.MFAValidateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MFAValidate Validates the login for the given MFA methods. Upon successful validation, it returns an auth response containing the client token

func (*System) Monitor 

func (a *System) Monitor(ctx context.Context, logFormat string, logLevel string, options ...RequestOption) (*Response[map[string]interface{}], error)

Monitor logFormat: Output format of logs. Supported values are \"standard\" and \"json\". The default is \"standard\". logLevel: Log level to view system logs at. Currently supported values are \"trace\", \"debug\", \"info\", \"warn\", \"error\".

func (*System) PprofRead 

func (a *System) PprofRead(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofRead Returns an HTML page listing the available profiles. Returns an HTML page listing the available profiles. This should be mainly accessed via browsers or applications that can render pages.

func (*System) PprofReadAllocs 

func (a *System) PprofReadAllocs(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadAllocs Returns a sampling of all past memory allocations. Returns a sampling of all past memory allocations.

func (*System) PprofReadBlock 

func (a *System) PprofReadBlock(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadBlock Returns stack traces that led to blocking on synchronization primitives Returns stack traces that led to blocking on synchronization primitives

func (*System) PprofReadCmdline 

func (a *System) PprofReadCmdline(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadCmdline Returns the running program's command line. Returns the running program's command line, with arguments separated by NUL bytes.

func (*System) PprofReadGoroutine 

func (a *System) PprofReadGoroutine(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadGoroutine Returns stack traces of all current goroutines. Returns stack traces of all current goroutines.

func (*System) PprofReadHeap 

func (a *System) PprofReadHeap(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadHeap Returns a sampling of memory allocations of live object. Returns a sampling of memory allocations of live object.

func (*System) PprofReadMutex 

func (a *System) PprofReadMutex(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadMutex Returns stack traces of holders of contended mutexes Returns stack traces of holders of contended mutexes

func (*System) PprofReadProfile 

func (a *System) PprofReadProfile(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadProfile Returns a pprof-formatted cpu profile payload. Returns a pprof-formatted cpu profile payload. Profiling lasts for duration specified in seconds GET parameter, or for 30 seconds if not specified.

func (*System) PprofReadSymbol 

func (a *System) PprofReadSymbol(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadSymbol Returns the program counters listed in the request. Returns the program counters listed in the request.

func (*System) PprofReadThreadcreate 

func (a *System) PprofReadThreadcreate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadThreadcreate Returns stack traces that led to the creation of new OS threads Returns stack traces that led to the creation of new OS threads

func (*System) PprofReadTrace 

func (a *System) PprofReadTrace(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

PprofReadTrace Returns the execution trace in binary form. Returns the execution trace in binary form. Tracing lasts for duration specified in seconds GET parameter, or for 1 second if not specified.

func (*System) ReadAuditDevices 

func (a *System) ReadAuditDevices(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuditDevices List the enabled audit devices.

func (*System) ReadAuthMethod 

func (a *System) ReadAuthMethod(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethod Read the configuration of the auth engine at the given path. path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) ReadAuthMethodTune 

func (a *System) ReadAuthMethodTune(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethodTune Reads the given auth path's configuration. This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`. path: Tune the configuration parameters for an auth path.

func (*System) ReadAuthMethods 

func (a *System) ReadAuthMethods(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadAuthMethods List the currently enabled credential backends.

func (*System) ReadConfigAuditingRequestHeader 

func (a *System) ReadConfigAuditingRequestHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigAuditingRequestHeader List the information for the given request header.

func (*System) ReadConfigAuditingRequestHeaders 

func (a *System) ReadConfigAuditingRequestHeaders(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigAuditingRequestHeaders List the request headers that are configured to be audited.

func (*System) ReadConfigCORS 

func (a *System) ReadConfigCORS(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigCORS Return the current CORS settings.

func (*System) ReadConfigStateSanitized 

func (a *System) ReadConfigStateSanitized(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigStateSanitized Return a sanitized version of the Vault server configuration. The sanitized output strips configuration values in the storage, HA storage, and seals stanzas, which may contain sensitive values such as API tokens. It also removes any token or secret fields in other stanzas, such as the circonus_api_token from telemetry.

func (*System) ReadConfigUIHeader 

func (a *System) ReadConfigUIHeader(ctx context.Context, header string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadConfigUIHeader Return the given UI header's configuration header: The name of the header.

func (*System) ReadGenerateRoot 

func (a *System) ReadGenerateRoot(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadGenerateRoot Read the configuration and progress of the current root generation attempt.

func (*System) ReadGenerateRootAttempt 

func (a *System) ReadGenerateRootAttempt(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadGenerateRootAttempt Read the configuration and progress of the current root generation attempt.

func (*System) ReadHAStatus 

func (a *System) ReadHAStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHAStatus Check the HA status of a Vault cluster

func (*System) ReadHealth 

func (a *System) ReadHealth(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHealth Returns the health status of Vault.

func (*System) ReadHostInfo 

func (a *System) ReadHostInfo(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadHostInfo Information about the host instance that this Vault server is running on. Information about the host instance that this Vault server is running on. The information that gets collected includes host hardware information, and CPU, disk, and memory utilization

func (*System) ReadInFlightRequests 

func (a *System) ReadInFlightRequests(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInFlightRequests reports in-flight requests This path responds to the following HTTP methods. GET / Returns a map of in-flight requests.

func (*System) ReadInit 

func (a *System) ReadInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInit Returns the initialization status of Vault.

func (*System) ReadInternalCountersActivity 

func (a *System) ReadInternalCountersActivity(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivity Report the client count metrics, for this namespace and all child namespaces.

func (*System) ReadInternalCountersActivityExport 

func (a *System) ReadInternalCountersActivityExport(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivityExport Report the client count metrics, for this namespace and all child namespaces.

func (*System) ReadInternalCountersActivityMonthly 

func (a *System) ReadInternalCountersActivityMonthly(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersActivityMonthly Report the number of clients for this month, for this namespace and all child namespaces.

func (*System) ReadInternalCountersConfig 

func (a *System) ReadInternalCountersConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersConfig Read the client count tracking configuration.

func (*System) ReadInternalCountersEntities 

func (a *System) ReadInternalCountersEntities(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersEntities Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalCountersRequests 

func (a *System) ReadInternalCountersRequests(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersRequests Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalCountersTokens 

func (a *System) ReadInternalCountersTokens(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalCountersTokens Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalInspectRouter 

func (a *System) ReadInternalInspectRouter(ctx context.Context, tag string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalInspectRouter Expose the route entry and mount entry tables present in the router tag: Name of subtree being observed

func (*System) ReadInternalSpecsOpenAPI 

func (a *System) ReadInternalSpecsOpenAPI(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalSpecsOpenAPI Generate an OpenAPI 3 document of all mounted paths.

func (*System) ReadInternalUIFeatureFlags 

func (a *System) ReadInternalUIFeatureFlags(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIFeatureFlags Lists enabled feature flags.

func (*System) ReadInternalUIMount 

func (a *System) ReadInternalUIMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIMount Return information about the given mount. path: The path of the mount.

func (*System) ReadInternalUIMounts 

func (a *System) ReadInternalUIMounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIMounts Lists all enabled and visible auth and secrets mounts.

func (*System) ReadInternalUINamespaces 

func (a *System) ReadInternalUINamespaces(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUINamespaces Backwards compatibility is not guaranteed for this API

func (*System) ReadInternalUIResultantACL 

func (a *System) ReadInternalUIResultantACL(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadInternalUIResultantACL Backwards compatibility is not guaranteed for this API

func (*System) ReadKeyStatus 

func (a *System) ReadKeyStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadKeyStatus Provides information about the backend encryption key.

func (*System) ReadLeader 

func (a *System) ReadLeader(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeader Returns the high availability status and current leader instance of Vault.

func (*System) ReadLeases 

func (a *System) ReadLeases(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeases List leases associated with this Vault cluster

func (*System) ReadLeasesCount 

func (a *System) ReadLeasesCount(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLeasesCount Count of leases associated with this Vault cluster

func (*System) ReadLogger 

func (a *System) ReadLogger(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLogger Read the log level for a single logger. name: The name of the logger to be modified.

func (*System) ReadLoggers 

func (a *System) ReadLoggers(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadLoggers Read the log level for all existing loggers.

func (*System) ReadMetrics 

func (a *System) ReadMetrics(ctx context.Context, format string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMetrics Export the metrics aggregated for telemetry purpose. format: Format to export metrics into. Currently accepts only \"prometheus\".

func (*System) ReadMount 

func (a *System) ReadMount(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMount Read the configuration of the secret engine at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) ReadMounts 

func (a *System) ReadMounts(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMounts List the currently mounted backends.

func (*System) ReadMountsConfig 

func (a *System) ReadMountsConfig(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadMountsConfig Tune backend configuration parameters for this mount. path: The path to mount to. Example: \"aws/east\"

func (*System) ReadPluginsCatalog 

func (a *System) ReadPluginsCatalog(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPluginsCatalog Lists all the plugins known to Vault

func (*System) ReadPluginsCatalogByTypeByName 

func (a *System) ReadPluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPluginsCatalogByTypeByName Return the configuration data for the plugin with the given name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) ReadPolicies 

func (a *System) ReadPolicies(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPolicies List the configured access control policies. list: Return a list if `true`

func (*System) ReadPoliciesACL 

func (a *System) ReadPoliciesACL(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesACL Retrieve information about the named ACL policy. name: The name of the policy. Example: \"ops\"

func (*System) ReadPoliciesPassword 

func (a *System) ReadPoliciesPassword(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesPassword Retrieve an existing password policy. name: The name of the password policy.

func (*System) ReadPoliciesPasswordGenerate 

func (a *System) ReadPoliciesPasswordGenerate(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPoliciesPasswordGenerate Generate a password from an existing password policy. name: The name of the password policy.

func (*System) ReadPolicy 

func (a *System) ReadPolicy(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadPolicy Retrieve the policy body for the named policy. name: The name of the policy. Example: \"ops\"

func (*System) ReadQuotasConfig 

func (a *System) ReadQuotasConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadQuotasConfig

func (*System) ReadQuotasRateLimit 

func (a *System) ReadQuotasRateLimit(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadQuotasRateLimit name: Name of the quota rule.

func (*System) ReadRaw 

func (a *System) ReadRaw(ctx context.Context, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRaw Read the value of the key at the given path. list: Return a list if `true`

func (*System) ReadRawPath 

func (a *System) ReadRawPath(ctx context.Context, path string, list string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRawPath Read the value of the key at the given path. list: Return a list if `true`

func (*System) ReadRekeyBackup 

func (a *System) ReadRekeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyBackup Return the backup copy of PGP-encrypted unseal keys.

func (*System) ReadRekeyInit 

func (a *System) ReadRekeyInit(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyInit Reads the configuration and progress of the current rekey attempt.

func (*System) ReadRekeyRecoveryKeyBackup 

func (a *System) ReadRekeyRecoveryKeyBackup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyRecoveryKeyBackup Allows fetching or deleting the backup of the rotated unseal keys.

func (*System) ReadRekeyVerify 

func (a *System) ReadRekeyVerify(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRekeyVerify Read the configuration and progress of the current rekey verification attempt.

func (*System) ReadRemountStatus 

func (a *System) ReadRemountStatus(ctx context.Context, migrationId string, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRemountStatus Check status of a mount migration migrationId: The ID of the migration operation

func (*System) ReadReplicationStatus 

func (a *System) ReadReplicationStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadReplicationStatus

func (*System) ReadRotateConfig 

func (a *System) ReadRotateConfig(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadRotateConfig

func (*System) ReadSealStatus 

func (a *System) ReadSealStatus(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

ReadSealStatus Check the seal status of a Vault.

func (*System) Remount 

func (a *System) Remount(ctx context.Context, request schema.RemountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Remount Initiate a mount migration

func (*System) Renew 

func (a *System) Renew(ctx context.Context, request schema.RenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Renew Renews a lease, requesting to extend the lease.

func (*System) RenewFor 

func (a *System) RenewFor(ctx context.Context, urlLeaseId string, request schema.RenewForRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RenewFor Renews a lease, requesting to extend the lease. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) Revoke 

func (a *System) Revoke(ctx context.Context, request schema.RevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Revoke Revokes a lease immediately.

func (*System) RevokeForce 

func (a *System) RevokeForce(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokeForce Revokes all secrets or tokens generated under a given prefix immediately Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) RevokeLease 

func (a *System) RevokeLease(ctx context.Context, urlLeaseId string, request schema.RevokeLeaseRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokeLease Revokes a lease immediately. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) RevokePrefix 

func (a *System) RevokePrefix(ctx context.Context, prefix string, request schema.RevokePrefixRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RevokePrefix Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) Rotate 

func (a *System) Rotate(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

Rotate Rotates the backend encryption key used to persist data.

func (*System) Seal 

func (a *System) Seal(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

Seal Seal the Vault.

func (*System) StepDownLeader 

func (a *System) StepDownLeader(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

StepDownLeader Cause the node to give up active status. This endpoint forces the node to give up active status. If the node does not have active status, this endpoint does nothing. Note that the node will sleep for ten seconds before attempting to grab the active lock again, but if no standby nodes grab the active lock in the interim, the same node may become the active node again.

func (*System) SysDeletePluginsCatalogName 

func (a *System) SysDeletePluginsCatalogName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysDeletePluginsCatalogName Remove the plugin with the given name. name: The name of the plugin

func (*System) SysListLeasesLookup 

func (a *System) SysListLeasesLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

SysListLeasesLookup Returns a list of lease ids.

func (*System) SysReadPluginsCatalogName 

func (a *System) SysReadPluginsCatalogName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysReadPluginsCatalogName Return the configuration data for the plugin with the given name. name: The name of the plugin

func (*System) SysWriteLockedusersMountAccessorUnlockAliasIdentifier 

func (a *System) SysWriteLockedusersMountAccessorUnlockAliasIdentifier(ctx context.Context, aliasIdentifier string, mountAccessor string, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWriteLockedusersMountAccessorUnlockAliasIdentifier Unlocks the user with given mount_accessor and alias_identifier aliasIdentifier: It is the name of the alias (user). For example, if the alias belongs to userpass backend, the name should be a valid username within userpass auth method. If the alias belongs to an approle auth method, the name should be a valid RoleID mountAccessor: MountAccessor is the identifier of the mount entry to which the user belongs

func (*System) SysWritePluginsCatalogName 

func (a *System) SysWritePluginsCatalogName(ctx context.Context, name string, request schema.SysWritePluginsCatalogNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWritePluginsCatalogName Register a new plugin, or updates an existing one with the supplied name. name: The name of the plugin

func (*System) SysWriteToolsRandomUrlbytes 

func (a *System) SysWriteToolsRandomUrlbytes(ctx context.Context, urlbytes string, request schema.SysWriteToolsRandomUrlbytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

SysWriteToolsRandomUrlbytes Generate random bytes urlbytes: The number of bytes to generate (POST URL parameter)

func (*System) ToolsGenerateRandom 

func (a *System) ToolsGenerateRandom(ctx context.Context, request schema.ToolsGenerateRandomRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandom Generate random bytes

func (*System) ToolsGenerateRandomSource 

func (a *System) ToolsGenerateRandomSource(ctx context.Context, source string, request schema.ToolsGenerateRandomSourceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandomSource Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\".

func (*System) ToolsGenerateRandomSourceBytes 

func (a *System) ToolsGenerateRandomSourceBytes(ctx context.Context, source string, urlbytes string, request schema.ToolsGenerateRandomSourceBytesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsGenerateRandomSourceBytes Generate random bytes source: Which system to source random data from, ether \"platform\", \"seal\", or \"all\". urlbytes: The number of bytes to generate (POST URL parameter)

func (*System) ToolsHash 

func (a *System) ToolsHash(ctx context.Context, request schema.ToolsHashRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsHash Generate a hash sum for input data

func (*System) ToolsHashWith 

func (a *System) ToolsHashWith(ctx context.Context, urlalgorithm string, request schema.ToolsHashWithRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

ToolsHashWith Generate a hash sum for input data urlalgorithm: Algorithm to use (POST URL parameter)

func (*System) Unseal 

func (a *System) Unseal(ctx context.Context, request schema.UnsealRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

Unseal Unseal the Vault.

func (*System) WrappingReadLookup 

func (a *System) WrappingReadLookup(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingReadLookup Look up wrapping properties for the requester's token.

func (*System) WrappingRewrap 

func (a *System) WrappingRewrap(ctx context.Context, request schema.WrappingRewrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingRewrap Rotates a response-wrapped token.

func (*System) WrappingUnwrap 

func (a *System) WrappingUnwrap(ctx context.Context, request schema.WrappingUnwrapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingUnwrap Unwraps a response-wrapped token.

func (*System) WrappingWrap 

func (a *System) WrappingWrap(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingWrap Response-wraps an arbitrary JSON object.

func (*System) WrappingWriteLookup 

func (a *System) WrappingWriteLookup(ctx context.Context, request schema.WrappingWriteLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WrappingWriteLookup Look up wrapping properties for the given token.

func (*System) WriteAuditDevice 

func (a *System) WriteAuditDevice(ctx context.Context, path string, request schema.WriteAuditDeviceRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuditDevice Enable a new audit device at the supplied path. path: The name of the backend. Cannot be delimited. Example: \"mysql\"

func (*System) WriteAuthMethod 

func (a *System) WriteAuthMethod(ctx context.Context, path string, request schema.WriteAuthMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuthMethod Enables a new auth method. After enabling, the auth method can be accessed and configured via the auth path specified as part of the URL. This auth path will be nested under the auth prefix. For example, enable the \"foo\" auth method will make it accessible at /auth/foo. path: The path to mount to. Cannot be delimited. Example: \"user\"

func (*System) WriteAuthMethodTune 

func (a *System) WriteAuthMethodTune(ctx context.Context, path string, request schema.WriteAuthMethodTuneRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteAuthMethodTune Tune configuration parameters for a given auth path. This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`. path: Tune the configuration parameters for an auth path.

func (*System) WriteCapabilities 

func (a *System) WriteCapabilities(ctx context.Context, request schema.WriteCapabilitiesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilities Fetches the capabilities of the given token on the given path.

func (*System) WriteCapabilitiesAccessor 

func (a *System) WriteCapabilitiesAccessor(ctx context.Context, request schema.WriteCapabilitiesAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilitiesAccessor Fetches the capabilities of the token associated with the given token, on the given path.

func (*System) WriteCapabilitiesSelf 

func (a *System) WriteCapabilitiesSelf(ctx context.Context, request schema.WriteCapabilitiesSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteCapabilitiesSelf Fetches the capabilities of the given token on the given path.

func (*System) WriteConfigAuditingRequestHeader 

func (a *System) WriteConfigAuditingRequestHeader(ctx context.Context, header string, request schema.WriteConfigAuditingRequestHeaderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigAuditingRequestHeader Enable auditing of a header.

func (*System) WriteConfigCORS 

func (a *System) WriteConfigCORS(ctx context.Context, request schema.WriteConfigCORSRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigCORS Configure the CORS settings.

func (*System) WriteConfigReloadSubsystem 

func (a *System) WriteConfigReloadSubsystem(ctx context.Context, subsystem string, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigReloadSubsystem Reload the given subsystem

func (*System) WriteConfigUIHeader 

func (a *System) WriteConfigUIHeader(ctx context.Context, header string, request schema.WriteConfigUIHeaderRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteConfigUIHeader Configure the values to be returned for the UI header. header: The name of the header.

func (*System) WriteGenerateRoot 

func (a *System) WriteGenerateRoot(ctx context.Context, request schema.WriteGenerateRootRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRoot Initializes a new root generation attempt. Only a single root generation attempt can take place at a time. One (and only one) of otp or pgp_key are required.

func (*System) WriteGenerateRootAttempt 

func (a *System) WriteGenerateRootAttempt(ctx context.Context, request schema.WriteGenerateRootAttemptRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRootAttempt Initializes a new root generation attempt. Only a single root generation attempt can take place at a time. One (and only one) of otp or pgp_key are required.

func (*System) WriteGenerateRootUpdate 

func (a *System) WriteGenerateRootUpdate(ctx context.Context, request schema.WriteGenerateRootUpdateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteGenerateRootUpdate Enter a single unseal key share to progress the root generation attempt. If the threshold number of unseal key shares is reached, Vault will complete the root generation and issue the new token. Otherwise, this API must be called multiple times until that threshold is met. The attempt nonce must be provided with each call.

func (*System) WriteInit 

func (a *System) WriteInit(ctx context.Context, request schema.WriteInitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteInit Initialize a new Vault. The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM.

func (*System) WriteInternalCountersConfig 

func (a *System) WriteInternalCountersConfig(ctx context.Context, request schema.WriteInternalCountersConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteInternalCountersConfig Enable or disable collection of client count, set retention period, or set default reporting period.

func (*System) WriteLeasesLookup 

func (a *System) WriteLeasesLookup(ctx context.Context, request schema.WriteLeasesLookupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesLookup Retrieve lease metadata.

func (*System) WriteLeasesRenew 

func (a *System) WriteLeasesRenew(ctx context.Context, request schema.WriteLeasesRenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRenew Renews a lease, requesting to extend the lease.

func (*System) WriteLeasesRenew2 

func (a *System) WriteLeasesRenew2(ctx context.Context, urlLeaseId string, request schema.WriteLeasesRenew2Request, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRenew2 Renews a lease, requesting to extend the lease. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) WriteLeasesRevoke 

func (a *System) WriteLeasesRevoke(ctx context.Context, request schema.WriteLeasesRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevoke Revokes a lease immediately.

func (*System) WriteLeasesRevoke2 

func (a *System) WriteLeasesRevoke2(ctx context.Context, urlLeaseId string, request schema.WriteLeasesRevoke2Request, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevoke2 Revokes a lease immediately. urlLeaseId: The lease identifier to renew. This is included with a lease.

func (*System) WriteLeasesRevokeForce 

func (a *System) WriteLeasesRevokeForce(ctx context.Context, prefix string, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevokeForce Revokes all secrets or tokens generated under a given prefix immediately Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation. By ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) WriteLeasesRevokePrefix 

func (a *System) WriteLeasesRevokePrefix(ctx context.Context, prefix string, request schema.WriteLeasesRevokePrefixRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesRevokePrefix Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately. prefix: The path to revoke keys under. Example: \"prod/aws/ops\"

func (*System) WriteLeasesTidy 

func (a *System) WriteLeasesTidy(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLeasesTidy This endpoint performs cleanup tasks that can be run if certain error conditions have occurred.

func (*System) WriteLogger 

func (a *System) WriteLogger(ctx context.Context, name string, request schema.WriteLoggerRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLogger Modify the log level of a single logger. name: The name of the logger to be modified.

func (*System) WriteLoggers 

func (a *System) WriteLoggers(ctx context.Context, request schema.WriteLoggersRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteLoggers Modify the log level for all existing loggers.

func (*System) WriteMount 

func (a *System) WriteMount(ctx context.Context, path string, request schema.WriteMountRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteMount Enable a new secrets engine at the given path. path: The path to mount to. Example: \"aws/east\"

func (*System) WriteMountsConfig 

func (a *System) WriteMountsConfig(ctx context.Context, path string, request schema.WriteMountsConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteMountsConfig Tune backend configuration parameters for this mount. path: The path to mount to. Example: \"aws/east\"

func (*System) WritePluginsCatalogByTypeByName 

func (a *System) WritePluginsCatalogByTypeByName(ctx context.Context, name string, type_ string, request schema.WritePluginsCatalogByTypeByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePluginsCatalogByTypeByName Register a new plugin, or updates an existing one with the supplied name. name: The name of the plugin type_: The type of the plugin, may be auth, secret, or database

func (*System) WritePluginsReloadBackend 

func (a *System) WritePluginsReloadBackend(ctx context.Context, request schema.WritePluginsReloadBackendRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePluginsReloadBackend Reload mounted plugin backends. Either the plugin name (`plugin`) or the desired plugin backend mounts (`mounts`) must be provided, but not both. In the case that the plugin name is provided, all mounted paths that use that plugin backend will be reloaded. If (`scope`) is provided and is (`global`), the plugin(s) are reloaded globally.

func (*System) WritePoliciesACL 

func (a *System) WritePoliciesACL(ctx context.Context, name string, request schema.WritePoliciesACLRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePoliciesACL Add a new or update an existing ACL policy. name: The name of the policy. Example: \"ops\"

func (*System) WritePoliciesPassword 

func (a *System) WritePoliciesPassword(ctx context.Context, name string, request schema.WritePoliciesPasswordRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePoliciesPassword Add a new or update an existing password policy. name: The name of the password policy.

func (*System) WritePolicy 

func (a *System) WritePolicy(ctx context.Context, name string, request schema.WritePolicyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WritePolicy Add a new or update an existing policy. name: The name of the policy. Example: \"ops\"

func (*System) WriteQuotasConfig 

func (a *System) WriteQuotasConfig(ctx context.Context, request schema.WriteQuotasConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteQuotasConfig

func (*System) WriteQuotasRateLimit 

func (a *System) WriteQuotasRateLimit(ctx context.Context, name string, request schema.WriteQuotasRateLimitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteQuotasRateLimit name: Name of the quota rule.

func (*System) WriteRaw 

func (a *System) WriteRaw(ctx context.Context, request schema.WriteRawRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRaw Update the value of the key at the given path.

func (*System) WriteRawPath 

func (a *System) WriteRawPath(ctx context.Context, path string, request schema.WriteRawPathRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRawPath Update the value of the key at the given path.

func (*System) WriteRekeyInit 

func (a *System) WriteRekeyInit(ctx context.Context, request schema.WriteRekeyInitRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyInit Initializes a new rekey attempt. Only a single rekey attempt can take place at a time, and changing the parameters of a rekey requires canceling and starting a new rekey, which will also provide a new nonce.

func (*System) WriteRekeyUpdate 

func (a *System) WriteRekeyUpdate(ctx context.Context, request schema.WriteRekeyUpdateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyUpdate Enter a single unseal key share to progress the rekey of the Vault.

func (*System) WriteRekeyVerify 

func (a *System) WriteRekeyVerify(ctx context.Context, request schema.WriteRekeyVerifyRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRekeyVerify Enter a single new key share to progress the rekey verification operation.

func (*System) WriteRotateConfig 

func (a *System) WriteRotateConfig(ctx context.Context, request schema.WriteRotateConfigRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteRotateConfig

type TLSConfiguration 

type TLSConfiguration struct {
	// ServerCertificate is a PEM-encoded CA certificate, which  the client
	// will use to verify the Vault server TLS certificate. It can be sourced
	// from a file, from a directory or from raw bytes.
	ServerCertificate ServerCertificateEntry

	// ClientCertificate is a PEM-encoded client certificate (signed by a CA or
	// self-signed), which is used to authenticate with Vault via the cert auth
	// method (see https://developer.hashicorp.com/vault/docs/auth/cert)
	ClientCertificate ClientCertificateEntry

	// ClientCertificateKey is a private key, which is used together with
	// ClientCertificate to authenticate with Vault via the cert auth method
	// (see https://developer.hashicorp.com/vault/docs/auth/cert)
	// Default: ""
	ClientCertificateKey ClientCertificateKeyEntry

	// ServerName is used to verify the hostname on the returned certificates
	// unless InsecureSkipVerify is given.
	// Default: ""
	ServerName string `env:"VAULT_TLS_SERVER_NAME"`

	// InsecureSkipVerify controls whether the client verifies the server's
	// certificate chain and hostname.
	// Default: false
	InsecureSkipVerify bool `env:"VAULT_SKIP_VERIFY"`
}

TLSConfiguration is a collection of TLS settings used to configure the internal http.Client.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.