Affected by 
Documentation
¶
Index ¶
- Constants
- Variables
- func ExperimentsFromEnvAndCLI(config *Config, envKey string, flagExperiments []string) error
- func GenerateCert(caCertTemplate *x509.Certificate, caSigner crypto.Signer) (string, string, error)
- func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
- func ParseStorage(result *Config, list *ast.ObjectList, name string) error
- type CaCert
- type Config
- func CheckConfig(c *Config, e error) (*Config, error)
- func DevConfig(storageType string) (*Config, error)
- func DevTLSConfig(storageType, certDir string) (*Config, error)
- func LoadConfig(path string) (*Config, error)
- func LoadConfigDir(dir string) (*Config, error)
- func LoadConfigFile(path string) (*Config, error)
- func NewConfig() *Config
- func ParseConfig(d, source string) (*Config, error)
- type ListenerFactory
- type ServiceRegistration
- type Storage
- type TCPKeepAliveListener
Constants ¶
const ( VaultDevCAFilename = "vault-ca.pem" VaultDevCertFilename = "vault-cert.pem" VaultDevKeyFilename = "vault-key.pem" )
Variables ¶
var BuiltinListeners = map[string]ListenerFactory{
"tcp": tcpListenerFactory,
"unix": unixListenerFactory,
}
BuiltinListeners is the list of built-in listener types.
var DefaultCustomHeaders = map[string]map[string]string{ "default": { "Strict-Transport-Security": configutil.StrictTransportSecurity, }, }
Functions ¶
func ExperimentsFromEnvAndCLI ¶ added in v1.13.0
func GenerateCert ¶ added in v1.12.0
GenerateCert creates a new leaf cert from provided CA template and signer
func NewListener ¶
func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
NewListener creates a new listener of the given type with the given configuration. The type is looked up in the BuiltinListeners map.
func ParseStorage ¶ added in v0.11.2
func ParseStorage(result *Config, list *ast.ObjectList, name string) error
Types ¶
type CaCert ¶ added in v1.12.0
type CaCert struct {
PEM string
Template *x509.Certificate
Signer crypto.Signer
}
func GenerateCA ¶ added in v1.12.0
GenerateCA generates a new self-signed CA cert and returns a CaCert struct containing the PEM encoded cert, X509 Certificate Template, and crypto.Signer
type Config ¶
type Config struct {
UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"`
FoundKeys []string `hcl:",decodedFields"`
Storage *Storage `hcl:"-"`
HAStorage *Storage `hcl:"-"`
ServiceRegistration *ServiceRegistration `hcl:"-"`
Experiments []string `hcl:"experiments"`
CacheSize int `hcl:"cache_size"`
DisableCache bool `hcl:"-"`
DisableCacheRaw interface{} `hcl:"disable_cache"`
DisablePrintableCheck bool `hcl:"-"`
DisablePrintableCheckRaw interface{} `hcl:"disable_printable_check"`
EnableUI bool `hcl:"-"`
EnableUIRaw interface{} `hcl:"ui"`
MaxLeaseTTL time.Duration `hcl:"-"`
MaxLeaseTTLRaw interface{} `hcl:"max_lease_ttl,alias:MaxLeaseTTL"`
DefaultLeaseTTL time.Duration `hcl:"-"`
DefaultLeaseTTLRaw interface{} `hcl:"default_lease_ttl,alias:DefaultLeaseTTL"`
ClusterCipherSuites string `hcl:"cluster_cipher_suites"`
PluginDirectory string `hcl:"plugin_directory"`
PluginFileUid int `hcl:"plugin_file_uid"`
PluginFilePermissions int `hcl:"-"`
PluginFilePermissionsRaw interface{} `hcl:"plugin_file_permissions,alias:PluginFilePermissions"`
EnableIntrospectionEndpoint bool `hcl:"-"`
EnableIntrospectionEndpointRaw interface{} `hcl:"introspection_endpoint,alias:EnableIntrospectionEndpoint"`
EnableRawEndpoint bool `hcl:"-"`
EnableRawEndpointRaw interface{} `hcl:"raw_storage_endpoint,alias:EnableRawEndpoint"`
APIAddr string `hcl:"api_addr"`
ClusterAddr string `hcl:"cluster_addr"`
DisableClustering bool `hcl:"-"`
DisableClusteringRaw interface{} `hcl:"disable_clustering,alias:DisableClustering"`
DisablePerformanceStandby bool `hcl:"-"`
DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby,alias:DisablePerformanceStandby"`
DisableSealWrap bool `hcl:"-"`
DisableSealWrapRaw interface{} `hcl:"disable_sealwrap,alias:DisableSealWrap"`
DisableIndexing bool `hcl:"-"`
DisableIndexingRaw interface{} `hcl:"disable_indexing,alias:DisableIndexing"`
DisableSentinelTrace bool `hcl:"-"`
DisableSentinelTraceRaw interface{} `hcl:"disable_sentinel_trace,alias:DisableSentinelTrace"`
EnableResponseHeaderHostname bool `hcl:"-"`
EnableResponseHeaderHostnameRaw interface{} `hcl:"enable_response_header_hostname"`
LogRequestsLevel string `hcl:"-"`
LogRequestsLevelRaw interface{} `hcl:"log_requests_level"`
DetectDeadlocks string `hcl:"detect_deadlocks"`
EnableResponseHeaderRaftNodeID bool `hcl:"-"`
EnableResponseHeaderRaftNodeIDRaw interface{} `hcl:"enable_response_header_raft_node_id"`
License string `hcl:"-"`
LicensePath string `hcl:"license_path"`
DisableSSCTokens bool `hcl:"-"`
// contains filtered or unexported fields
}
Config is the configuration for the vault server.
func DevTLSConfig ¶ added in v1.12.0
DevTLSConfig is a Config that is used for dev tls mode of Vault.
func LoadConfig ¶
LoadConfig loads the configuration at the given path, regardless if its a file or directory.
func LoadConfigDir ¶
LoadConfigDir loads all the configurations in the given directory in alphabetical order.
func LoadConfigFile ¶
LoadConfigFile loads the configuration from the given file.
func ParseConfig ¶ added in v0.5.2
func (*Config) Sanitized ¶ added in v1.3.0
Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.
Specifically, the fields that this method strips are: - Storage.Config - HAStorage.Config - Seals.Config - Telemetry.CirconusAPIToken
func (*Config) Validate ¶ added in v1.8.0
func (c *Config) Validate(sourceFilePath string) []configutil.ConfigError
type ListenerFactory ¶
type ListenerFactory func(*configutil.Listener, io.Writer, cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
ListenerFactory is the factory function to create a listener.
type ServiceRegistration ¶ added in v1.4.0
type ServiceRegistration struct {
UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"`
Type string
Config map[string]string
}
ServiceRegistration is the optional service discovery for the server.
func (*ServiceRegistration) GoString ¶ added in v1.4.0
func (b *ServiceRegistration) GoString() string
func (*ServiceRegistration) Validate ¶ added in v1.8.0
func (b *ServiceRegistration) Validate(source string) []configutil.ConfigError
type Storage ¶ added in v0.7.0
type Storage struct {
Type string
RedirectAddr string
ClusterAddr string
DisableClustering bool
Config map[string]string
}
Storage is the underlying storage configuration for the server.
type TCPKeepAliveListener ¶ added in v1.1.0
type TCPKeepAliveListener struct {
*net.TCPListener
}
TCPKeepAliveListener sets TCP keep-alive timeouts on accepted connections. It's used by ListenAndServe and ListenAndServeTLS so dead TCP connections (e.g. closing laptop mid-download) eventually go away.
This is copied directly from the Go source code.
Source Files