Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSType ¶
type AWSType struct {
VaultMountPoint string `yaml:"vaultMountPoint"`
VaultRole string `yaml:"vaultRole"`
Profile string `yaml:"awsProfile"`
Region string `yaml:"awsRegion"`
OutputPath string `yaml:"outputPath"`
Mode string `yaml:"mode"`
}
AWSType for AWS credentials obtained by Vault performing sts:AssumeRole on your behalf.
type CompositeSecretFile ¶
type CompositeSecretFile struct {
Filename string
Mode os.FileMode
Lifetime util.SecretLifetime // if one secret is token-scoped, then the whole file becomes token scoped.
Secrets []SecretType
}
type ControlToolConfig ¶
type ControlToolConfig struct {
VaultConfig VaultConfig
Templates map[string]*template.Template
Composites map[string]*CompositeSecretFile
}
func ReadConfig ¶
func ReadConfigFile ¶
func ReadConfigFile(configFile string, configDir string, inputPrefix, outputPrefix string) (*ControlToolConfig, error)
type SSHCertificateType ¶
type SSHCertificateType struct {
VaultMount string `yaml:"vaultMountPoint"`
VaultRole string `yaml:"vaultRole"`
OutputPath string `yaml:"outputPath"`
}
SSHCertificateType for SSH certificate signing. This tool will write private, public, and certificate files to the specified OutputPath, asking the public key to be signed for the specified role at the specified mount point in Vault.
type SecretFieldType ¶
type SecretFieldType struct {
Name string `yaml:"name"`
Output string `yaml:"output"`
Encoding string `yaml:"encoding"`
}
SecretFieldType is used to just output the contents of specific fields to specific files. Their mode will be the same as "mode" in the SecretType they belong.
type SecretType ¶
type SecretType struct {
Key string `yaml:"key"`
UseKeyAsPrefix bool `yaml:"use_key_as_prefix"`
Path string `yaml:"path"`
Fields []SecretFieldType `yaml:"fields"`
TouchFile string `yaml:"touchfile"`
Output string `yaml:"output"`
Lifetime util.SecretLifetime `yaml:"lifetime"`
Mode string `yaml:"mode"`
IsMissingOk bool `yaml:"missingOk"`
PinnedVersion *int `yaml:"pinnedVersion,omitempty"`
}
SecretType for reading from Vault's KV store and writing contents out to various places. The "output" field will write everything out as JSON. If "missingOk" is true, then missing secrets path will simply be logged.
func (*SecretType) NeedsMetadata ¶
func (secretType *SecretType) NeedsMetadata() bool
NeedsMetadata determines if the tool needs metadata from Vault in order to correctly process the secret. This will cause errors if the metadata for a secret isn't available and it's needed.
type TemplateType ¶
type TemplateType struct {
Input string `yaml:"input"`
Output string `yaml:"output"`
Mode string `yaml:"mode"`
Lifetime util.SecretLifetime `yaml:"lifetime,omitempty"`
}
TemplateType for turning Go template files into files with secrets in them.
type VaultConfig ¶
type VaultConfig struct {
// v0 or v1: Default prefix for Secrets is /secret/application-config/services/
// v2: Default prefix for Secrets is /kv/data/application-config/services/
// v3: v2 plus requires "lifetime" values for secrets and templates
ConfigVersion int `yaml:"version"`
VaultToken VaultTokenType `yaml:"vaultToken"`
Templates []TemplateType `yaml:"templates"`
Secrets []SecretType `yaml:"secrets"`
SSHCertificates []SSHCertificateType `yaml:"sshCertificates"`
AWS []AWSType `yaml:"aws"`
// contains filtered or unexported fields
}
VaultConfig is used to set up the tool and fetch all the appropriate secrets.
func (VaultConfig) Cleanup ¶
func (cfg VaultConfig) Cleanup()
type VaultTokenType ¶
VaultTokenType for writing the contents of a VAULT_TOKEN to the specified file with the specified mode.
Source Files