jwtsecrets

package

v0.0.4 Latest Latest Go to latest Published: Nov 1, 2019 License: MPL-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ian-fox/vault-plugin-secrets-jwt

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwtsecrets implements the vault-plugin-jwt-secrets backend.

Index ¶

Constants
Variables
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)
type Config
- func DefaultConfig(backendUUID string) *Config

Constants ¶

View Source

const (
	DefaultKeyRotationPeriod = "15m0s"
	DefaultTokenTTL          = "5m0s"
	DefaultSetIAT            = true
	DefaultSetJTI            = true
	DefaultSetNBF            = true
	DefaultIssuer            = "vault-plugin-secrets-jwt:UUID"
	DefaultAudiencePattern   = ".*"
	DefaultSubjectPattern    = ".*"
	DefaultMaxAudiences      = -1
)

Default values for configuration options.

Variables ¶

View Source

var DefaultAllowedClaims = []string{"aud", "sub"}

DefaultAllowedClaims is the default value for the AllowedClaims config option. By default only the 'aud' and 'sub' claims can be set by the caller.

View Source

var ReservedClaims = []string{"iss", "exp", "nbf", "iat", "jti"}

Functions ¶

func Factory ¶

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

Factory returns a new backend as logical.Backend.

Types ¶

type Config ¶

type Config struct {
	// KeyRotationPeriod is how frequently a new key is created.
	KeyRotationPeriod time.Duration

	// TokenTTL defines how long a token is valid for after being signed.
	TokenTTL time.Duration

	// SetIat defines if the backend sets the 'iat' claim or not.
	SetIAT bool

	// SetJTI defines if the backend generates and sets the 'jti' claim or not.
	SetJTI bool

	// SetNBF defines if the backend sets the 'nbf' claim. If true, the claim will be set to the same as the 'iat' claim.
	SetNBF bool

	// Issuer defines the 'iss' claim for the jwt. If blank, it is omitted.
	Issuer string

	// AudiencePattern defines a regular expression (https://golang.org/pkg/regexp/) which must be matched by any incoming 'aud' claims.
	// If the audience claim is an array, each element in the array must match the pattern.
	AudiencePattern *regexp.Regexp

	// SubjectPattern defines a regular expression (https://golang.org/pkg/regexp/) which must be matched by any incoming 'sub' claims.
	SubjectPattern *regexp.Regexp

	// MaxAudiences defines the maximum number of strings in the 'aud' claim.
	MaxAudiences int

	// AllowedClaims defines which claims can be set on the JWT.
	AllowedClaims []string
	// contains filtered or unexported fields
}

Config holds all configuration for the backend.

func DefaultConfig ¶

func DefaultConfig(backendUUID string) *Config

DefaultConfig creates a new default configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL