vault

package
v0.0.0-...-c2f8fcc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddPrefixToVKVPath 

func AddPrefixToVKVPath(p, mountPath, apiPrefix string) string

AddPrefixToVKVPath add data

func CastSecretDataToStringMap 

func CastSecretDataToStringMap(secretData map[string]interface{}) map[string]interface{}

CastSecretDataToStringMap convert the secret data to map[string]interface{}

func GCPBackendLogin 

func GCPBackendLogin(client *Client, gcpBackendConfig *GCPBackendConfig, vaultConfig *Config) (string, error)

GCPBackendLogin Authenticate to Vault via GCP Backend

func GetKVConfig 

func GetKVConfig(client *api.Client, cfg *SecretConfig) error

GetKVConfig get mount path and is v2

func GetServiceAccountCreds 

func GetServiceAccountCreds(cfg *GCPBackendConfig) (*jwt.Config, error)

GetServiceAccountCreds read the service account json

func GetServiceAccountToken 

func GetServiceAccountToken(tokenPath string) ([]byte, error)

GetServiceAccountToken read Kubernetes service account token

func KubernetesBackendLogin 

func KubernetesBackendLogin(client *Client, vaultCfg *Config, jwt []byte) (string, error)

KubernetesBackendLogin Authenticate to Vault via Kubernetes Backend

func RetrieveSecret 

func RetrieveSecret(client *api.Client, cfg *SecretConfig) (map[string]interface{}, error)

RetrieveSecret retrieve secrets from vault

func RetrieveSecrets 

func RetrieveSecrets(client *api.Client, vaultCfg *Config) (map[string]interface{}, error)

RetrieveSecrets iterate over secretConfigsList and retrieve each secret

Types

type Client 

type Client struct {
	Client  *vaultapi.Client
	Logical *vaultapi.Logical
}

Client is a Vault client with Kubernetes support

func NewClientWithConfig 

func NewClientWithConfig(config *vaultapi.Config, vaultCfg *Config, gcpCfg *GCPBackendConfig) (*Client, error)

NewClientWithConfig create a new vault client

type Config 

type Config struct {
	Role              string
	TokenPath         string
	Backend           string
	KubernetesBackend string
	SecretsConfigList []SecretConfig
}

Config configuration for Vault

func ConfigureVaultSecrets 

func ConfigureVaultSecrets(client *api.Client, secretConfigs []string, vaultCfg *Config) (*Config, error)

ConfigureVaultSecrets configure Vault Role TokenPath Backend and SecretsConfigList

type GCPBackendConfig 

type GCPBackendConfig struct {
	Project        string
	CredsPath      string
	ServiceAccount string
}

GCPBackendConfig parmaters for GCP backend login through Vault

type SecretConfig 

type SecretConfig struct {
	Path                 string // If Path ends with a / or contains * it will treat it as a wildcard path
	IsKVv2               bool
	MountPath            string
	Version              string // If passed, the value at the version number will be returned
	UseSecretNamesAsKeys bool
}

SecretConfig holds secret config

type SecretConfigJSON 

type SecretConfigJSON struct {
	Path                 string `json:"path"`
	Version              string `json:"version"`
	UseSecretNamesAsKeys string `json:"use-secret-names-as-keys"`
}

SecretConfigJSON JSON struct for secret config

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.