signer

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetTokenFromHelper

func GetTokenFromHelper() (string, error)

GetTokenFromHelper uses the standard vault client binary to retrieve the "current" default token, avoiding reimplementation of token_helper, etc.

func GetVaultClient added in v0.3.0

func GetVaultClient() (*api.Client, error)

GetVaultClient returns a full configured Vault API Client

func ParseArgs

func ParseArgs(client *Client, args []string) (unparsedArgs []string, err error)

Types

type Client

type Client struct {
	API        *api.Client
	RoleConfig map[string]interface{}
	Options    Options
	PublicKey  []byte
	SignedKey  string
}

func (*Client) GenerateSignedKeypair added in v0.7.0

func (c *Client) GenerateSignedKeypair(principal string) (privateKey string, signedKey string, err error)

GenerateSignedKeypair gets a (private, signed) key-pair

func (*Client) GetAllowedUser added in v0.3.0

func (c *Client) GetAllowedUser() string

func (*Client) GetRoleData added in v0.3.0

func (c *Client) GetRoleData() map[string]interface{}

func (*Client) RequiredExtensions

func (c *Client) RequiredExtensions() map[string]string

RequiredExtensions calculates the required set of extensions to request based on the options set on Client

func (*Client) SetPublicKey added in v0.3.0

func (c *Client) SetPublicKey(publicKey []byte) (err error)

func (*Client) SignKey added in v0.7.0

func (c *Client) SignKey(principal string) (string, error)

SignKey signs the configured public key, sets the SignedKey property to the filename of the signed key and returns the filename

type Extensions

type Extensions struct {
	Default         bool `` /* 152-byte string literal not displayed */
	AgentForwarding bool `long:"agent-forwarding" env:"VAULT_SSH_AGENT_FORWARDING" description:"Force permit-agent-forwarding extension"`
	PortForwarding  bool `long:"port-forwarding" env:"VAULT_SSH_PORT_FORWARDING" description:"Force permit-port-forwarding extension"`
	NoPTY           bool `long:"no-pty" env:"VAULT_SSH_NO_PTY" description:"Force disable permit-pty extension"`
	UserRC          bool `long:"user-rc" env:"VAULT_SSH_USER_RC" description:"Enable permit-user-rc extension"`
	X11Forwarding   bool `long:"x11-forwarding" env:"VAULT_SSH_X11_FORWARDING" description:"Force permit-X11-forwarding extension"`
}

Extensions control what certificate extensions are required for the signed key

type Options

type Options struct {
	Mode       string     `long:"mode" choice:"sign" choice:"issue" default:"issue" env:"VAULT_SSH_MODE" description:"Mode"`
	Type       string     `` /* 161-byte string literal not displayed */
	Bits       uint       `` /* 180-byte string literal not displayed */
	Path       string     `long:"path" default:"ssh" env:"VAULT_SSH_PATH" description:"Vault SSH mountpoint"`
	Role       string     `long:"role" env:"VAULT_SSH_ROLE" description:"Vault SSH role (default: <ssh-username>)"`
	TTL        uint       `long:"ttl" default:"300" env:"VAULT_SSH_TTL" description:"Vault SSH certificate TTL"`
	PublicKey  string     `short:"P" long:"public-key" env:"VAULT_SSH_PUBLIC_KEY" description:"Path to preferred public key for 'sign' mode"`
	Extensions Extensions `group:"Certificate Extensions"`
}

Options define signer-specific flags

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL