Documentation ¶
Overview ¶
govault exists primarily to support vault in AppAuthAL files, but it is possible to use it for rudimentary interactions with Hasicorp Vault.
This caches credentials in a way that is compatible with the perl and python appauthal libraries which allows for clients to continue to work without connectivity to vault for periods of time.
The Hashicorp Vault Client LIbrary is probably a better choice unless you have a specific reason to use this one. It is almost certainly better.
A minimal example is:
{ "options": { "vault": { "CAPath": "/usr/pkg/etc/openssl/certs", "VaultServer": "https://vault.example.com:8200", "VaultRoleId": "e3a17f50-6aea-15df-93f3-cc1651dcb4d9", "VaultSecretIdPath": "/var/lib/vault/stab/secret-id" } }, "database": { "Method": "vault", "VaultPath": "kv/data/myfirstapp/db", "import": { "DBType": "postgresql", "Method": "password", "DBHost": "jazzhands-db.example.com", "DBName": "jazzhands" }, "map": { "Username": "username", "Password": "password" } } }
Index ¶
- type AppAuthVaultAuthEntry
- type AppAuthVaultMethod
- func (a *AppAuthVaultMethod) BuildAppAuthAL(inmap interface{}) (goappauthal.AppAuthAuthEntry, error)
- func (a *AppAuthVaultMethod) BuildCacheKey(rawentry goappauthal.AppAuthAuthEntry) string
- func (a *AppAuthVaultMethod) ExtractVaultKV(rawmap map[string]interface{}) (map[string]string, error)
- func (a *AppAuthVaultMethod) GetName() string
- func (a *AppAuthVaultMethod) Initialize(inmap interface{}, globals map[string]interface{}) error
- func (a *AppAuthVaultMethod) List(path string) ([]string, error)
- func (a *AppAuthVaultMethod) RevokeMyToken() error
- func (a *AppAuthVaultMethod) ShouldCache() bool
- func (a *AppAuthVaultMethod) VaultDelete(path string) error
- func (a *AppAuthVaultMethod) VaultDeleteMetadata(path string) error
- func (a *AppAuthVaultMethod) VaultRead(path string) (map[string]string, error)
- func (a *AppAuthVaultMethod) VaultReadRaw(path string) (map[string]interface{}, error)
- func (a *AppAuthVaultMethod) VaultWrite(path string, args ...string) error
- func (a *AppAuthVaultMethod) VaultWriteMap(path string, inMap map[string]string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppAuthVaultAuthEntry ¶
type AppAuthVaultAuthEntry struct {
// contains filtered or unexported fields
}
An AppAuthVaultAuthEntry is an implementation of the goappauthal.AppAuthAuthEntry interface. It is basically a processed version of one entry where method = 'Vault' in an appauthal file.
func (*AppAuthVaultAuthEntry) BuildAuthenticateMap ¶
func (a *AppAuthVaultAuthEntry) BuildAuthenticateMap() (map[string]string, error)
func (*AppAuthVaultAuthEntry) GetExpiration ¶
func (a *AppAuthVaultAuthEntry) GetExpiration() time.Time
type AppAuthVaultMethod ¶
type AppAuthVaultMethod struct { CAPath string VaultServer string VaultTokenPath string VaultRoleId string VaultSecretId string // contains filtered or unexported fields }
An AppAuthVaultMethod is an implementation of the goappauthal.AppAuthMethod interface, and has all the global options processed and initialized when talking to vault.
func CreateVaultHandle ¶ added in v0.52.0
func CreateVaultHandle(appauthname string) (*AppAuthVaultMethod, error)
given an appauthal entry, return a handle that can be used for vault operations. This is kind of a bastardization of appauthal, but here we are.
func (*AppAuthVaultMethod) BuildAppAuthAL ¶
func (a *AppAuthVaultMethod) BuildAppAuthAL(inmap interface{}) (goappauthal.AppAuthAuthEntry, error)
Build a usable appauthal structure given a previously initialized struct and a current file
func (*AppAuthVaultMethod) BuildCacheKey ¶
func (a *AppAuthVaultMethod) BuildCacheKey(rawentry goappauthal.AppAuthAuthEntry) string
returns a unique filename that is suitable for caching the vault path.
func (*AppAuthVaultMethod) ExtractVaultKV ¶
func (a *AppAuthVaultMethod) ExtractVaultKV(rawmap map[string]interface{}) (map[string]string, error)
func (*AppAuthVaultMethod) GetName ¶
func (a *AppAuthVaultMethod) GetName() string
GetName returns the nmame of the method ("vault")
func (*AppAuthVaultMethod) Initialize ¶
func (a *AppAuthVaultMethod) Initialize(inmap interface{}, globals map[string]interface{}) error
Does whatever initialization is reqauired from an interface which came from an appauthal file. The "vault" sections of the options stanza.
func (*AppAuthVaultMethod) RevokeMyToken ¶
func (a *AppAuthVaultMethod) RevokeMyToken() error
* revoke token obtained by all this, if in fact, it was.
func (*AppAuthVaultMethod) ShouldCache ¶
func (a *AppAuthVaultMethod) ShouldCache() bool
ShouldCache indicates if it is reasonable to cache credentials from this module. Returns true in this case.
func (*AppAuthVaultMethod) VaultDelete ¶
func (a *AppAuthVaultMethod) VaultDelete(path string) error
Delete metadata from Vault Ex.: you have 'kv/data/myfirstapp/foo name=foo pass=bar'
--> use 'VaultDelete' method on 'kv/myfirstapp/foo'
in order to delete the secrets (name and pass in this example)
--> Use 'VaultDeleteMetadata' method on 'kv/myfirstapp/foo'
in order to delete the 'foo' path.
func (*AppAuthVaultMethod) VaultDeleteMetadata ¶
func (a *AppAuthVaultMethod) VaultDeleteMetadata(path string) error
deletes the path, not just the secret (see comment for delete).
func (*AppAuthVaultMethod) VaultRead ¶
func (a *AppAuthVaultMethod) VaultRead(path string) (map[string]string, error)
func (*AppAuthVaultMethod) VaultReadRaw ¶
func (a *AppAuthVaultMethod) VaultReadRaw(path string) (map[string]interface{}, error)
XXX All this should be rethunk and possibly returning a type
func (*AppAuthVaultMethod) VaultWrite ¶
func (a *AppAuthVaultMethod) VaultWrite(path string, args ...string) error
func (*AppAuthVaultMethod) VaultWriteMap ¶
func (a *AppAuthVaultMethod) VaultWriteMap(path string, inMap map[string]string) error