govault

package

v0.52.0 Latest Latest Go to latest Published: Feb 27, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jazzhandscmdb/goappauthal

Links

Open Source Insights

Documentation ¶

Overview ¶

govault exists primarily to support vault in AppAuthAL files, but it is possible to use it for rudimentary interactions with Hasicorp Vault.

This caches credentials in a way that is compatible with the perl and python appauthal libraries which allows for clients to continue to work without connectivity to vault for periods of time.

The Hashicorp Vault Client LIbrary is probably a better choice unless you have a specific reason to use this one. It is almost certainly better.

A minimal example is:

   {
	"options": {
		"vault": {
			"CAPath": "/usr/pkg/etc/openssl/certs",
			"VaultServer": "https://vault.example.com:8200",
			"VaultRoleId": "e3a17f50-6aea-15df-93f3-cc1651dcb4d9",
			"VaultSecretIdPath": "/var/lib/vault/stab/secret-id"
		}
	},
	"database": {
		"Method": "vault",
		"VaultPath": "kv/data/myfirstapp/db",
		"import": {
			"DBType": "postgresql",
			"Method": "password",
			"DBHost": "jazzhands-db.example.com",
			"DBName": "jazzhands"
		},
		"map": {
			"Username": "username",
			"Password": "password"
		}
	}
  }

Index ¶

type AppAuthVaultAuthEntry
- func (a *AppAuthVaultAuthEntry) BuildAuthenticateMap() (map[string]string, error)
- func (a *AppAuthVaultAuthEntry) GetExpiration() time.Time
type AppAuthVaultMethod
- func CreateVaultHandle(appauthname string) (*AppAuthVaultMethod, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AppAuthVaultAuthEntry ¶

type AppAuthVaultAuthEntry struct {
	// contains filtered or unexported fields
}

An AppAuthVaultAuthEntry is an implementation of the goappauthal.AppAuthAuthEntry interface. It is basically a processed version of one entry where method = 'Vault' in an appauthal file.

func (*AppAuthVaultAuthEntry) BuildAuthenticateMap ¶

func (a *AppAuthVaultAuthEntry) BuildAuthenticateMap() (map[string]string, error)

func (*AppAuthVaultAuthEntry) GetExpiration ¶

func (a *AppAuthVaultAuthEntry) GetExpiration() time.Time

type AppAuthVaultMethod ¶

type AppAuthVaultMethod struct {
	CAPath         string
	VaultServer    string
	VaultTokenPath string
	VaultRoleId    string
	VaultSecretId  string
	// contains filtered or unexported fields
}

An AppAuthVaultMethod is an implementation of the goappauthal.AppAuthMethod interface, and has all the global options processed and initialized when talking to vault.

func CreateVaultHandle ¶ added in v0.52.0

func CreateVaultHandle(appauthname string) (*AppAuthVaultMethod, error)

given an appauthal entry, return a handle that can be used for vault operations. This is kind of a bastardization of appauthal, but here we are.

func (*AppAuthVaultMethod) BuildAppAuthAL ¶

func (a *AppAuthVaultMethod) BuildAppAuthAL(inmap interface{}) (goappauthal.AppAuthAuthEntry, error)

Build a usable appauthal structure given a previously initialized struct and a current file

func (*AppAuthVaultMethod) BuildCacheKey ¶

func (a *AppAuthVaultMethod) BuildCacheKey(rawentry goappauthal.AppAuthAuthEntry) string

returns a unique filename that is suitable for caching the vault path.

func (*AppAuthVaultMethod) ExtractVaultKV ¶

func (a *AppAuthVaultMethod) ExtractVaultKV(rawmap map[string]interface{}) (map[string]string, error)

func (*AppAuthVaultMethod) GetName ¶

func (a *AppAuthVaultMethod) GetName() string

GetName returns the nmame of the method ("vault")

func (*AppAuthVaultMethod) Initialize ¶

func (a *AppAuthVaultMethod) Initialize(inmap interface{}, globals map[string]interface{}) error

Does whatever initialization is reqauired from an interface which came from an appauthal file. The "vault" sections of the options stanza.

func (*AppAuthVaultMethod) List ¶

func (a *AppAuthVaultMethod) List(path string) ([]string, error)

func (*AppAuthVaultMethod) RevokeMyToken ¶

func (a *AppAuthVaultMethod) RevokeMyToken() error

* revoke token obtained by all this, if in fact, it was.

func (*AppAuthVaultMethod) ShouldCache ¶

func (a *AppAuthVaultMethod) ShouldCache() bool

ShouldCache indicates if it is reasonable to cache credentials from this module. Returns true in this case.

func (*AppAuthVaultMethod) VaultDelete ¶

func (a *AppAuthVaultMethod) VaultDelete(path string) error

Delete metadata from Vault Ex.: you have 'kv/data/myfirstapp/foo name=foo pass=bar'

--> use 'VaultDelete' method on 'kv/myfirstapp/foo'

in order to delete the secrets (name and pass in this example)

--> Use 'VaultDeleteMetadata' method on 'kv/myfirstapp/foo'

in order to delete the 'foo' path.

func (*AppAuthVaultMethod) VaultDeleteMetadata ¶

func (a *AppAuthVaultMethod) VaultDeleteMetadata(path string) error

deletes the path, not just the secret (see comment for delete).

func (*AppAuthVaultMethod) VaultRead ¶

func (a *AppAuthVaultMethod) VaultRead(path string) (map[string]string, error)

func (*AppAuthVaultMethod) VaultReadRaw ¶

func (a *AppAuthVaultMethod) VaultReadRaw(path string) (map[string]interface{}, error)

XXX All this should be rethunk and possibly returning a type

func (*AppAuthVaultMethod) VaultWrite ¶

func (a *AppAuthVaultMethod) VaultWrite(path string, args ...string) error

func (*AppAuthVaultMethod) VaultWriteMap ¶

func (a *AppAuthVaultMethod) VaultWriteMap(path string, inMap map[string]string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL