Versions in this module Expand all Collapse all v1 v1.1.7 Apr 1, 2021 Changes in this version + const AESGCMVersion1 + const AESGCMVersion2 + const CORSDisabled + const CORSEnabled + const CoreLockPath + const CreateCapability + const CreateCapabilityInt + const DRReplicationALPN + const DeleteCapability + const DeleteCapabilityInt + const DenyCapability + const DenyCapabilityInt + const IntNoForwardingHeaderName + const ListCapability + const ListCapabilityInt + const OldDenyPathPolicy + const OldReadPathPolicy + const OldSudoPathPolicy + const OldWritePathPolicy + const PerformanceReplicationALPN + const ReadCapability + const ReadCapabilityInt + const RecoveryTypeShamir + const RecoveryTypeUnsupported + const RootCapability + const StoredBarrierKeysPath + const SudoCapability + const SudoCapabilityInt + const UpdateCapability + const UpdateCapabilityInt + var DefaultMaxRequestDuration = 90 * time.Second + var ErrAlreadyInit = errors.New("vault is already initialized") + var ErrBarrierAlreadyInit = errors.New("vault is already initialized") + var ErrBarrierInvalidKey = errors.New("unseal failed, invalid key") + var ErrBarrierNotInit = errors.New("vault is not initialized") + var ErrBarrierSealed = errors.New("vault is sealed") + var ErrCannotForward = errors.New("cannot forward request; no connection or address not known") + var ErrDirectoryNotConfigured = errors.New("could not set plugin, plugin directory is not configured") + var ErrHANotEnabled = errors.New("vault is not configured for highly-available mode") + var ErrInternalError = errors.New("internal error") + var ErrNotInit = errors.New("vault is not initialized") + var ErrPluginBadType = errors.New("unable to determine plugin type") + var ErrPluginNotFound = errors.New("plugin not found in the catalog") + var HeartbeatInterval = 5 * time.Second + var LastRemoteWAL = lastRemoteWALImpl + var LastWAL = lastWALImpl + var NamespaceByID = namespaceByID + var StdAllowedHeaders = []string + var TokenLength = 24 + var WaitUntilWALShipped = waitUntilWALShippedImpl + func IsFatalError(err error) bool + func LeaseSwitchedPassthroughBackend(ctx context.Context, conf *logical.BackendConfig, leases bool) (logical.Backend, error) + func LeasedPassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) + func NewRequestForwardingHandler(c *Core, fws *http2.Server, perfStandbySlots chan struct{}, ...) (*requestForwardingHandler, error) + func NewSealUnwrapper(underlying physical.Backend, logger log.Logger) physical.Backend + func PassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) + func PublicBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) + func RegisterRequestForwardingServer(s *grpc.Server, srv RequestForwardingServer) + type ACL struct + func NewACL(ctx context.Context, policies []*Policy) (*ACL, error) + func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheckOnly bool) (ret *ACLResults) + func (a *ACL) Capabilities(ctx context.Context, path string) (pathCapabilities []string) + func (a *ACL) CheckAllowedFromNonExactPaths(path string, bareMount bool) *ACLPermissions + type ACLPermissions struct + AllowedParameters map[string][]interface{} + CapabilitiesBitmap uint32 + ControlGroup *ControlGroup + DeniedParameters map[string][]interface{} + MFAMethods []string + MaxWrappingTTL time.Duration + MinWrappingTTL time.Duration + RequiredParameters []string + func (p *ACLPermissions) Clone() (*ACLPermissions, error) + type ACLResults struct + Allowed bool + CapabilitiesBitmap uint32 + ControlGroup *ControlGroup + IsRoot bool + MFAMethods []string + RootPrivs bool + type AESGCMBarrier struct + func NewAESGCMBarrier(physical physical.Backend) (*AESGCMBarrier, error) + func (b *AESGCMBarrier) ActiveKeyInfo() (*KeyInfo, error) + func (b *AESGCMBarrier) CheckUpgrade(ctx context.Context) (bool, uint32, error) + func (b *AESGCMBarrier) CreateUpgrade(ctx context.Context, term uint32) error + func (b *AESGCMBarrier) Decrypt(ctx context.Context, key string, ciphertext []byte) ([]byte, error) + func (b *AESGCMBarrier) Delete(ctx context.Context, key string) error + func (b *AESGCMBarrier) DestroyUpgrade(ctx context.Context, term uint32) error + func (b *AESGCMBarrier) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error) + func (b *AESGCMBarrier) GenerateKey() ([]byte, error) + func (b *AESGCMBarrier) Get(ctx context.Context, key string) (*logical.StorageEntry, error) + func (b *AESGCMBarrier) Initialize(ctx context.Context, key []byte) error + func (b *AESGCMBarrier) Initialized(ctx context.Context) (bool, error) + func (b *AESGCMBarrier) KeyLength() (int, int) + func (b *AESGCMBarrier) Keyring() (*Keyring, error) + func (b *AESGCMBarrier) List(ctx context.Context, prefix string) ([]string, error) + func (b *AESGCMBarrier) Put(ctx context.Context, entry *logical.StorageEntry) error + func (b *AESGCMBarrier) Rekey(ctx context.Context, key []byte) error + func (b *AESGCMBarrier) ReloadKeyring(ctx context.Context) error + func (b *AESGCMBarrier) ReloadMasterKey(ctx context.Context) error + func (b *AESGCMBarrier) Rotate(ctx context.Context) (uint32, error) + func (b *AESGCMBarrier) Seal() error + func (b *AESGCMBarrier) Sealed() (bool, error) + func (b *AESGCMBarrier) SetMasterKey(key []byte) error + func (b *AESGCMBarrier) Unseal(ctx context.Context, key []byte) error + func (b *AESGCMBarrier) VerifyMaster(key []byte) error + type APIMountConfig struct + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL string + ForceNoCache bool + ListingVisibility ListingVisibilityType + MaxLeaseTTL string + PassthroughRequestHeaders []string + PluginName string + TokenType string + type AuditBroker struct + func NewAuditBroker(log log.Logger) *AuditBroker + func (a *AuditBroker) Deregister(name string) + func (a *AuditBroker) GetHash(ctx context.Context, name string, input string) (string, error) + func (a *AuditBroker) Invalidate(ctx context.Context, key string) + func (a *AuditBroker) IsLocal(name string) (bool, error) + func (a *AuditBroker) IsRegistered(name string) bool + func (a *AuditBroker) LogRequest(ctx context.Context, in *audit.LogInput, headersConfig *AuditedHeadersConfig) (ret error) + func (a *AuditBroker) LogResponse(ctx context.Context, in *audit.LogInput, headersConfig *AuditedHeadersConfig) (ret error) + func (a *AuditBroker) Register(name string, b audit.Backend, v *BarrierView, local bool) + type AuditedHeadersConfig struct + Headers map[string]*auditedHeaderSettings + func (a *AuditedHeadersConfig) ApplyConfig(ctx context.Context, headers map[string][]string, ...) (result map[string][]string, retErr error) + type AuthResults struct + ACLResults *ACLResults + Allowed bool + DeniedError bool + Error *multierror.Error + RootPrivs bool + type BarrierEncryptor interface + Decrypt func(ctx context.Context, key string, ciphertext []byte) ([]byte, error) + Encrypt func(ctx context.Context, key string, plaintext []byte) ([]byte, error) + type BarrierEncryptorAccess struct + func NewBarrierEncryptorAccess(barrierEncryptor BarrierEncryptor) *BarrierEncryptorAccess + func (b *BarrierEncryptorAccess) Decrypt(ctx context.Context, key string, ciphertext []byte) ([]byte, error) + func (b *BarrierEncryptorAccess) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error) + type BarrierStorage interface + Delete func(ctx context.Context, key string) error + Get func(ctx context.Context, key string) (*logical.StorageEntry, error) + List func(ctx context.Context, prefix string) ([]string, error) + Put func(ctx context.Context, entry *logical.StorageEntry) error + type BarrierView struct + func NewBarrierView(barrier logical.Storage, prefix string) *BarrierView + func (v *BarrierView) Delete(ctx context.Context, key string) error + func (v *BarrierView) Get(ctx context.Context, key string) (*logical.StorageEntry, error) + func (v *BarrierView) List(ctx context.Context, prefix string) ([]string, error) + func (v *BarrierView) Prefix() string + func (v *BarrierView) Put(ctx context.Context, entry *logical.StorageEntry) error + func (v *BarrierView) SubView(prefix string) *BarrierView + type BuiltinRegistry interface + Contains func(name string, pluginType consts.PluginType) bool + Get func(name string, pluginType consts.PluginType) (func() (interface{}, error), bool) + Keys func(pluginType consts.PluginType) []string + type CORSConfig struct + AllowedHeaders []string + AllowedOrigins []string + Enabled *uint32 + func (c *CORSConfig) Disable(ctx context.Context) error + func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string) error + func (c *CORSConfig) IsEnabled() bool + func (c *CORSConfig) IsValidOrigin(origin string) bool + type ClientKey struct + D []byte + Type string + X []byte + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + Y []byte + func (*ClientKey) Descriptor() ([]byte, []int) + func (*ClientKey) ProtoMessage() + func (m *ClientKey) GetD() []byte + func (m *ClientKey) GetType() string + func (m *ClientKey) GetX() []byte + func (m *ClientKey) GetY() []byte + func (m *ClientKey) Reset() + func (m *ClientKey) String() string + func (m *ClientKey) XXX_DiscardUnknown() + func (m *ClientKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *ClientKey) XXX_Merge(src proto.Message) + func (m *ClientKey) XXX_Size() int + func (m *ClientKey) XXX_Unmarshal(b []byte) error + type Cluster struct + ID string + Name string + type ClusterClient interface + ClientLookup func(context.Context, *tls.CertificateRequestInfo) (*tls.Certificate, error) + type ClusterHandler interface + CALookup func(context.Context) (*x509.Certificate, error) + Handoff func(context.Context, *sync.WaitGroup, chan struct{}, *tls.Conn) error + ServerLookup func(context.Context, *tls.ClientHelloInfo) (*tls.Certificate, error) + Stop func() error + type ClusterLeaderParams struct + LeaderClusterAddr string + LeaderRedirectAddr string + LeaderUUID string + type ClusterListener struct + func (cl *ClusterListener) AddClient(alpn string, client ClusterClient) + func (cl *ClusterListener) AddHandler(alpn string, handler ClusterHandler) + func (cl *ClusterListener) RemoveClient(alpn string) + func (cl *ClusterListener) Run(ctx context.Context) error + func (cl *ClusterListener) Server() *http2.Server + func (cl *ClusterListener) Stop() + func (cl *ClusterListener) StopHandler(alpn string) + func (cl *ClusterListener) TLSConfig(ctx context.Context) (*tls.Config, error) + type ControlGroup struct + Factors []*ControlGroupFactor + TTL time.Duration + type ControlGroupFactor struct + Identity *IdentityFactor + Name string + type ControlGroupHCL struct + Factors map[string]*ControlGroupFactor + TTL interface{} + type Core struct + func NewCore(conf *CoreConfig) (*Core, error) + func (c *Core) ActiveNodeReplicationState() consts.ReplicationState + func (c *Core) AddLogger(logger log.Logger) + func (c *Core) AuditedHeadersConfig() *AuditedHeadersConfig + func (c *Core) BarrierEncryptorAccess() *BarrierEncryptorAccess + func (c *Core) BarrierKeyLength() (min, max int) + func (c *Core) BarrierRekeyInit(config *SealConfig) logical.HTTPCodedError + func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError) + func (c *Core) CORSConfig() *CORSConfig + func (c *Core) Capabilities(ctx context.Context, token, path string) ([]string, error) + func (c *Core) Cluster(ctx context.Context) (*Cluster, error) + func (c *Core) ForwardRequest(req *http.Request) (int, http.Header, []byte, error) + func (c *Core) GenerateRootCancel() error + func (c *Core) GenerateRootConfiguration() (*GenerateRootConfig, error) + func (c *Core) GenerateRootInit(otp, pgpKey string, strategy GenerateRootStrategy) error + func (c *Core) GenerateRootProgress() (int, error) + func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string, strategy GenerateRootStrategy) (*GenerateRootResult, error) + func (c *Core) GetContext() (context.Context, context.CancelFunc) + func (c *Core) HandleRequest(httpCtx context.Context, req *logical.Request) (resp *logical.Response, err error) + func (c *Core) IdentityStore() *IdentityStore + func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitResult, error) + func (c *Core) Initialized(ctx context.Context) (bool, error) + func (c *Core) IsBatchTokenCreationRequest(ctx context.Context, path string) (bool, error) + func (c *Core) IsDRSecondary() bool + func (c *Core) IsInSealMigration() bool + func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err error) + func (c *Core) Logger() log.Logger + func (c *Core) LookupToken(ctx context.Context, token string) (*logical.TokenEntry, error) + func (c *Core) PerfStandby() bool + func (c *Core) PhysicalAccess() *physical.PAccess + func (c *Core) PhysicalSealConfigs(ctx context.Context) (*SealConfig, *SealConfig, error) + func (c *Core) RecoveryRekeyInit(config *SealConfig) logical.HTTPCodedError + func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError) + func (c *Core) RegisterAuth(ctx context.Context, tokenTTL time.Duration, path string, auth *logical.Auth) error + func (c *Core) RekeyCancel(recovery bool) logical.HTTPCodedError + func (c *Core) RekeyConfig(recovery bool) (*SealConfig, logical.HTTPCodedError) + func (c *Core) RekeyDeleteBackup(ctx context.Context, recovery bool) logical.HTTPCodedError + func (c *Core) RekeyInit(config *SealConfig, recovery bool) logical.HTTPCodedError + func (c *Core) RekeyProgress(recovery, verification bool) (bool, int, logical.HTTPCodedError) + func (c *Core) RekeyRetrieveBackup(ctx context.Context, recovery bool) (*RekeyBackup, logical.HTTPCodedError) + func (c *Core) RekeyThreshold(ctx context.Context, recovery bool) (int, logical.HTTPCodedError) + func (c *Core) RekeyUpdate(ctx context.Context, key []byte, nonce string, recovery bool) (*RekeyResult, logical.HTTPCodedError) + func (c *Core) RekeyVerify(ctx context.Context, key []byte, nonce string, recovery bool) (ret *RekeyVerifyResult, retErr logical.HTTPCodedError) + func (c *Core) RekeyVerifyRestart(recovery bool) logical.HTTPCodedError + func (c *Core) ReplicationState() consts.ReplicationState + func (c *Core) ResetUnsealProcess() + func (c *Core) RouterAccess() *RouterAccess + func (c *Core) Seal(token string) error + func (c *Core) SealAccess() *SealAccess + func (c *Core) SealWithRequest(httpCtx context.Context, req *logical.Request) error + func (c *Core) Sealed() bool + func (c *Core) SecretProgress() (int, string) + func (c *Core) SetClusterHandler(handler http.Handler) + func (c *Core) SetClusterListenerAddrs(addrs []*net.TCPAddr) + func (c *Core) SetLoadCaseSensitiveIdentityStore(caseSensitive bool) + func (c *Core) SetLogLevel(level log.Level) + func (c *Core) SetNeverBecomeActive(on bool) + func (c *Core) SetSealsForMigration(migrationSeal, newSeal, unwrapSeal Seal) + func (c *Core) Shutdown() error + func (c *Core) Standby() (bool, error) + func (c *Core) StepDown(httpCtx context.Context, req *logical.Request) (retErr error) + func (c *Core) UIEnabled() bool + func (c *Core) UIHeaders() (http.Header, error) + func (c *Core) Unseal(key []byte) (bool, error) + func (c *Core) UnsealWithRecoveryKeys(key []byte) (bool, error) + func (c *Core) UnsealWithStoredKeys(ctx context.Context) error + func (c *Core) ValidateWrappingToken(ctx context.Context, req *logical.Request) (bool, error) + type CoreConfig struct + AllLoggers []log.Logger + AuditBackends map[string]audit.Factory + BuiltinRegistry BuiltinRegistry + CacheSize int + ClusterAddr string + ClusterCipherSuites string + ClusterName string + CounterSyncInterval time.Duration + CredentialBackends map[string]logical.Factory + DefaultLeaseTTL time.Duration + DevLicenseDuration time.Duration + DevToken string + DisableCache bool + DisableIndexing bool + DisableKeyEncodingChecks bool + DisableMlock bool + DisablePerformanceStandby bool + DisableSealWrap bool + EnableRaw bool + EnableUI bool + HAPhysical physical.HABackend + LicensingConfig *LicensingConfig + Logger log.Logger + LogicalBackends map[string]logical.Factory + MaxLeaseTTL time.Duration + MetricsHelper *metricsutil.MetricsHelper + Physical physical.Backend + PluginDirectory string + RedirectAddr string + ReloadFuncs *map[string][]reload.ReloadFunc + ReloadFuncsLock *sync.RWMutex + Seal Seal + func (c *CoreConfig) Clone() *CoreConfig + type DatedRequestCounter struct + StartTime time.Time + type EchoReply struct + ClusterAddrs []string + Message string + ReplicationState uint32 + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*EchoReply) Descriptor() ([]byte, []int) + func (*EchoReply) ProtoMessage() + func (m *EchoReply) GetClusterAddrs() []string + func (m *EchoReply) GetMessage() string + func (m *EchoReply) GetReplicationState() uint32 + func (m *EchoReply) Reset() + func (m *EchoReply) String() string + func (m *EchoReply) XXX_DiscardUnknown() + func (m *EchoReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *EchoReply) XXX_Merge(src proto.Message) + func (m *EchoReply) XXX_Size() int + func (m *EchoReply) XXX_Unmarshal(b []byte) error + type EchoRequest struct + ClusterAddr string + ClusterAddrs []string + Message string + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*EchoRequest) Descriptor() ([]byte, []int) + func (*EchoRequest) ProtoMessage() + func (m *EchoRequest) GetClusterAddr() string + func (m *EchoRequest) GetClusterAddrs() []string + func (m *EchoRequest) GetMessage() string + func (m *EchoRequest) Reset() + func (m *EchoRequest) String() string + func (m *EchoRequest) XXX_DiscardUnknown() + func (m *EchoRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *EchoRequest) XXX_Merge(src proto.Message) + func (m *EchoRequest) XXX_Size() int + func (m *EchoRequest) XXX_Unmarshal(b []byte) error + type EncodedKeyring struct + Keys []*Key + MasterKey []byte + type ErrInvalidKey struct + Reason string + func (e *ErrInvalidKey) Error() string + type ExpirationManager struct + func NewExpirationManager(c *Core, view *BarrierView, e ExpireLeaseStrategy, logger log.Logger) *ExpirationManager + func (m *ExpirationManager) CreateOrFetchRevocationLeaseByToken(ctx context.Context, te *logical.TokenEntry) (string, error) + func (m *ExpirationManager) FetchLeaseTimes(ctx context.Context, leaseID string) (*leaseEntry, error) + func (m *ExpirationManager) FetchLeaseTimesByToken(ctx context.Context, te *logical.TokenEntry) (*leaseEntry, error) + func (m *ExpirationManager) LazyRevoke(ctx context.Context, leaseID string) error + func (m *ExpirationManager) Register(ctx context.Context, req *logical.Request, resp *logical.Response) (id string, retErr error) + func (m *ExpirationManager) RegisterAuth(ctx context.Context, te *logical.TokenEntry, auth *logical.Auth) error + func (m *ExpirationManager) Renew(ctx context.Context, leaseID string, increment time.Duration) (*logical.Response, error) + func (m *ExpirationManager) RenewToken(ctx context.Context, req *logical.Request, te *logical.TokenEntry, ...) (*logical.Response, error) + func (m *ExpirationManager) Restore(errorFunc func()) (retErr error) + func (m *ExpirationManager) Revoke(ctx context.Context, leaseID string) error + func (m *ExpirationManager) RevokeByToken(ctx context.Context, te *logical.TokenEntry) error + func (m *ExpirationManager) RevokeForce(ctx context.Context, prefix string) error + func (m *ExpirationManager) RevokePrefix(ctx context.Context, prefix string, sync bool) error + func (m *ExpirationManager) Stop() error + func (m *ExpirationManager) Tidy(ctx context.Context) error + type ExpireLeaseStrategy func(context.Context, *ExpirationManager, *leaseEntry) + type GenerateRootConfig struct + Nonce string + OTP string + PGPFingerprint string + PGPKey string + Strategy GenerateRootStrategy + type GenerateRootResult struct + EncodedToken string + PGPFingerprint string + Progress int + Required int + type GenerateRootStrategy interface + var GenerateDROperationTokenStrategy GenerateRootStrategy = generateStandardRootToken{} + var GenerateStandardRootTokenStrategy GenerateRootStrategy = generateStandardRootToken{} + type HandlerProperties struct + Core *Core + DisablePrintableCheck bool + MaxRequestDuration time.Duration + MaxRequestSize int64 + type IdentityFactor struct + ApprovalsRequired int + GroupIDs []string + GroupNames []string + type IdentityStore struct + func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendConfig, ...) (*IdentityStore, error) + func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.Alias) (*identity.Entity, error) + func (i *IdentityStore) Invalidate(ctx context.Context, key string) + func (i *IdentityStore) MemDBAliasByFactors(mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error) + func (i *IdentityStore) MemDBAliasByFactorsInTxn(txn *memdb.Txn, mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error) + func (i *IdentityStore) MemDBAliasByID(aliasID string, clone bool, groupAlias bool) (*identity.Alias, error) + func (i *IdentityStore) MemDBAliasByIDInTxn(txn *memdb.Txn, aliasID string, clone bool, groupAlias bool) (*identity.Alias, error) + func (i *IdentityStore) MemDBAliases(ws memdb.WatchSet, groupAlias bool) (memdb.ResultIterator, error) + func (i *IdentityStore) MemDBDeleteAliasByIDInTxn(txn *memdb.Txn, aliasID string, groupAlias bool) error + func (i *IdentityStore) MemDBDeleteEntityByID(entityID string) error + func (i *IdentityStore) MemDBDeleteEntityByIDInTxn(txn *memdb.Txn, entityID string) error + func (i *IdentityStore) MemDBDeleteGroupByIDInTxn(txn *memdb.Txn, groupID string) error + func (i *IdentityStore) MemDBEntitiesByBucketEntryKeyHashInTxn(txn *memdb.Txn, hashValue string) ([]*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByAliasID(aliasID string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByID(entityID string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByIDInTxn(txn *memdb.Txn, entityID string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByMergedEntityID(mergedEntityID string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByName(ctx context.Context, entityName string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBEntityByNameInTxn(ctx context.Context, txn *memdb.Txn, entityName string, clone bool) (*identity.Entity, error) + func (i *IdentityStore) MemDBGroupByAliasID(aliasID string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupByID(groupID string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupByIDInTxn(txn *memdb.Txn, groupID string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupByName(ctx context.Context, groupName string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupByNameInTxn(ctx context.Context, txn *memdb.Txn, groupName string, clone bool) (*identity.Group, error) + func (i *IdentityStore) MemDBGroupsByBucketEntryKeyHashInTxn(txn *memdb.Txn, hashValue string) ([]*identity.Group, error) + func (i *IdentityStore) MemDBGroupsByMemberEntityID(entityID string, clone bool, externalOnly bool) ([]*identity.Group, error) + func (i *IdentityStore) MemDBGroupsByMemberEntityIDInTxn(txn *memdb.Txn, entityID string, clone bool, externalOnly bool) ([]*identity.Group, error) + func (i *IdentityStore) MemDBGroupsByParentGroupID(memberGroupID string, clone bool) ([]*identity.Group, error) + func (i *IdentityStore) MemDBGroupsByParentGroupIDInTxn(txn *memdb.Txn, memberGroupID string, clone bool) ([]*identity.Group, error) + func (i *IdentityStore) MemDBUpsertAliasInTxn(txn *memdb.Txn, alias *identity.Alias, groupAlias bool) error + func (i *IdentityStore) MemDBUpsertEntityInTxn(txn *memdb.Txn, entity *identity.Entity) error + func (i *IdentityStore) MemDBUpsertGroupInTxn(txn *memdb.Txn, group *identity.Group) error + func (i *IdentityStore) UpsertGroup(group *identity.Group, persist bool) error + func (i *IdentityStore) UpsertGroupInTxn(txn *memdb.Txn, group *identity.Group, persist bool) error + type InitParams struct + BarrierConfig *SealConfig + RecoveryConfig *SealConfig + RootTokenPGPKey string + type InitResult struct + RecoveryShares [][]byte + RootToken string + SecretShares [][]byte + type Key struct + InstallTime time.Time + Term uint32 + Value []byte + Version int + func DeserializeKey(buf []byte) (*Key, error) + func (k *Key) Serialize() ([]byte, error) + type KeyInfo struct + InstallTime time.Time + Term int + type Keyring struct + func DeserializeKeyring(buf []byte) (*Keyring, error) + func NewKeyring() *Keyring + func (k *Keyring) ActiveKey() *Key + func (k *Keyring) ActiveTerm() uint32 + func (k *Keyring) AddKey(key *Key) (*Keyring, error) + func (k *Keyring) Clone() *Keyring + func (k *Keyring) MasterKey() []byte + func (k *Keyring) RemoveKey(term uint32) (*Keyring, error) + func (k *Keyring) Serialize() ([]byte, error) + func (k *Keyring) SetMasterKey(val []byte) *Keyring + func (k *Keyring) TermKey(term uint32) *Key + func (k *Keyring) Zeroize(keysToo bool) + type LicensingConfig struct + AdditionalPublicKeys []interface{} + type ListingVisibilityType string + const ListingVisibilityDefault + const ListingVisibilityHidden + const ListingVisibilityUnauth + const MountTableNoUpdateStorage + const MountTableUpdateStorage + type MountConfig struct + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL time.Duration + ForceNoCache bool + ListingVisibility ListingVisibilityType + MaxLeaseTTL time.Duration + PassthroughRequestHeaders []string + PluginName string + TokenType logical.TokenType + type MountEntry struct + Accessor string + BackendAwareUUID string + Config MountConfig + Description string + Local bool + NamespaceID string + Options map[string]string + Path string + SealWrap bool + Table string + Tainted bool + Type string + UUID string + func (e *MountEntry) APIPath() string + func (e *MountEntry) Clone() (*MountEntry, error) + func (e *MountEntry) Namespace() *namespace.Namespace + func (e *MountEntry) SyncCache() + func (e *MountEntry) ViewPath() string + type MountTable struct + Entries []*MountEntry + Type string + type NonFatalError struct + Err error + func NewNonFatalError(err error) *NonFatalError + func (e *NonFatalError) Error() string + func (e *NonFatalError) WrappedErrors() []error + type PassthroughBackend struct + func (b *PassthroughBackend) GeneratesLeases() bool + type PathRules struct + AllowedParametersHCL map[string][]interface{} + Capabilities []string + ControlGroupHCL *ControlGroupHCL + DeniedParametersHCL map[string][]interface{} + HasSegmentWildcards bool + IsPrefix bool + MFAMethodsHCL []string + MaxWrappingTTLHCL interface{} + MinWrappingTTLHCL interface{} + Path string + Permissions *ACLPermissions + Policy string + RequiredParametersHCL []string + type PerfStandbyElectionInput struct + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*PerfStandbyElectionInput) Descriptor() ([]byte, []int) + func (*PerfStandbyElectionInput) ProtoMessage() + func (m *PerfStandbyElectionInput) Reset() + func (m *PerfStandbyElectionInput) String() string + func (m *PerfStandbyElectionInput) XXX_DiscardUnknown() + func (m *PerfStandbyElectionInput) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *PerfStandbyElectionInput) XXX_Merge(src proto.Message) + func (m *PerfStandbyElectionInput) XXX_Size() int + func (m *PerfStandbyElectionInput) XXX_Unmarshal(b []byte) error + type PerfStandbyElectionResponse struct + CaCert []byte + ClientCert []byte + ClientKey *ClientKey + ClusterId string + Id string + PrimaryClusterAddr string + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*PerfStandbyElectionResponse) Descriptor() ([]byte, []int) + func (*PerfStandbyElectionResponse) ProtoMessage() + func (m *PerfStandbyElectionResponse) GetCaCert() []byte + func (m *PerfStandbyElectionResponse) GetClientCert() []byte + func (m *PerfStandbyElectionResponse) GetClientKey() *ClientKey + func (m *PerfStandbyElectionResponse) GetClusterId() string + func (m *PerfStandbyElectionResponse) GetId() string + func (m *PerfStandbyElectionResponse) GetPrimaryClusterAddr() string + func (m *PerfStandbyElectionResponse) Reset() + func (m *PerfStandbyElectionResponse) String() string + func (m *PerfStandbyElectionResponse) XXX_DiscardUnknown() + func (m *PerfStandbyElectionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *PerfStandbyElectionResponse) XXX_Merge(src proto.Message) + func (m *PerfStandbyElectionResponse) XXX_Size() int + func (m *PerfStandbyElectionResponse) XXX_Unmarshal(b []byte) error + type PluginCatalog struct + func (c *PluginCatalog) Delete(ctx context.Context, name string, pluginType consts.PluginType) error + func (c *PluginCatalog) Get(ctx context.Context, name string, pluginType consts.PluginType) (*pluginutil.PluginRunner, error) + func (c *PluginCatalog) List(ctx context.Context, pluginType consts.PluginType) ([]string, error) + func (c *PluginCatalog) Set(ctx context.Context, name string, pluginType consts.PluginType, command string, ...) error + func (c *PluginCatalog) UpgradePlugins(ctx context.Context, logger log.Logger) error + type Policy struct + Name string + Paths []*PathRules + Raw string + Templated bool + Type PolicyType + func ParseACLPolicy(ns *namespace.Namespace, rules string) (*Policy, error) + func (p *Policy) ShallowClone() *Policy + type PolicyCheckOpts struct + RootPrivsRequired bool + Unauth bool + type PolicyEntry struct + Raw string + Templated bool + Type PolicyType + Version int + type PolicyStore struct + func NewPolicyStore(ctx context.Context, core *Core, baseView *BarrierView, ...) (*PolicyStore, error) + func (ps *PolicyStore) ACL(ctx context.Context, entity *identity.Entity, policyNames map[string][]string) (*ACL, error) + func (ps *PolicyStore) DeletePolicy(ctx context.Context, name string, policyType PolicyType) error + func (ps *PolicyStore) GetPolicy(ctx context.Context, name string, policyType PolicyType) (*Policy, error) + func (ps *PolicyStore) ListPolicies(ctx context.Context, policyType PolicyType) ([]string, error) + func (ps *PolicyStore) SetPolicy(ctx context.Context, p *Policy) error + type PolicyType uint32 + const PolicyTypeACL + const PolicyTypeEGP + const PolicyTypeRGP + const PolicyTypeToken + func (p PolicyType) String() string + type PublicBackend struct + type RegisterAuthFunc func(context.Context, time.Duration, string, *logical.Auth) error + type RekeyBackup struct + Keys map[string][]string + Nonce string + type RekeyResult struct + Backup bool + PGPFingerprints []string + RecoveryKey bool + SecretShares [][]byte + VerificationNonce string + VerificationRequired bool + type RekeyVerifyResult struct + Complete bool + Nonce string + type ReplicationTokenInfo struct + type RequestCounter struct + Total *uint64 + type RequestForwardingClient interface + Echo func(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error) + ForwardRequest func(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error) + PerformanceStandbyElectionRequest func(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error) + func NewRequestForwardingClient(cc *grpc.ClientConn) RequestForwardingClient + type RequestForwardingServer interface + Echo func(context.Context, *EchoRequest) (*EchoReply, error) + ForwardRequest func(context.Context, *forwarding.Request) (*forwarding.Response, error) + PerformanceStandbyElectionRequest func(*PerfStandbyElectionInput, ...) error + type RequestForwarding_PerformanceStandbyElectionRequestClient interface + Recv func() (*PerfStandbyElectionResponse, error) + type RequestForwarding_PerformanceStandbyElectionRequestServer interface + Send func(*PerfStandbyElectionResponse) error + type RollbackManager struct + func NewRollbackManager(ctx context.Context, logger log.Logger, backendsFunc func() []*MountEntry, ...) *RollbackManager + func (m *RollbackManager) Rollback(ctx context.Context, path string) error + func (m *RollbackManager) Start() + func (m *RollbackManager) Stop() + type Router struct + func NewRouter() *Router + func (r *Router) LoginPath(ctx context.Context, path string) bool + func (r *Router) MatchingAPIPrefixByStoragePath(ctx context.Context, path string) (*namespace.Namespace, string, string, bool) + func (r *Router) MatchingBackend(ctx context.Context, path string) logical.Backend + func (r *Router) MatchingMount(ctx context.Context, path string) string + func (r *Router) MatchingMountByAccessor(mountAccessor string) *MountEntry + func (r *Router) MatchingMountByUUID(mountID string) *MountEntry + func (r *Router) MatchingMountEntry(ctx context.Context, path string) *MountEntry + func (r *Router) MatchingStorageByAPIPath(ctx context.Context, path string) logical.Storage + func (r *Router) MatchingStorageByStoragePath(ctx context.Context, path string) logical.Storage + func (r *Router) MatchingStoragePrefixByAPIPath(ctx context.Context, path string) (string, bool) + func (r *Router) MatchingSystemView(ctx context.Context, path string) logical.SystemView + func (r *Router) Mount(backend logical.Backend, prefix string, mountEntry *MountEntry, ...) error + func (r *Router) MountConflict(ctx context.Context, path string) string + func (r *Router) Remount(ctx context.Context, src, dst string) error + func (r *Router) RootPath(ctx context.Context, path string) bool + func (r *Router) Route(ctx context.Context, req *logical.Request) (*logical.Response, error) + func (r *Router) RouteExistenceCheck(ctx context.Context, req *logical.Request) (*logical.Response, bool, bool, error) + func (r *Router) Taint(ctx context.Context, path string) error + func (r *Router) Unmount(ctx context.Context, prefix string) error + func (r *Router) Untaint(ctx context.Context, path string) error + type RouterAccess struct + func NewRouterAccess(c *Core) *RouterAccess + func (r *RouterAccess) StoragePrefixByAPIPath(ctx context.Context, path string) (string, bool) + type Seal interface + BarrierConfig func(context.Context) (*SealConfig, error) + BarrierType func() string + Finalize func(context.Context) error + GetStoredKeys func(context.Context) ([][]byte, error) + Init func(context.Context) error + RecoveryConfig func(context.Context) (*SealConfig, error) + RecoveryKey func(context.Context) ([]byte, error) + RecoveryKeySupported func() bool + RecoveryType func() string + SetBarrierConfig func(context.Context, *SealConfig) error + SetCachedBarrierConfig func(*SealConfig) + SetCachedRecoveryConfig func(*SealConfig) + SetCore func(*Core) + SetRecoveryConfig func(context.Context, *SealConfig) error + SetRecoveryKey func(context.Context, []byte) error + SetStoredKeys func(context.Context, [][]byte) error + StoredKeysSupported func() bool + VerifyRecoveryKey func(context.Context, []byte) error + func NewAutoSeal(lowLevel seal.Access) Seal + func NewDefaultSeal() Seal + type SealAccess struct + func NewSealAccess(seal Seal) *SealAccess + func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) + func (s *SealAccess) BarrierType() string + func (s *SealAccess) ClearCaches(ctx context.Context) + func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) + func (s *SealAccess) RecoveryKeySupported() bool + func (s *SealAccess) SetTestingParams(params *SealAccessTestingParams) error + func (s *SealAccess) StoredKeysSupported() bool + func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error + type SealAccessTestingParams struct + PretendRecoveryKey []byte + PretendToAllowRecoveryKeys bool + PretendToAllowStoredShares bool + type SealConfig struct + Backup bool + Nonce string + PGPKeys []string + RekeyProgress [][]byte + SecretShares int + SecretThreshold int + StoredShares int + Type string + VerificationKey []byte + VerificationNonce string + VerificationProgress [][]byte + VerificationRequired bool + func (s *SealConfig) Clone() *SealConfig + func (s *SealConfig) Validate() error + type SecurityBarrier interface + ActiveKeyInfo func() (*KeyInfo, error) + CheckUpgrade func(ctx context.Context) (bool, uint32, error) + CreateUpgrade func(ctx context.Context, term uint32) error + DestroyUpgrade func(ctx context.Context, term uint32) error + GenerateKey func() ([]byte, error) + Initialize func(context.Context, []byte) error + Initialized func(ctx context.Context) (bool, error) + KeyLength func() (int, int) + Keyring func() (*Keyring, error) + Rekey func(context.Context, []byte) error + ReloadKeyring func(ctx context.Context) error + ReloadMasterKey func(ctx context.Context) error + Rotate func(ctx context.Context) (uint32, error) + Seal func() error + Sealed func() (bool, error) + SetMasterKey func(key []byte) error + Unseal func(ctx context.Context, key []byte) error + VerifyMaster func(key []byte) error + type SystemBackend struct + Core *Core + func NewSystemBackend(core *Core, logger log.Logger) *SystemBackend + type TemplateError struct + Err error + func (t *TemplateError) Error() string + func (t *TemplateError) WrappedErrors() []error + type TokenStore struct + func NewTokenStore(ctx context.Context, logger log.Logger, core *Core, ...) (*TokenStore, error) + func (ts *TokenStore) Invalidate(ctx context.Context, key string) + func (ts *TokenStore) Lookup(ctx context.Context, id string) (*logical.TokenEntry, error) + func (ts *TokenStore) Salt(ctx context.Context) (*salt.Salt, error) + func (ts *TokenStore) SaltID(ctx context.Context, id string) (string, error) + func (ts *TokenStore) SetExpirationManager(exp *ExpirationManager) + func (ts *TokenStore) UseToken(ctx context.Context, te *logical.TokenEntry) (*logical.TokenEntry, error) + func (ts *TokenStore) UseTokenByID(ctx context.Context, id string) (*logical.TokenEntry, error) + type UIConfig struct + func NewUIConfig(enabled bool, physicalStorage physical.Backend, barrierStorage logical.Storage) *UIConfig + func (c *UIConfig) DeleteHeader(ctx context.Context, header string) error + func (c *UIConfig) Enabled() bool + func (c *UIConfig) GetHeader(ctx context.Context, header string) (string, error) + func (c *UIConfig) HeaderKeys(ctx context.Context) ([]string, error) + func (c *UIConfig) Headers(ctx context.Context) (http.Header, error) + func (c *UIConfig) SetHeader(ctx context.Context, header, value string) error + type UnsealStrategy interface