README
¶
Vault Loader
Loads config values from a vault secrets
Usage
Basic usage with Kubernetes auth provider and renewal
vaultLoader := klvault.New(&klvault.Config{
Secrets: []klvault.Secret{
{
Key: "/database/creds/db"
},
},
Client: vaultClient, // from github.com/hashicorp/vault/api
AuthProvider: k8s.New(&k8s.Config{
Client: vaultClient,
K8sTokenPath: "/var/run/secrets/kubernetes.io/serviceaccount/token",
}),
Renew: true,
})
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNoClient is the error thrown when trying to create a Loader without vault.Client ErrNoClient = errors.New("No vault client provided") // ErrNoAuthProvider is the error thrown when trying to create a Loader without an AuthProvider ErrNoAuthProvider = errors.New("No auth provider given") // ErrNoSecretKey is the error thrown when trying to create a Loader without a SecretKey ErrNoSecretKey = errors.New("No secret key given") )
Functions ¶
This section is empty.
Types ¶
type AuthProvider ¶
AuthProvider is the interface for a Vault authentication provider
type Config ¶
type Config struct {
// Name is the name of the loader
Name string
// StopOnFailure tells wether a failure to load configs should closed the config and all registered closers
StopOnFailure bool
// Secrets is the list of secrets to load
Secrets []Secret
// AuthProvider is the vault auth provider
AuthProvider AuthProvider
// Client is the vault client for the vault loader
Client *vault.Client
// MaxRetry is the maximum number of times the load method can be retried
MaxRetry int
// RetryDelay is the time between each retry
RetryDelay time.Duration
// Debug enables debug mode
Debug bool
// Logger is the logger used for debug logs
Logger nlogger.Logger
// Renew sets wether the vault loader should renew it self
Renew bool
}
Config is the config for the Loader
type Loader ¶
type Loader struct {
*kwpoll.PollWatcher
// contains filtered or unexported fields
}
Loader is the structure representing a Loader
func (*Loader) Load ¶
Load implements konfig.Loader interface. It fetches a token from the auth provider and sets the token in the vault client. Then it loads the secret and assigns it values to the konfig.Store.
func (*Loader) RetryDelay ¶
RetryDelay is the delay between each retry
func (*Loader) StopOnFailure ¶ added in v0.2.0
StopOnFailure returns wether a load failure should stop the config and the registered closers
type LogicalClient ¶
type LogicalClient interface {
Read(key string) (*vault.Secret, error)
Write(key string, data map[string]interface{}) (*vault.Secret, error)
ReadWithData(key string, data map[string][]string) (*vault.Secret, error)
}
LogicalClient is a interface for the vault logical client
type Secret ¶
type Secret struct {
// SecretKey is the URL to fetch the secret from (e.g. /v1/database/creds/mydb)
Key string
// KeysPrefix sets a prefix to be prepended to all keys in the config store
KeysPrefix string
// Replacer transforms vault secret's keys
Replacer nstrings.Replacer
}
Secret is a secret to load
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.