vault

Documentation

Overview

Package vault implements a secret store backed by HashiCorp Vault.

Index

• type KVClient
• type SecretStore
  • func NewSecretStore(ctx context.Context, kube client.Client, _ *tls.Config, ...) (*SecretStore, error)
  • func (ss *SecretStore) DeleteKeyValues(ctx context.Context, s *store.Secret, do ...store.DeleteOption) error
  • func (ss *SecretStore) ReadKeyValues(_ context.Context, n store.ScopedName, s *store.Secret) error
  • func (ss *SecretStore) WriteKeyValues(ctx context.Context, s *store.Secret, wo ...store.WriteOption) (changed bool, err error)

Types

type KVClient

type KVClient interface {
	Get(path string, secret *kv.Secret) error
	Apply(path string, secret *kv.Secret, ao ...kv.ApplyOption) error
	Delete(path string) error
}

KVClient is a Vault AdditiveKVClient Secrets engine client that supports both v1 and v2.

type SecretStore

type SecretStore struct {
	// contains filtered or unexported fields
}

SecretStore is a Vault Secret Store.

func NewSecretStore

func NewSecretStore(ctx context.Context, kube client.Client, _ *tls.Config, cfg v1.SecretStoreConfig) (*SecretStore, error)

NewSecretStore returns a new Vault SecretStore.

func (*SecretStore) DeleteKeyValues

func (ss *SecretStore) DeleteKeyValues(ctx context.Context, s *store.Secret, do ...store.DeleteOption) error

DeleteKeyValues delete key value pairs from a given Vault Secret. If no kv specified, the whole secret instance is deleted. If kv specified, those would be deleted and secret instance will be deleted only if there is no Data left.

func (*SecretStore) ReadKeyValues

func (ss *SecretStore) ReadKeyValues(_ context.Context, n store.ScopedName, s *store.Secret) error

ReadKeyValues reads and returns key value pairs for a given Vault Secret.

func (*SecretStore) WriteKeyValues

func (ss *SecretStore) WriteKeyValues(ctx context.Context, s *store.Secret, wo ...store.WriteOption) (changed bool, err error)

WriteKeyValues writes key value pairs to a given Vault Secret.