Versions in this module Expand all Collapse all v1 v1.3.1 Mar 20, 2022 v1.3.0 Mar 18, 2022 Changes in this version + const EnvHTTPProxy + const EnvRateLimit + const EnvVaultAddress + const EnvVaultAgentAddr + const EnvVaultAgentAddress + const EnvVaultCACert + const EnvVaultCAPath + const EnvVaultClientCert + const EnvVaultClientKey + const EnvVaultClientTimeout + const EnvVaultInsecure + const EnvVaultMFA + const EnvVaultMaxRetries + const EnvVaultNamespace + const EnvVaultSRVLookup + const EnvVaultSkipVerify + const EnvVaultTLSServerName + const EnvVaultToken + const EnvVaultWrapTTL + const ErrOutputStringRequest + const HeaderIndex + const SSHHelperDefaultMountPoint + const VerifyEchoRequest + const VerifyEchoResponse + var DefaultLifetimeWatcherRenewBuffer = 5 + var DefaultRenewerRenewBuffer = 5 + var DefaultWrappingLookupFunc = func(operation, path string) string + var DefaultWrappingTTL = "5m" + var ErrIncompleteSnapshot = errors.New("incomplete snapshot, unable to read SHA256SUMS.sealed file") + var ErrLifetimeWatcherMissingInput = errors.New("missing input") + var ErrLifetimeWatcherMissingSecret = errors.New("missing secret") + var ErrLifetimeWatcherNoSecretData = errors.New("returned empty secret data") + var ErrLifetimeWatcherNotRenewable = errors.New("secret is not renewable") + var ErrRenewerMissingInput = errors.New("missing input to renewer") + var ErrRenewerMissingSecret = errors.New("missing secret to renew") + var ErrRenewerNoSecretData = errors.New("returned empty secret data") + var ErrRenewerNotRenewable = errors.New("secret is not renewable") + var PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE" + var PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN" + func DefaultRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error) + func MergeReplicationStates(old []string, new string) []string + func ParseReplicationState(raw string, hmacKey []byte) (*logical.WALState, error) + func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error) + type Audit struct + Description string + Local bool + Options map[string]string + Path string + Type string + type Auth struct + func (a *Auth) Login(ctx context.Context, authMethod AuthMethod) (*Secret, error) + func (a *Auth) Token() *TokenAuth + type AuthConfigInput = MountConfigInput + type AuthConfigOutput = MountConfigOutput + type AuthMethod interface + Login func(ctx context.Context, client *Client) (*Secret, error) + type AuthMount = MountOutput + type AutopilotConfig struct + CleanupDeadServers bool + DeadServerLastContactThreshold time.Duration + LastContactThreshold time.Duration + MaxTrailingLogs uint64 + MinQuorum uint + ServerStabilizationTime time.Duration + func (ac *AutopilotConfig) MarshalJSON() ([]byte, error) + func (ac *AutopilotConfig) UnmarshalJSON(b []byte) error + type AutopilotServer struct + Address string + Healthy bool + ID string + LastContact string + LastIndex uint64 + LastTerm uint64 + Meta map[string]string + Name string + NodeStatus string + StableSince string + Status string + type AutopilotState struct + FailureTolerance int + Healthy bool + Leader string + NonVoters []string + Servers map[string]*AutopilotServer + Voters []string + type CORSRequest struct + AllowedHeaders []string + AllowedOrigins []string + Enabled bool + type CORSResponse struct + AllowedHeaders []string + AllowedOrigins []string + Enabled bool + type Client struct + func NewClient(c *Config) (*Client, error) + func (c *Client) AddHeader(key, value string) + func (c *Client) Address() string + func (c *Client) Auth() *Auth + func (c *Client) CheckRetry() retryablehttp.CheckRetry + func (c *Client) ClearToken() + func (c *Client) ClientTimeout() time.Duration + func (c *Client) Clone() (*Client, error) + func (c *Client) CloneConfig() *Config + func (c *Client) CloneHeaders() bool + func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc + func (c *Client) Headers() http.Header + func (c *Client) Help(path string) (*Help, error) + func (c *Client) Limiter() *rate.Limiter + func (c *Client) Logical() *Logical + func (c *Client) MaxRetries() int + func (c *Client) MaxRetryWait() time.Duration + func (c *Client) MinRetryWait() time.Duration + func (c *Client) NewLifetimeWatcher(i *LifetimeWatcherInput) (*LifetimeWatcher, error) + func (c *Client) NewRenewer(i *LifetimeWatcherInput) (*LifetimeWatcher, error) + func (c *Client) NewRequest(method, requestPath string) *Request + func (c *Client) OutputCurlString() bool + func (c *Client) RawRequest(r *Request) (*Response, error) + func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error) + func (c *Client) ReadYourWrites() bool + func (c *Client) SRVLookup() bool + func (c *Client) SSH() *SSH + func (c *Client) SSHHelper() *SSHHelper + func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper + func (c *Client) SSHWithMountPoint(mountPoint string) *SSH + func (c *Client) SetAddress(addr string) error + func (c *Client) SetBackoff(backoff retryablehttp.Backoff) + func (c *Client) SetCheckRetry(checkRetry retryablehttp.CheckRetry) + func (c *Client) SetClientTimeout(timeout time.Duration) + func (c *Client) SetCloneHeaders(cloneHeaders bool) + func (c *Client) SetHeaders(headers http.Header) + func (c *Client) SetLimiter(rateLimit float64, burst int) + func (c *Client) SetLogger(logger retryablehttp.LeveledLogger) + func (c *Client) SetMFACreds(creds []string) + func (c *Client) SetMaxRetries(retries int) + func (c *Client) SetMaxRetryWait(retryWait time.Duration) + func (c *Client) SetMinRetryWait(retryWait time.Duration) + func (c *Client) SetNamespace(namespace string) + func (c *Client) SetOutputCurlString(curl bool) + func (c *Client) SetPolicyOverride(override bool) + func (c *Client) SetReadYourWrites(preventStaleReads bool) + func (c *Client) SetSRVLookup(srv bool) + func (c *Client) SetToken(v string) + func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc) + func (c *Client) Sys() *Sys + func (c *Client) Token() string + func (c *Client) WithRequestCallbacks(callbacks ...RequestCallback) *Client + func (c *Client) WithResponseCallbacks(callbacks ...ResponseCallback) *Client + type Config struct + Address string + AgentAddress string + Backoff retryablehttp.Backoff + CheckRetry retryablehttp.CheckRetry + CloneHeaders bool + Error error + HttpClient *http.Client + Limiter *rate.Limiter + Logger retryablehttp.LeveledLogger + MaxRetries int + MaxRetryWait time.Duration + MinRetryWait time.Duration + OutputCurlString bool + ReadYourWrites bool + SRVLookup bool + Timeout time.Duration + func DefaultConfig() *Config + func (c *Config) ConfigureTLS(t *TLSConfig) error + func (c *Config) ReadEnvironment() error + type DeregisterPluginInput struct + Name string + Type consts.PluginType + type EnableAuditOptions struct + Description string + Local bool + Options map[string]string + Type string + type EnableAuthOptions = MountInput + type ErrorResponse struct + Errors []string + type GenerateRootStatusResponse struct + Complete bool + EncodedRootToken string + EncodedToken string + Nonce string + OTP string + OTPLength int + PGPFingerprint string + Progress int + Required int + Started bool + type GetPluginInput struct + Name string + Type consts.PluginType + type GetPluginResponse struct + Args []string + Builtin bool + Command string + Name string + SHA256 string + type HANode struct + APIAddress string + ActiveNode bool + ClusterAddress string + Hostname string + LastEcho *time.Time + type HAStatusResponse struct + Nodes []HANode + type HealthResponse struct + ClusterID string + ClusterName string + Initialized bool + LastWAL uint64 + PerformanceStandby bool + ReplicationDRMode string + ReplicationPerformanceMode string + Sealed bool + ServerTimeUTC int64 + Standby bool + Version string + type Help struct + Help string + OpenAPI map[string]interface{} + SeeAlso []string + type InitRequest struct + PGPKeys []string + RecoveryPGPKeys []string + RecoveryShares int + RecoveryThreshold int + RootTokenPGPKey string + SecretShares int + SecretThreshold int + StoredShares int + type InitResponse struct + Keys []string + KeysB64 []string + RecoveryKeys []string + RecoveryKeysB64 []string + RootToken string + type InitStatusResponse struct + Initialized bool + type KeyStatus struct + Encryptions int + InstallTime time.Time + Term int + type LeaderResponse struct + ActiveTime time.Time + HAEnabled bool + IsSelf bool + LastWAL uint64 + LeaderAddress string + LeaderClusterAddress string + PerfStandby bool + PerfStandbyLastRemoteWAL uint64 + RaftAppliedIndex uint64 + RaftCommittedIndex uint64 + type LifetimeWatcher struct + func (r *LifetimeWatcher) DoneCh() <-chan error + func (r *LifetimeWatcher) Renew() + func (r *LifetimeWatcher) RenewCh() <-chan *RenewOutput + func (r *LifetimeWatcher) Start() + func (r *LifetimeWatcher) Stop() + type LifetimeWatcherInput struct + Grace time.Duration + Increment int + Rand *rand.Rand + RenewBehavior RenewBehavior + RenewBuffer int + Secret *Secret + type ListPluginsInput struct + Type consts.PluginType + type ListPluginsResponse struct + Names []string + PluginsByType map[consts.PluginType][]string + type Logical struct + func (c *Logical) Delete(path string) (*Secret, error) + func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret, error) + func (c *Logical) JSONMergePatch(ctx context.Context, path string, data map[string]interface{}) (*Secret, error) + func (c *Logical) List(path string) (*Secret, error) + func (c *Logical) Read(path string) (*Secret, error) + func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error) + func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) + func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error) + func (c *Logical) WriteBytes(path string, data []byte) (*Secret, error) + type MountConfigInput struct + AllowedManagedKeys []string + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL string + Description *string + ForceNoCache bool + ListingVisibility string + MaxLeaseTTL string + Options map[string]string + PassthroughRequestHeaders []string + PluginName string + TokenType string + type MountConfigOutput struct + AllowedManagedKeys []string + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL int + ForceNoCache bool + ListingVisibility string + MaxLeaseTTL int + PassthroughRequestHeaders []string + PluginName string + TokenType string + type MountInput struct + Config MountConfigInput + Description string + ExternalEntropyAccess bool + Local bool + Options map[string]string + PluginName string + SealWrap bool + Type string + type MountOutput struct + Accessor string + Config MountConfigOutput + Description string + ExternalEntropyAccess bool + Local bool + Options map[string]string + SealWrap bool + Type string + UUID string + type OutputStringError struct + TLSSkipVerify bool + var LastOutputStringError *OutputStringError + func (d *OutputStringError) CurlString() string + func (d *OutputStringError) Error() string + type PluginAPIClientMeta struct + func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet + func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig + type RaftJoinRequest struct + AutoJoin string + AutoJoinPort uint + AutoJoinScheme string + LeaderAPIAddr string + LeaderCACert string + LeaderClientCert string + LeaderClientKey string + NonVoter bool + Retry bool + type RaftJoinResponse struct + Joined bool + type RegisterPluginInput struct + Args []string + Command string + Name string + SHA256 string + Type consts.PluginType + type RekeyInitRequest struct + Backup bool + PGPKeys []string + RequireVerification bool + SecretShares int + SecretThreshold int + StoredShares int + type RekeyRetrieveResponse struct + Keys map[string][]string + KeysB64 map[string][]string + Nonce string + type RekeyStatusResponse struct + Backup bool + N int + Nonce string + PGPFingerprints []string + Progress int + Required int + Started bool + T int + VerificationNonce string + VerificationRequired bool + type RekeyUpdateResponse struct + Backup bool + Complete bool + Keys []string + KeysB64 []string + Nonce string + PGPFingerprints []string + VerificationNonce string + VerificationRequired bool + type RekeyVerificationStatusResponse struct + N int + Nonce string + Progress int + Started bool + T int + type RekeyVerificationUpdateResponse struct + Complete bool + Nonce string + type ReloadPluginInput struct + Mounts []string + Plugin string + Scope string + type ReloadPluginStatusInput struct + ReloadID string + type ReloadStatus struct + Error string + Timestamp time.Time + type ReloadStatusResponse struct + ReloadID string + Results map[string]*ReloadStatus + type RenewBehavior uint + const RenewBehaviorErrorOnErrors + const RenewBehaviorIgnoreErrors + const RenewBehaviorRenewDisabled + type RenewOutput struct + RenewedAt time.Time + Secret *Secret + type Renewer = LifetimeWatcher + type RenewerInput = LifetimeWatcherInput + type Request struct + Body io.Reader + BodyBytes []byte + BodySize int64 + ClientToken string + Headers http.Header + Host string + MFAHeaderVals []string + Method string + Obj interface{} + Params url.Values + PolicyOverride bool + URL *url.URL + WrapTTL string + func (r *Request) ResetJSONBody() error + func (r *Request) SetJSONBody(val interface{}) error + func (r *Request) ToHTTP() (*http.Request, error) + type RequestCallback func(*Request) + func ForwardAlways() RequestCallback + func ForwardInconsistent() RequestCallback + func RequireState(states ...string) RequestCallback + type Response struct + func (r *Response) DecodeJSON(out interface{}) error + func (r *Response) Error() error + type ResponseCallback func(*Response) + func RecordState(state *string) ResponseCallback + type ResponseError struct + Errors []string + HTTPMethod string + NamespacePath string + RawError bool + StatusCode int + URL string + func (r *ResponseError) Error() string + type RevokeOptions struct + Force bool + LeaseID string + Prefix bool + Sync bool + type SSH struct + MountPoint string + func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, error) + func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error) + type SSHHelper struct + MountPoint string + func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) + type SSHHelperConfig struct + AllowedCidrList string + AllowedRoles string + CACert string + CAPath string + Namespace string + SSHMountPoint string + TLSServerName string + TLSSkipVerify bool + VaultAddr string + func LoadSSHHelperConfig(path string) (*SSHHelperConfig, error) + func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) + func (c *SSHHelperConfig) NewClient() (*Client, error) + func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.CertPool) + type SSHVerifyResponse struct + IP string + Message string + RoleName string + Username string + type SealStatusResponse struct + ClusterID string + ClusterName string + Initialized bool + Migration bool + N int + Nonce string + Progress int + RecoverySeal bool + Sealed bool + StorageType string + T int + Type string + Version string + type Secret struct + Auth *SecretAuth + Data map[string]interface{} + LeaseDuration int + LeaseID string + Renewable bool + RequestID string + Warnings []string + WrapInfo *SecretWrapInfo + func ParseSecret(r io.Reader) (*Secret, error) + func (s *Secret) TokenAccessor() (string, error) + func (s *Secret) TokenID() (string, error) + func (s *Secret) TokenIsRenewable() (bool, error) + func (s *Secret) TokenMetadata() (map[string]string, error) + func (s *Secret) TokenPolicies() ([]string, error) + func (s *Secret) TokenRemainingUses() (int, error) + func (s *Secret) TokenTTL() (time.Duration, error) + type SecretAuth struct + Accessor string + ClientToken string + EntityID string + IdentityPolicies []string + LeaseDuration int + Metadata map[string]string + Orphan bool + Policies []string + Renewable bool + TokenPolicies []string + type SecretWrapInfo struct + Accessor string + CreationPath string + CreationTime time.Time + TTL int + Token string + WrappedAccessor string + type Sys struct + func (c *Sys) AuditHash(path string, input string) (string, error) + func (c *Sys) CORSStatus() (*CORSResponse, error) + func (c *Sys) Capabilities(token, path string) ([]string, error) + func (c *Sys) CapabilitiesSelf(path string) ([]string, error) + func (c *Sys) ConfigureCORS(req *CORSRequest) error + func (c *Sys) DeletePolicy(name string) error + func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error + func (c *Sys) DisableAudit(path string) error + func (c *Sys) DisableAuth(path string) error + func (c *Sys) DisableCORS() error + func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error + func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error + func (c *Sys) EnableAuth(path, authType, desc string) error + func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error + func (c *Sys) GenerateDROperationTokenCancel() error + func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRecoveryOperationTokenCancel() error + func (c *Sys) GenerateRecoveryOperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRecoveryOperationTokenStatus() (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRecoveryOperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootCancel() error + func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) + func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) + func (c *Sys) GetPolicy(name string) (string, error) + func (c *Sys) HAStatus() (*HAStatusResponse, error) + func (c *Sys) Health() (*HealthResponse, error) + func (c *Sys) Init(opts *InitRequest) (*InitResponse, error) + func (c *Sys) InitStatus() (bool, error) + func (c *Sys) KeyStatus() (*KeyStatus, error) + func (c *Sys) Leader() (*LeaderResponse, error) + func (c *Sys) ListAudit() (map[string]*Audit, error) + func (c *Sys) ListAuth() (map[string]*AuthMount, error) + func (c *Sys) ListMounts() (map[string]*MountOutput, error) + func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) + func (c *Sys) ListPolicies() ([]string, error) + func (c *Sys) Lookup(id string) (*Secret, error) + func (c *Sys) Monitor(ctx context.Context, logLevel string) (chan string, error) + func (c *Sys) Mount(path string, mountInfo *MountInput) error + func (c *Sys) MountConfig(path string) (*MountConfigOutput, error) + func (c *Sys) PutPolicy(name, rules string) error + func (c *Sys) PutRaftAutopilotConfiguration(opts *AutopilotConfig) error + func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) + func (c *Sys) RaftAutopilotState() (*AutopilotState, error) + func (c *Sys) RaftJoin(opts *RaftJoinRequest) (*RaftJoinResponse, error) + func (c *Sys) RaftSnapshot(snapWriter io.Writer) error + func (c *Sys) RaftSnapshotRestore(snapReader io.Reader, force bool) error + func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error + func (c *Sys) RekeyCancel() error + func (c *Sys) RekeyDeleteBackup() error + func (c *Sys) RekeyDeleteRecoveryBackup() error + func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyCancel() error + func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) + func (c *Sys) RekeyRecoveryKeyVerificationCancel() error + func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) + func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) + func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) + func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) + func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) + func (c *Sys) RekeyVerificationCancel() error + func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) + func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) + func (c *Sys) ReloadPlugin(i *ReloadPluginInput) (string, error) + func (c *Sys) ReloadPluginStatus(reloadStatusInput *ReloadPluginStatusInput) (*ReloadStatusResponse, error) + func (c *Sys) Remount(from, to string) error + func (c *Sys) Renew(id string, increment int) (*Secret, error) + func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error) + func (c *Sys) Revoke(id string) error + func (c *Sys) RevokeForce(id string) error + func (c *Sys) RevokePrefix(id string) error + func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error + func (c *Sys) Rotate() error + func (c *Sys) Seal() error + func (c *Sys) SealStatus() (*SealStatusResponse, error) + func (c *Sys) StepDown() error + func (c *Sys) TuneMount(path string, config MountConfigInput) error + func (c *Sys) Unmount(path string) error + func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) + func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error) + type TLSConfig struct + CACert string + CAPath string + ClientCert string + ClientKey string + Insecure bool + TLSServerName string + type TokenAuth struct + func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) + func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error) + func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error) + func (c *TokenAuth) Lookup(token string) (*Secret, error) + func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) + func (c *TokenAuth) LookupSelf() (*Secret, error) + func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) + func (c *TokenAuth) RenewAccessor(accessor string, increment int) (*Secret, error) + func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) + func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error) + func (c *TokenAuth) RevokeAccessor(accessor string) error + func (c *TokenAuth) RevokeOrphan(token string) error + func (c *TokenAuth) RevokeSelf(token string) error + func (c *TokenAuth) RevokeTree(token string) error + type TokenCreateRequest struct + DisplayName string + EntityAlias string + ExplicitMaxTTL string + ID string + Lease string + Metadata map[string]string + NoDefaultPolicy bool + NoParent bool + NumUses int + Period string + Policies []string + Renewable *bool + TTL string + Type string + type UnsealOpts struct + Key string + Migrate bool + Reset bool + type WrappingLookupFunc func(operation, path string) string