vault

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2020 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package vault implements a secret key store that stores secret keys as key-value entries on the Hashicorp Vault K/V secret backend.

Vault is a KMS implementation with many featues. This packages only leverages the key-value store. For an introduction to Vault see: https://www.vaultproject.io/ For an K/V API overview see: https://www.vaultproject.io/api/secret/kv/kv-v1.html

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AppRole 

type AppRole struct {
	ID     string // The AppRole  ID
	Secret string // The Approle secret ID
	Retry  time.Duration
}

AppRole holds the Vault AppRole authentication credentials and a duration after which the authentication should be retried whenever it fails.

type Store added in v0.7.0 

type Store struct {
	// Addr is the HTTP address of the Vault server.
	Addr string

	// Location is the location on Vault's K/V store
	// where this KeyStore will save secret keys.
	//
	// It can be used to assign an unique or shared
	// prefix. For instance one or more KeyStore can
	// store secret keys under /keys/my-app/. In this
	// case you may set KeyStore.Location = "key/my-app".
	Location string

	// AppRole contains the Vault AppRole authentication
	// credentials.
	AppRole AppRole

	// StatusPingAfter is the duration after which
	// the KeyStore will check the status of the Vault
	// server. Particularly, this status information
	// is used to determine whether the Vault server
	// has been sealed resp. unsealed again.
	StatusPingAfter time.Duration

	// ErrorLog specifies an optional logger for errors
	// when K/V pairs cannot be stored, fetched, deleted
	// or contain invalid content.
	// If nil, logging is done via the log package's
	// standard logger.
	ErrorLog *log.Logger

	// Path to the mTLS client private key to authenticate to
	// the Vault server.
	ClientKeyPath string

	// Path to the mTLS client certificate to authenticate to
	// the Vault server.
	ClientCertPath string

	// Path to the root CA certificate(s) used to verify the
	// TLS certificate of the Vault server. If empty, the
	// host's root CA set is used.
	CAPath string

	// The Vault namespace used to separate and isolate different
	// organizations / tenants at the same Vault instance. If
	// non-empty, the Vault client will send the
	//   X-Vault-Namespace: Namespace
	// HTTP header on each request. For more information see:
	// https://www.vaultproject.io/docs/enterprise/namespaces/index.html
	Namespace string
	// contains filtered or unexported fields
}

Store is a key-value store that saves key-value pairs as entries on Vault's K/V secret backend.

func (*Store) Authenticate added in v0.7.0 

func (s *Store) Authenticate(context context.Context) error

Authenticate tries to establish a connection to a Vault server using the approle credentials. It returns an error if no connection could be established - for instance because of invalid authentication credentials.

func (*Store) Create added in v0.7.0 

func (s *Store) Create(key, value string) error

Create creates the given key-value pair at Vault if and only if the given key does not exist. If such an entry already exists it returns kes.ErrKeyExists.

func (*Store) Delete added in v0.7.0 

func (s *Store) Delete(key string) error

Delete removes a the value associated with the given key from Vault, if it exists.

func (*Store) Get added in v0.7.0 

func (s *Store) Get(key string) (string, error)

Get returns the value associated with the given key. If no entry for the key exists it returns kes.ErrKeyNotFound.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.