Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppRoleAuth ¶
type AppRoleAuth struct {
// contains filtered or unexported fields
}
func NewAppRoleAuth ¶
func NewAppRoleAuth(roleID string, secretID *SecretID, opts ...LoginOption) (*AppRoleAuth, error)
NewAppRoleAuth initializes a new AppRole auth method interface to be passed as a parameter to the client.Auth().Login method.
For a secret ID, the recommended secure pattern is to unwrap a one-time-use response-wrapping token that was placed here by a trusted orchestrator (https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices) To indicate that the filepath points to this wrapping token and not just a plaintext secret ID, initialize NewAppRoleAuth with the WithWrappingToken LoginOption.
Supported options: WithMountPath, WithWrappingToken
type LoginOption ¶
type LoginOption func(a *AppRoleAuth) error
func WithMountPath ¶
func WithMountPath(mountPath string) LoginOption
func WithWrappingToken ¶
func WithWrappingToken() LoginOption
type SecretID ¶
type SecretID struct {
// Path on the file system where the secret ID can be found.
FromFile string
// The name of the environment variable containing the application's
// secret ID.
FromEnv string
// The secret ID as a plaintext string value.
FromString string
}
SecretID is a struct that allows you to specify where your application is storing the secret ID required for login to the AppRole auth method. The recommended secure pattern is to use response-wrapping tokens rather than a plaintext value, by passing WithWrappingToken() to NewAppRoleAuth. https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices
Source Files