Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

vault

package

Go to main page

Versions in this module

v0

v0.1.0

Sep 30, 2024

retracted

Changes in this version

+ const AESGCMVersion1

+ const AESGCMVersion2

+ const CORSDisabled

+ const CORSEnabled

+ const CoreLockPath

+ const CreateCapability

+ const CreateCapabilityInt

+ const DeleteCapability

+ const DeleteCapabilityInt

+ const DenyCapability

+ const DenyCapabilityInt

+ const EnvVaultDisableLocalAuthMountEntities

+ const ErrAuthAccessDenied

+ const ErrAuthInvalidClientID

+ const ErrAuthInvalidRedirectURI

+ const ErrAuthInvalidRequest

+ const ErrAuthMaxAgeReAuthenticate

+ const ErrAuthRequestNotSupported

+ const ErrAuthRequestURINotSupported

+ const ErrAuthServerError

+ const ErrAuthUnauthorizedClient

+ const ErrAuthUnsupportedResponseType

+ const ErrTokenInvalidClient

+ const ErrTokenInvalidGrant

+ const ErrTokenInvalidRequest

+ const ErrTokenServerError

+ const ErrTokenUnsupportedGrantType

+ const ErrUserInfoAccessDenied

+ const ErrUserInfoInvalidRequest

+ const ErrUserInfoInvalidToken

+ const ErrUserInfoServerError

+ const ForwardSSCTokenToActive

+ const GenerationCounterBuffer

+ const IgnoreForBilling

+ const IntNoForwardingHeaderName

+ const ListCapability

+ const ListCapabilityInt

+ const MaxIrrevocableLeasesToReturn

+ const MaxIrrevocableLeasesWarning

+ const MaxNsIdLength

+ const MaxRetrySSCTokensGenerationCounter

+ const OldDenyPathPolicy

+ const OldReadPathPolicy

+ const OldSudoPathPolicy

+ const OldTokenPrefixLength

+ const OldWritePathPolicy

+ const PatchCapability

+ const PatchCapabilityInt

+ const ReadCapability

+ const ReadCapabilityInt

+ const RecoveryTypeShamir

+ const RecoveryTypeUnsupported

+ const RollbackDefaultNumWorkers

+ const RollbackWorkersEnvVar

+ const RootCapability

+ const StoredBarrierKeysPath

+ const SudoCapability

+ const SudoCapabilityInt

+ const TestDeadlockDetection

+ const TokenLength

+ const TokenPrefixLength

+ const UpdateCapability

+ const UpdateCapabilityInt

+ const WrapperTypeHsmAutoDeprecated

+ var DefaultMaxRequestDuration = 90 * time.Second

+ var DefaultNumCores = 3

+ var ErrAlreadyInit = errors.New("Vault is already initialized")

+ var ErrBarrierAlreadyInit = errors.New("Vault is already initialized")

+ var ErrBarrierInvalidKey = errors.New("Unseal failed, invalid key")

+ var ErrBarrierNotInit = errors.New("Vault is not initialized")

+ var ErrBarrierSealed = errors.New("Vault is sealed")

+ var ErrCannotForward = errors.New("cannot forward request; no connection or address not known")

+ var ErrCannotForwardLocalOnly = errors.New("cannot forward local-only request")

+ var ErrDirectoryNotConfigured = errors.New("could not set plugin, plugin directory is not configured")

+ var ErrHANotEnabled = errors.New("Vault is not configured for highly-available mode")

+ var ErrInRestoreMode = errors.New("expiration manager in restore mode")

+ var ErrInternalError = errors.New("internal error")

+ var ErrIntrospectionNotEnabled = errors.New(...)

+ var ErrNoApplicablePolicies = errors.New("no applicable policies")

+ var ErrNotInit = errors.New("Vault is not initialized")

+ var ErrPlaintextTooLarge = errors.New("plaintext value too large")

+ var ErrPluginBadType = errors.New("unable to determine plugin type")

+ var ErrPluginConnectionNotFound = errors.New("plugin connection not found for client")

+ var ErrPluginNotFound = errors.New("plugin not found in the catalog")

+ var ErrPolicyNotExistInTypeMap = errors.New("policy does not exist in type map")

+ var File_vault_request_forwarding_service_proto protoreflect.FileDescriptor

+ var NamespaceByID func(context.Context, string, *Core) (*namespace.Namespace, error) = namespaceByID

+ var RequestForwarding_ServiceDesc = grpc.ServiceDesc

+ var StdAllowedHeaders = []string

+ var TestingUpdateClusterAddr uint32

+ func AddTestCredentialBackend(name string, factory logical.Factory) error

+ func AddTestLogicalBackend(name string, factory logical.Factory) error

+ func ClearTestCredentialBackends()

+ func CubbyholeBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

+ func GenerateListenerAddr(t testing.T, opts *TestClusterOptions, certIPs []net.IP) (*net.TCPAddr, []net.IP)

+ func GenerateRandBytes(length int) ([]byte, error)

+ func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error)

+ func IsBatchToken(token string) bool

+ func IsFatalError(err error) bool

+ func IsJWT(token string) bool

+ func IsSSCToken(token string) bool

+ func IsServiceToken(token string) bool

+ func IsWrappingToken(te *logical.TokenEntry) bool

+ func LeaseSwitchedPassthroughBackend(ctx context.Context, conf *logical.BackendConfig, revoke revokeFunc) (logical.Backend, error)

+ func LeasedPassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

+ func NewAutoSeal(lowLevel seal.Access) (*autoSeal, error)

+ func NewDelegateForCore(c *Core) *raft.Delegate

+ func NewRequestForwardingHandler(c *Core, fws *http2.Server) (*requestForwardingHandler, error)

+ func NoopBackendFactory(_ context.Context, _ *logical.BackendConfig) (logical.Backend, error)

+ func NoopBackendRollbackErrFactory(_ context.Context, _ *logical.BackendConfig) (logical.Backend, error)

+ func PassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

+ func RegisterRequestForwardingServer(s grpc.ServiceRegistrar, srv RequestForwardingServer)

+ func SetReplicationFailureMode(core *TestClusterCore, mode uint32)

+ func SetupMFAMemDB(schemaFuncs []func() *memdb.TableSchema) (*memdb.MemDB, error)

+ func SetupMetrics(conf *CoreConfig) *metrics.InmemSink

+ func TestAddTestPlugin(t testing.T, c *Core, name string, pluginType consts.PluginType, ...)

+ func TestCoreInit(t testing.T, core *Core) ([][]byte, string)

+ func TestCoreInitClusterWrapperSetup(t testing.T, core *Core, handler http.Handler) ([][]byte, [][]byte, string)

+ func TestCoreSeal(core *Core) error

+ func TestCoreUnseal(core *Core, key []byte) (bool, error)

+ func TestDynamicSystemView(c *Core, ns *namespace.Namespace) *dynamicSystemView

+ func TestInitUnsealCore(t testing.T, core *Core) (string, [][]byte)

+ func TestKeyCopy(key []byte) []byte

+ func TestPluginClientConfig(c *Core, pluginType consts.PluginType, pluginName string) pluginutil.PluginClientConfig

+ func TestRunTestPlugin(t testing.T, c *Core, pluginType consts.PluginType, pluginName string) *pluginClient

+ func TestWaitActive(t testing.T, core *Core)

+ func TestWaitActiveForwardingReady(t testing.T, core *Core)

+ func TestWaitActiveWithError(core *Core) error

+ type ACL struct

+ func NewACL(ctx context.Context, policies []*Policy) (*ACL, error)

+ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheckOnly bool) (ret *ACLResults)

+ func (a *ACL) Capabilities(ctx context.Context, path string) (pathCapabilities []string)

+ func (a *ACL) CheckAllowedFromNonExactPaths(path string, bareMount bool) *ACLPermissions

+ type ACLPermissions struct

+ AllowedParameters map[string][]interface{}

+ CapabilitiesBitmap uint32

+ DeniedParameters map[string][]interface{}

+ GrantingPoliciesMap map[uint32][]logical.PolicyInfo

+ MFAMethods []string

+ MaxWrappingTTL time.Duration

+ MinWrappingTTL time.Duration

+ RequiredParameters []string

+ func (p *ACLPermissions) Clone() (*ACLPermissions, error)

+ type ACLResults struct

+ Allowed bool

+ CapabilitiesBitmap uint32

+ GrantingPolicies []logical.PolicyInfo

+ IsRoot bool

+ MFAMethods []string

+ RootPrivs bool

+ type AESGCMBarrier struct

+ RemoteEncryptions *atomic.Int64

+ UnaccountedEncryptions *atomic.Int64

+ func (b *AESGCMBarrier) ActiveKeyInfo() (*KeyInfo, error)

+ func (b *AESGCMBarrier) AddRemoteEncryptions(encryptions int64)

+ func (b *AESGCMBarrier) CheckBarrierAutoRotate(ctx context.Context) (string, error)

+ func (b *AESGCMBarrier) CheckUpgrade(ctx context.Context) (bool, uint32, error)

+ func (b *AESGCMBarrier) ConsumeEncryptionCount(consumer func(int64) error) error

+ func (b *AESGCMBarrier) CreateUpgrade(ctx context.Context, term uint32) error

+ func (b *AESGCMBarrier) Decrypt(_ context.Context, key string, ciphertext []byte) ([]byte, error)

+ func (b *AESGCMBarrier) Delete(ctx context.Context, key string) error

+ func (b *AESGCMBarrier) DestroyUpgrade(ctx context.Context, term uint32) error

+ func (b *AESGCMBarrier) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error)

+ func (b *AESGCMBarrier) GenerateKey(reader io.Reader) ([]byte, error)

+ func (b *AESGCMBarrier) Get(ctx context.Context, key string) (*logical.StorageEntry, error)

+ func (b *AESGCMBarrier) Initialize(ctx context.Context, key, sealKey []byte, reader io.Reader) error

+ func (b *AESGCMBarrier) Initialized(ctx context.Context) (bool, error)

+ func (b *AESGCMBarrier) KeyLength() (int, int)

+ func (b *AESGCMBarrier) Keyring() (*Keyring, error)

+ func (b *AESGCMBarrier) List(ctx context.Context, prefix string) ([]string, error)

+ func (b *AESGCMBarrier) ListPage(ctx context.Context, prefix string, after string, limit int) ([]string, error)

+ func (b *AESGCMBarrier) Put(ctx context.Context, entry *logical.StorageEntry) error

+ func (b *AESGCMBarrier) Rekey(ctx context.Context, key []byte) error

+ func (b *AESGCMBarrier) ReloadKeyring(ctx context.Context) error

+ func (b *AESGCMBarrier) ReloadRootKey(ctx context.Context) error

+ func (b *AESGCMBarrier) Rotate(ctx context.Context, randomSource io.Reader) (uint32, error)

+ func (b *AESGCMBarrier) RotationConfig() (kc KeyRotationConfig, err error)

+ func (b *AESGCMBarrier) Seal() error

+ func (b *AESGCMBarrier) Sealed() (bool, error)

+ func (b *AESGCMBarrier) SetRootKey(key []byte) error

+ func (b *AESGCMBarrier) SetRotationConfig(ctx context.Context, rotConfig KeyRotationConfig) error

+ func (b *AESGCMBarrier) TotalLocalEncryptions() int64

+ func (b *AESGCMBarrier) Unseal(ctx context.Context, key []byte) error

+ func (b *AESGCMBarrier) VerifyRoot(key []byte) error

+ type AESGCMBarrierTransaction struct

+ func (t *AESGCMBarrierTransaction) Commit(ctx context.Context) error

+ func (t *AESGCMBarrierTransaction) Delete(ctx context.Context, key string) error

+ func (t *AESGCMBarrierTransaction) Get(ctx context.Context, key string) (*logical.StorageEntry, error)

+ func (t *AESGCMBarrierTransaction) List(ctx context.Context, prefix string) ([]string, error)

+ func (t *AESGCMBarrierTransaction) ListPage(ctx context.Context, prefix string, after string, limit int) ([]string, error)

+ func (t *AESGCMBarrierTransaction) Put(ctx context.Context, entry *logical.StorageEntry) error

+ func (t *AESGCMBarrierTransaction) Rollback(ctx context.Context) error

+ type APIMountConfig struct

+ AllowedManagedKeys []string

+ AllowedResponseHeaders []string

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ DefaultLeaseTTL string

+ ForceNoCache bool

+ ListingVisibility ListingVisibilityType

+ MaxLeaseTTL string

+ PassthroughRequestHeaders []string

+ PluginName string

+ PluginVersion string

+ TokenType string

+ UserLockoutConfig *UserLockoutConfig

+ type APIUserLockoutConfig struct

+ DisableLockout *bool

+ LockoutCounterResetDuration string

+ LockoutDuration string

+ LockoutThreshold string

+ type ActiveEntities struct

+ Entities EntityCounter

+ type ActiveTokens struct

+ ServiceTokens TokenCounter

+ type AuditBroker struct

+ func NewAuditBroker(log log.Logger) *AuditBroker

+ func (a *AuditBroker) Deregister(name string)

+ func (a *AuditBroker) GetHash(ctx context.Context, name string, input string) (string, error)

+ func (a *AuditBroker) Invalidate(ctx context.Context, key string)

+ func (a *AuditBroker) IsLocal(name string) (bool, error)

+ func (a *AuditBroker) IsRegistered(name string) bool

+ func (a *AuditBroker) LogRequest(ctx context.Context, in *logical.LogInput, headersConfig *AuditedHeadersConfig) (ret error)

+ func (a *AuditBroker) LogResponse(ctx context.Context, in *logical.LogInput, headersConfig *AuditedHeadersConfig) (ret error)

+ func (a *AuditBroker) Register(name string, b audit.Backend, v *BarrierView, local bool)

+ type AuditLogger interface

+ AuditRequest func(ctx context.Context, input *logical.LogInput) error

+ AuditResponse func(ctx context.Context, input *logical.LogInput) error

+ type AuditedHeadersConfig struct

+ Headers map[string]*auditedHeaderSettings

+ func (a *AuditedHeadersConfig) ApplyConfig(ctx context.Context, headers map[string][]string, ...) (result map[string][]string, retErr error)

+ type AuthResults struct

+ ACLResults *ACLResults

+ Allowed bool

+ DeniedError bool

+ Error *multierror.Error

+ RootPrivs bool

+ SentinelResults *SentinelResults

+ type BarrierEncryptor interface

+ Decrypt func(ctx context.Context, key string, ciphertext []byte) ([]byte, error)

+ Encrypt func(ctx context.Context, key string, plaintext []byte) ([]byte, error)

+ type BarrierEncryptorAccess struct

+ func NewBarrierEncryptorAccess(barrierEncryptor BarrierEncryptor) *BarrierEncryptorAccess

+ func (b *BarrierEncryptorAccess) Decrypt(ctx context.Context, key string, ciphertext []byte) ([]byte, error)

+ func (b *BarrierEncryptorAccess) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error)

+ type BarrierView struct

+ func NewBarrierView(barrier logical.Storage, prefix string) *BarrierView

+ func (v *BarrierView) Delete(ctx context.Context, key string) error

+ func (v *BarrierView) Get(ctx context.Context, key string) (*logical.StorageEntry, error)

+ func (v *BarrierView) List(ctx context.Context, prefix string) ([]string, error)

+ func (v *BarrierView) ListPage(ctx context.Context, prefix string, after string, limit int) ([]string, error)

+ func (v *BarrierView) Prefix() string

+ func (v *BarrierView) Put(ctx context.Context, entry *logical.StorageEntry) error

+ func (v *BarrierView) SubView(prefix string) *BarrierView

+ type BuiltinRegistry interface

+ Contains func(name string, pluginType consts.PluginType) bool

+ DeprecationStatus func(name string, pluginType consts.PluginType) (consts.DeprecationStatus, bool)

+ Get func(name string, pluginType consts.PluginType) (func() (interface{}, error), bool)

+ Keys func(pluginType consts.PluginType) []string

+ type CORSConfig struct

+ AllowedHeaders []string

+ AllowedOrigins []string

+ Enabled *uint32

+ func (c *CORSConfig) Disable(ctx context.Context) error

+ func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string) error

+ func (c *CORSConfig) IsEnabled() bool

+ func (c *CORSConfig) IsValidOrigin(origin string) bool

+ type ClientKey struct

+ D []byte

+ Type string

+ X []byte

+ Y []byte

+ func (*ClientKey) Descriptor() ([]byte, []int)

+ func (*ClientKey) ProtoMessage()

+ func (x *ClientKey) GetD() []byte

+ func (x *ClientKey) GetType() string

+ func (x *ClientKey) GetX() []byte

+ func (x *ClientKey) GetY() []byte

+ func (x *ClientKey) ProtoReflect() protoreflect.Message

+ func (x *ClientKey) Reset()

+ func (x *ClientKey) String() string

+ type Cluster struct

+ ID string

+ Name string

+ type ClusterLeaderParams struct

+ LeaderClusterAddr string

+ LeaderRedirectAddr string

+ LeaderUUID string

+ type Core struct

+ IndexHeaderHMACKey uberAtomic.Value

+ func CreateCore(conf *CoreConfig) (*Core, error)

+ func NewCore(conf *CoreConfig) (*Core, error)

+ func TestCore(t testing.T) *Core

+ func TestCoreNewSeal(t testing.T) *Core

+ func TestCoreRaw(t testing.T) *Core

+ func TestCoreUI(t testing.T, enableUI bool) *Core

+ func TestCoreUnsealed(t testing.T) (*Core, [][]byte, string)

+ func TestCoreUnsealedBackend(t testing.T, backend physical.Backend) (*Core, [][]byte, string)

+ func TestCoreUnsealedRaw(t testing.T) (*Core, [][]byte, string)

+ func TestCoreUnsealedWithConfig(t testing.T, conf *CoreConfig) (*Core, [][]byte, string)

+ func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, ...) (*Core, [][]byte, [][]byte, string)

+ func TestCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string)

+ func TestCoreUnsealedWithMetrics(t testing.T) (*Core, [][]byte, string, *metrics.InmemSink)

+ func TestCoreWithConfig(t testing.T, conf *CoreConfig) *Core

+ func TestCoreWithCustomResponseHeaderAndUI(t testing.T, CustomResponseHeaders map[string]map[string]string, enableUI bool) (*Core, [][]byte, string)

+ func TestCoreWithDeadlockDetection(t testing.T, testSeal Seal, enableRaw bool) *Core

+ func TestCoreWithSeal(t testing.T, testSeal Seal, enableRaw bool) *Core

+ func TestCoreWithSealAndUI(t testing.T, opts *CoreConfig) *Core

+ func TestCoreWithSealAndUINoCleanup(t testing.T, opts *CoreConfig) *Core

+ func (c *Core) ActiveNodeReplicationState() consts.ReplicationState

+ func (c *Core) ActiveTime() time.Time

+ func (c *Core) AddIrrevocableLease(ctx context.Context, pathPrefix string) (*basicLeaseTestInfo, error)

+ func (c *Core) AddLogger(logger log.Logger)

+ func (c *Core) ApplyRateLimitQuota(ctx context.Context, req *quotas.Request) (quotas.Response, error)

+ func (c *Core) AuditLogger() AuditLogger

+ func (c *Core) AuditedHeadersConfig() *AuditedHeadersConfig

+ func (c *Core) BarrierEncryptorAccess() *BarrierEncryptorAccess

+ func (c *Core) BarrierKeyLength() (min, max int)

+ func (c *Core) BarrierRekeyInit(config *SealConfig) logical.HTTPCodedError

+ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError)

+ func (c *Core) CORSConfig() *CORSConfig

+ func (c *Core) Capabilities(ctx context.Context, token, path string) ([]string, error)

+ func (c *Core) CheckPluginPerms(pluginName string) (err error)

+ func (c *Core) CheckSSCToken(ctx context.Context, token string, unauth bool) (string, error)

+ func (c *Core) CheckToken(ctx context.Context, req *logical.Request, unauth bool) (*logical.Auth, *logical.TokenEntry, error)

+ func (c *Core) Cluster(ctx context.Context) (*Cluster, error)

+ func (c *Core) ClusterAddr() string

+ func (c *Core) ClusterID() string

+ func (c *Core) CreateEntity(ctx context.Context) (*identity.Entity, error)

+ func (c *Core) CreateToken(ctx context.Context, entry *logical.TokenEntry) error

+ func (c *Core) DecodeMountTable(ctx context.Context, raw []byte) (*MountTable, error)

+ func (c *Core) DecodeSSCToken(token string) (string, error)

+ func (c *Core) DecodeSSCTokenInternal(token string) (*tokens.Token, error)

+ func (c *Core) DetectStateLockDeadlocks() bool

+ func (c *Core) DetermineRoleFromLoginRequest(ctx context.Context, mountPoint string, data map[string]interface{}) string

+ func (c *Core) DetermineRoleFromLoginRequestFromReader(ctx context.Context, mountPoint string, reader io.Reader) string

+ func (c *Core) DisableSSCTokens() bool

+ func (c *Core) ExistCustomResponseHeader(header string) bool

+ func (c *Core) FetchLeaseCountToRevoke() int

+ func (c *Core) FinalizeInFlightReqData(reqID string, statusCode int)

+ func (c *Core) FindNewestVersionTimestamp() (string, time.Time, error)

+ func (c *Core) FindOldestVersionTimestamp() (string, time.Time, error)

+ func (c *Core) ForwardRequest(req *http.Request) (int, http.Header, []byte, error)

+ func (c *Core) GenerateRootCancel() error

+ func (c *Core) GenerateRootConfiguration() (*GenerateRootConfig, error)

+ func (c *Core) GenerateRootInit(otp, pgpKey string, strategy GenerateRootStrategy) error

+ func (c *Core) GenerateRootProgress() (int, error)

+ func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string, strategy GenerateRootStrategy) (*GenerateRootResult, error)

+ func (c *Core) GetContext() (context.Context, context.CancelFunc)

+ func (c *Core) GetCoreConfigInternal() *server.Config

+ func (c *Core) GetGroupPolicyApplicationMode(ctx context.Context) (string, error)

+ func (c *Core) GetHAPeerNodesCached() []PeerNode

+ func (c *Core) GetListenerCustomResponseHeaders(listenerAdd string) *ListenerCustomHeaders

+ func (c *Core) GetRaftAutopilotState(ctx context.Context) (*raft.AutopilotState, error)

+ func (c *Core) GetRaftConfiguration(ctx context.Context) (*raft.RaftConfigurationResponse, error)

+ func (c *Core) GetRaftIndexes() (committed uint64, applied uint64)

+ func (c *Core) GetRaftIndexesLocked() (committed uint64, applied uint64)

+ func (c *Core) GetRaftNodeID() string

+ func (c *Core) HAEnabled() bool

+ func (c *Core) HAState() consts.HAState

+ func (c *Core) HAStateWithLock() consts.HAState

+ func (c *Core) HandleRequest(httpCtx context.Context, req *logical.Request) (resp *logical.Response, err error)

+ func (c *Core) HostnameHeaderEnabled() bool

+ func (c *Core) IdentityStore() *IdentityStore

+ func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitResult, error)

+ func (c *Core) InitializeRecovery(ctx context.Context) error

+ func (c *Core) Initialized(ctx context.Context) (bool, error)

+ func (c *Core) InitializedLocally(ctx context.Context) (bool, error)

+ func (c *Core) InitiateRetryJoin(ctx context.Context) error

+ func (c *Core) InjectIrrevocableLeases(ctx context.Context, count int) (map[string]int, error)

+ func (c *Core) IsInSealMigrationMode(lock bool) bool

+ func (c *Core) IsRaftVoter() bool

+ func (c *Core) IsSealMigrated(lock bool) bool

+ func (c *Core) JoinRaftCluster(ctx context.Context, leaderInfos []*raft.LeaderJoinInfo, nonVoter bool) (bool, error)

+ func (c *Core) KeyRotateGracePeriod() time.Duration

+ func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err error)

+ func (c *Core) LeaderLocked() (isLeader bool, leaderAddr, clusterAddr string, err error)

+ func (c *Core) ListAuths() ([]*MountEntry, error)

+ func (c *Core) ListMounts() ([]*MountEntry, error)

+ func (c *Core) ListNamespaces(includePath bool) []*namespace.Namespace

+ func (c *Core) ListenerAddresses() ([]string, error)

+ func (c *Core) LoadInFlightReqData() map[string]InFlightReqData

+ func (c *Core) LoadNodeID() (string, error)

+ func (c *Core) LocalGetUserFailedLoginInfo(ctx context.Context, userKey FailedLoginUser) *FailedLoginInfo

+ func (c *Core) LocalUpdateUserFailedLoginInfo(ctx context.Context, userKey FailedLoginUser, failedLoginInfo *FailedLoginInfo, ...) error

+ func (c *Core) LogCompletedRequests(reqID string, statusCode int)

+ func (c *Core) LogFormat() string

+ func (c *Core) LogLevel() string

+ func (c *Core) Logger() log.Logger

+ func (c *Core) LoginCreateToken(ctx context.Context, ns *namespace.Namespace, reqPath, mountPoint, role string, ...) (bool, *logical.Response, error)

+ func (c *Core) LoginMFACreateToken(ctx context.Context, reqPath string, cachedAuth *logical.Auth, ...) (*logical.Response, error)

+ func (c *Core) LookupToken(ctx context.Context, token string) (*logical.TokenEntry, error)

+ func (c *Core) MatchingMount(ctx context.Context, reqPath string) string

+ func (c *Core) MetricSink() *metricsutil.ClusterMetricSink

+ func (c *Core) MetricsHelper() *metricsutil.MetricsHelper

+ func (c *Core) NamespaceByID(ctx context.Context, nsID string) (*namespace.Namespace, error)

+ func (c *Core) PersistTOTPKey(ctx context.Context, methodID, entityID, key string) error

+ func (c *Core) PhysicalAccess() *physical.PhysicalAccess

+ func (c *Core) PhysicalSealConfigs(ctx context.Context) (*SealConfig, *SealConfig, error)

+ func (c *Core) PopMFAResponseAuthByID(reqID string) (*MFACachedAuthResponse, error)

+ func (c *Core) PopulateTokenEntry(ctx context.Context, req *logical.Request) error

+ func (c *Core) RaftBootstrap(ctx context.Context, onInit bool) error

+ func (c *Core) RaftNodeIDHeaderEnabled() bool

+ func (c *Core) RateLimitAuditLoggingEnabled() bool

+ func (c *Core) RateLimitResponseHeadersEnabled() bool

+ func (c *Core) RecoveryRekeyInit(config *SealConfig) logical.HTTPCodedError

+ func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError)

+ func (c *Core) RegisterAuth(ctx context.Context, tokenTTL time.Duration, path string, auth *logical.Auth, ...) error

+ func (c *Core) RekeyCancel(recovery bool) logical.HTTPCodedError

+ func (c *Core) RekeyConfig(recovery bool) (*SealConfig, logical.HTTPCodedError)

+ func (c *Core) RekeyDeleteBackup(ctx context.Context, recovery bool) logical.HTTPCodedError

+ func (c *Core) RekeyInit(config *SealConfig, recovery bool) logical.HTTPCodedError

+ func (c *Core) RekeyProgress(recovery, verification bool) (bool, int, logical.HTTPCodedError)

+ func (c *Core) RekeyRetrieveBackup(ctx context.Context, recovery bool) (*RekeyBackup, logical.HTTPCodedError)

+ func (c *Core) RekeyThreshold(ctx context.Context, recovery bool) (int, logical.HTTPCodedError)

+ func (c *Core) RekeyUpdate(ctx context.Context, key []byte, nonce string, recovery bool) (*RekeyResult, logical.HTTPCodedError)

+ func (c *Core) RekeyVerify(ctx context.Context, key []byte, nonce string, recovery bool) (ret *RekeyVerifyResult, retErr logical.HTTPCodedError)

+ func (c *Core) RekeyVerifyRestart(recovery bool) logical.HTTPCodedError

+ func (c *Core) ReloadCustomResponseHeaders() error

+ func (c *Core) ReloadIntrospectionEndpointEnabled()

+ func (c *Core) ReloadLogRequestsLevel()

+ func (c *Core) ReplicationState() consts.ReplicationState

+ func (c *Core) ResetUnsealProcess()

+ func (c *Core) ResolveRoleForQuotas(ctx context.Context, req *quotas.Request) (bool, error)

+ func (c *Core) RouterAccess() *RouterAccess

+ func (c *Core) SanitizedConfig() map[string]interface{}

+ func (c *Core) SaveMFAResponseAuth(respAuth *MFACachedAuthResponse) error

+ func (c *Core) Seal(token string) error

+ func (c *Core) SealAccess() *SealAccess

+ func (c *Core) SealWithRequest(httpCtx context.Context, req *logical.Request) error

+ func (c *Core) Sealed() bool

+ func (c *Core) SecretProgress(lock bool) (int, string)

+ func (c *Core) SendGroupUpdate(context.Context, *identity.Group) (bool, error)

+ func (c *Core) SetClusterHandler(handler http.Handler)

+ func (c *Core) SetClusterListenerAddrs(addrs []*net.TCPAddr)

+ func (c *Core) SetConfig(conf *server.Config)

+ func (c *Core) SetGroupPolicyApplicationMode(ctx context.Context, mode string) error

+ func (c *Core) SetKeyRotateGracePeriod(t time.Duration)

+ func (c *Core) SetLogLevel(level log.Level)

+ func (c *Core) SetLogLevelByName(name string, level log.Level) bool

+ func (c *Core) SetNeverBecomeActive(on bool)

+ func (c *Core) Shutdown() error

+ func (c *Core) ShutdownCoreError(err error)

+ func (c *Core) ShutdownDone() <-chan struct{}

+ func (c *Core) ShutdownWait() error

+ func (c *Core) Standby() (bool, error)

+ func (c *Core) StandbyStates() (standby bool)

+ func (c *Core) StepDown(httpCtx context.Context, req *logical.Request) (retErr error)

+ func (c *Core) StorageType() string

+ func (c *Core) StoreInFlightReqData(reqID string, data InFlightReqData)

+ func (c *Core) UIEnabled() bool

+ func (c *Core) UIHeaders() (http.Header, error)

+ func (c *Core) Unseal(key []byte) (bool, error)

+ func (c *Core) UnsealMigrate(key []byte) (bool, error)

+ func (c *Core) UnsealWithStoredKeys(ctx context.Context) error

+ func (c *Core) UpdateInFlightReqData(reqID, clientID string)

+ func (core *Core) GetLeaderStatus() (*LeaderResponse, error)

+ func (core *Core) GetLeaderStatusLocked() (*LeaderResponse, error)

+ func (core *Core) GetSealStatus(ctx context.Context, lock bool) (*SealStatusResponse, error)

+ type CoreConfig struct

+ AdministrativeNamespacePath string

+ AllLoggers []log.Logger

+ AuditBackends map[string]audit.Factory

+ BuiltinRegistry BuiltinRegistry

+ CacheSize int

+ ClusterAddr string

+ ClusterCipherSuites string

+ ClusterHeartbeatInterval time.Duration

+ ClusterName string

+ ClusterNetworkLayer cluster.NetworkLayer

+ CredentialBackends map[string]logical.Factory

+ DefaultLeaseTTL time.Duration

+ DetectDeadlocks string

+ DevToken string

+ DisableAutopilot bool

+ DisableCache bool

+ DisableIndexing bool

+ DisableKeyEncodingChecks bool

+ DisablePerformanceStandby bool

+ DisableSSCTokens bool

+ DisableSealWrap bool

+ DisableSentinelTrace bool

+ EffectiveSDKVersion string

+ EnableIntrospection bool

+ EnableRaw bool

+ EnableResponseHeaderHostname bool

+ EnableResponseHeaderRaftNodeID bool

+ EnableUI bool

+ ExpirationRevokeRetryBase time.Duration

+ HAPhysical physical.HABackend

+ ImpreciseLeaseRoleTracking bool

+ LogLevel string

+ Logger log.Logger

+ LogicalBackends map[string]logical.Factory

+ MaxLeaseTTL time.Duration

+ MetricSink *metricsutil.ClusterMetricSink

+ MetricsHelper *metricsutil.MetricsHelper

+ NumExpirationWorkers int

+ NumRollbackWorkers int

+ PendingRemovalMountsAllowed bool

+ Physical physical.Backend

+ PluginDirectory string

+ PluginFilePermissions int

+ PluginFileUid int

+ RawConfig *server.Config

+ RecoveryMode bool

+ RedirectAddr string

+ ReloadFuncs *map[string][]reloadutil.ReloadFunc

+ ReloadFuncsLock *sync.RWMutex

+ RollbackPeriod time.Duration

+ Seal Seal

+ SecureRandomReader io.Reader

+ ServiceRegistration sr.ServiceRegistration

+ StorageType string

+ UnwrapSeal Seal

+ func (c *CoreConfig) GetServiceRegistration() sr.ServiceRegistration

+ type CubbyholeBackend struct

+ type Deserializable interface

+ Deserialize func() map[string]interface{}

+ type EchoReply struct

+ ClusterAddrs []string

+ Message string

+ NodeInfo *NodeInformation

+ RaftAppliedIndex uint64

+ RaftNodeID string

+ ReplicationState uint32

+ func (*EchoReply) Descriptor() ([]byte, []int)

+ func (*EchoReply) ProtoMessage()

+ func (x *EchoReply) GetClusterAddrs() []string

+ func (x *EchoReply) GetMessage() string

+ func (x *EchoReply) GetNodeInfo() *NodeInformation

+ func (x *EchoReply) GetRaftAppliedIndex() uint64

+ func (x *EchoReply) GetRaftNodeID() string

+ func (x *EchoReply) GetReplicationState() uint32

+ func (x *EchoReply) ProtoReflect() protoreflect.Message

+ func (x *EchoReply) Reset()

+ func (x *EchoReply) String() string

+ type EchoRequest struct

+ ClusterAddr string

+ ClusterAddrs []string

+ Message string

+ NodeInfo *NodeInformation

+ RaftAppliedIndex uint64

+ RaftDesiredSuffrage string

+ RaftNodeID string

+ RaftTerm uint64

+ RaftUpgradeVersion string

+ SdkVersion string

+ func (*EchoRequest) Descriptor() ([]byte, []int)

+ func (*EchoRequest) ProtoMessage()

+ func (x *EchoRequest) GetClusterAddr() string

+ func (x *EchoRequest) GetClusterAddrs() []string

+ func (x *EchoRequest) GetMessage() string

+ func (x *EchoRequest) GetNodeInfo() *NodeInformation

+ func (x *EchoRequest) GetRaftAppliedIndex() uint64

+ func (x *EchoRequest) GetRaftDesiredSuffrage() string

+ func (x *EchoRequest) GetRaftNodeID() string

+ func (x *EchoRequest) GetRaftTerm() uint64

+ func (x *EchoRequest) GetRaftUpgradeVersion() string

+ func (x *EchoRequest) GetSdkVersion() string

+ func (x *EchoRequest) ProtoReflect() protoreflect.Message

+ func (x *EchoRequest) Reset()

+ func (x *EchoRequest) String() string

+ type EncodedKeyring struct

+ Keys []*Key

+ MasterKey []byte

+ RotationConfig KeyRotationConfig

+ type EntityCounter struct

+ Total int

+ type EntityCreator interface

+ CreateEntity func(ctx context.Context) (*identity.Entity, error)

+ type ErrDecrypt struct

+ Err error

+ func (e *ErrDecrypt) Error() string

+ func (e *ErrDecrypt) Is(target error) bool

+ type ErrEncrypt struct

+ Err error

+ func (e *ErrEncrypt) Error() string

+ func (e *ErrEncrypt) Is(target error) bool

+ type ErrInvalidKey struct

+ Reason string

+ func (e *ErrInvalidKey) Error() string

+ type ExpirationManager struct

+ func NewExpirationManager(c *Core, view *BarrierView, e ExpireLeaseStrategy, logger log.Logger, ...) *ExpirationManager

+ func (e *ExpirationManager) DetectDeadlocks() bool

+ func (m *ExpirationManager) CreateOrFetchRevocationLeaseByToken(ctx context.Context, te *logical.TokenEntry) (string, error)

+ func (m *ExpirationManager) FetchLeaseTimes(ctx context.Context, leaseID string) (*leaseEntry, error)

+ func (m *ExpirationManager) FetchLeaseTimesByToken(ctx context.Context, te *logical.TokenEntry) (*leaseEntry, error)

+ func (m *ExpirationManager) LazyRevoke(ctx context.Context, leaseID string) error

+ func (m *ExpirationManager) Register(ctx context.Context, req *logical.Request, resp *logical.Response, ...) (id string, retErr error)

+ func (m *ExpirationManager) RegisterAuth(ctx context.Context, te *logical.TokenEntry, auth *logical.Auth, ...) error

+ func (m *ExpirationManager) Renew(ctx context.Context, leaseID string, increment time.Duration) (*logical.Response, error)

+ func (m *ExpirationManager) RenewToken(ctx context.Context, req *logical.Request, te *logical.TokenEntry, ...) (*logical.Response, error)

+ func (m *ExpirationManager) Restore(errorFunc func()) (retErr error)

+ func (m *ExpirationManager) Revoke(ctx context.Context, leaseID string) error

+ func (m *ExpirationManager) RevokeByToken(ctx context.Context, te *logical.TokenEntry) error

+ func (m *ExpirationManager) RevokeForce(ctx context.Context, prefix string) error

+ func (m *ExpirationManager) RevokePrefix(ctx context.Context, prefix string, sync bool) error

+ func (m *ExpirationManager) Stop() error

+ func (m *ExpirationManager) Tidy(ctx context.Context) error

+ func (m *ExpirationManager) WalkTokens(walkFn ExpirationWalkFunction) error

+ type ExpirationWalkFunction = func(leaseID string, auth *logical.Auth, path string) bool

+ type ExpireLeaseStrategy func(context.Context, *ExpirationManager, string, *namespace.Namespace)

+ type FailedLoginInfo struct

+ type FailedLoginUser struct

+ type FeatureFlags struct

+ NamespacesCubbyholesLocal bool

+ type GenerateRootConfig struct

+ Nonce string

+ OTP string

+ PGPFingerprint string

+ PGPKey string

+ Strategy GenerateRootStrategy

+ type GenerateRootResult struct

+ EncodedToken string

+ PGPFingerprint string

+ Progress int

+ Required int

+ type GenerateRootStrategy interface

+ var GenerateStandardRootTokenStrategy GenerateRootStrategy = generateStandardRootToken{}

+ func GenerateRecoveryTokenStrategy(token *atomic.String) GenerateRootStrategy

+ type GroupPolicyApplicationMode struct

+ GroupPolicyApplicationMode string

+ type GroupUpdater interface

+ SendGroupUpdate func(ctx context.Context, group *identity.Group) (bool, error)

+ type HAStatusNode struct

+ APIAddress string

+ ActiveNode bool

+ ClusterAddress string

+ Hostname string

+ LastEcho *time.Time

+ UpgradeVersion string

+ Version string

+ type HandlerHandler interface

+ Handler func(*HandlerProperties) http.Handler

+ type HandlerProperties struct

+ Core *Core

+ DisablePrintableCheck bool

+ ListenerConfig *configutil.Listener

+ RecoveryMode bool

+ RecoveryToken *uberAtomic.String

+ type IdentityFactor struct

+ ApprovalsRequired int

+ GroupIDs []string

+ GroupNames []string

+ type IdentityStore struct

+ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendConfig, ...) (*IdentityStore, error)

+ func (i *IdentityStore) CreateEntity(ctx context.Context) (*identity.Entity, error)

+ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.Alias) (*identity.Entity, bool, error)

+ func (i *IdentityStore) Invalidate(ctx context.Context, key string)

+ func (i *IdentityStore) MemDBAliasByFactors(mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error)

+ func (i *IdentityStore) MemDBAliasByFactorsInTxn(txn *memdb.Txn, mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error)

+ func (i *IdentityStore) MemDBAliasByID(aliasID string, clone bool, groupAlias bool) (*identity.Alias, error)

+ func (i *IdentityStore) MemDBAliasByIDInTxn(txn *memdb.Txn, aliasID string, clone bool, groupAlias bool) (*identity.Alias, error)

+ func (i *IdentityStore) MemDBAliases(ws memdb.WatchSet, groupAlias bool) (memdb.ResultIterator, error)

+ func (i *IdentityStore) MemDBDeleteAliasByIDInTxn(txn *memdb.Txn, aliasID string, groupAlias bool) error

+ func (i *IdentityStore) MemDBDeleteEntityByID(entityID string) error

+ func (i *IdentityStore) MemDBDeleteEntityByIDInTxn(txn *memdb.Txn, entityID string) error

+ func (i *IdentityStore) MemDBDeleteGroupByIDInTxn(txn *memdb.Txn, groupID string) error

+ func (i *IdentityStore) MemDBEntitiesByBucketKeyInTxn(txn *memdb.Txn, bucketKey string) ([]*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByAliasID(aliasID string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByID(entityID string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByIDInTxn(txn *memdb.Txn, entityID string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByMergedEntityID(mergedEntityID string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByName(ctx context.Context, entityName string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBEntityByNameInTxn(ctx context.Context, txn *memdb.Txn, entityName string, clone bool) (*identity.Entity, error)

+ func (i *IdentityStore) MemDBGroupByAliasID(aliasID string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupByID(groupID string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupByIDInTxn(txn *memdb.Txn, groupID string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupByName(ctx context.Context, groupName string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupByNameInTxn(ctx context.Context, txn *memdb.Txn, groupName string, clone bool) (*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupsByBucketKeyInTxn(txn *memdb.Txn, bucketKey string) ([]*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupsByMemberEntityID(entityID string, clone bool, externalOnly bool) ([]*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupsByMemberEntityIDInTxn(txn *memdb.Txn, entityID string, clone bool, externalOnly bool) ([]*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupsByParentGroupID(memberGroupID string, clone bool) ([]*identity.Group, error)

+ func (i *IdentityStore) MemDBGroupsByParentGroupIDInTxn(txn *memdb.Txn, memberGroupID string, clone bool) ([]*identity.Group, error)

+ func (i *IdentityStore) MemDBLocalAliasesByBucketKeyInTxn(txn *memdb.Txn, bucketKey string) ([]*identity.Alias, error)

+ func (i *IdentityStore) MemDBUpsertAliasInTxn(txn *memdb.Txn, alias *identity.Alias, groupAlias bool) error

+ func (i *IdentityStore) MemDBUpsertEntityInTxn(txn *memdb.Txn, entity *identity.Entity) error

+ func (i *IdentityStore) MemDBUpsertGroupInTxn(txn *memdb.Txn, group *identity.Group) error

+ func (i *IdentityStore) UpsertGroup(ctx context.Context, group *identity.Group, persist bool) error

+ func (i *IdentityStore) UpsertGroupInTxn(ctx context.Context, txn *memdb.Txn, group *identity.Group, persist bool) error

+ type InFlightReqData struct

+ ClientID string

+ ClientRemoteAddr string

+ Method string

+ ReqPath string

+ StartTime time.Time

+ type InFlightRequests struct

+ InFlightReqCount *uberAtomic.Uint64

+ InFlightReqMap *sync.Map

+ type InitParams struct

+ BarrierConfig *SealConfig

+ LegacyShamirSeal bool

+ RecoveryConfig *SealConfig

+ RootTokenPGPKey string

+ type InitResult struct

+ RecoveryShares [][]byte

+ RootToken string

+ SecretShares [][]byte

+ type InitializableBackend struct

+ func (b *InitializableBackend) Initialize(ctx context.Context, req *logical.InitializationRequest) error

+ type Inspectable interface

+ GetRecords func(tag string) ([]map[string]interface{}, error)

+ type Key struct

+ Encryptions uint64

+ InstallTime time.Time

+ Term uint32

+ Value []byte

+ Version int

+ func DeserializeKey(buf []byte) (*Key, error)

+ func (k *Key) Serialize() ([]byte, error)

+ type KeyInfo struct

+ Encryptions int64

+ InstallTime time.Time

+ Term int

+ type KeyRotationConfig struct

+ Disabled bool

+ Interval time.Duration

+ MaxOperations int64

+ func (c *KeyRotationConfig) Equals(config KeyRotationConfig) bool

+ func (c *KeyRotationConfig) Sanitize()

+ func (c KeyRotationConfig) Clone() KeyRotationConfig

+ type Keyring struct

+ func DeserializeKeyring(buf []byte) (*Keyring, error)

+ func NewKeyring() *Keyring

+ func (k *Keyring) ActiveKey() *Key

+ func (k *Keyring) ActiveTerm() uint32

+ func (k *Keyring) AddKey(key *Key) (*Keyring, error)

+ func (k *Keyring) Clone() *Keyring

+ func (k *Keyring) RemoveKey(term uint32) (*Keyring, error)

+ func (k *Keyring) RootKey() []byte

+ func (k *Keyring) Serialize() ([]byte, error)

+ func (k *Keyring) SetRootKey(val []byte) *Keyring

+ func (k *Keyring) TermKey(term uint32) *Key

+ func (k *Keyring) Zeroize(keysToo bool)

+ type LeaderResponse struct

+ ActiveTime time.Time

+ HAEnabled bool

+ IsSelf bool

+ LeaderAddress string

+ LeaderClusterAddress string

+ RaftAppliedIndex uint64

+ RaftCommittedIndex uint64

+ type ListenerCustomHeaders struct

+ Address string

+ StatusCodeHeaderMap map[string][]*logical.CustomHeader

+ func NewListenerCustomHeader(ln []*configutil.Listener, logger log.Logger, uiHeaders http.Header) []*ListenerCustomHeaders

+ func (l *ListenerCustomHeaders) ExistCustomResponseHeader(header string) bool

+ type ListingVisibilityType string

+ const ListingVisibilityDefault

+ const ListingVisibilityHidden

+ const ListingVisibilityUnauth

+ const MountTableNoUpdateStorage

+ const MountTableUpdateStorage

+ type LocalNode interface

+ HAState func() consts.HAState

+ ReplicationState func() consts.ReplicationState

+ type LockedUsersResponse struct

+ Counts int

+ MountAccessors []*ResponseMountAccessors

+ NamespaceID string

+ NamespacePath string

+ type LoginMFABackend struct

+ func NewLoginMFABackend(core *Core, logger hclog.Logger) *LoginMFABackend

+ func (b *LoginMFABackend) MemDBDeleteMFAConfigByID(methodId, tableName string) error

+ func (b *LoginMFABackend) MemDBDeleteMFAConfigByIDInTxn(txn *memdb.Txn, configID string) error

+ func (b *LoginMFABackend) MemDBDeleteMFALoginEnforcementConfigByNameAndNamespace(name, namespaceId, tableName string) error

+ func (b *LoginMFABackend) MemDBMFAConfigByID(mConfigID string) (*mfa.Config, error)

+ func (b *LoginMFABackend) MemDBMFAConfigByIDInTxn(txn *memdb.Txn, mConfigID string) (*mfa.Config, error)

+ func (b *LoginMFABackend) MemDBMFAConfigByName(ctx context.Context, name string) (*mfa.Config, error)

+ func (b *LoginMFABackend) MemDBMFAConfigByNameInTxn(ctx context.Context, txn *memdb.Txn, mConfigName string) (*mfa.Config, error)

+ func (b *LoginMFABackend) MemDBMFALoginEnforcementConfigByNameAndNamespace(name, namespaceId string) (*mfa.MFAEnforcementConfig, error)

+ func (b *LoginMFABackend) MemDBMFALoginEnforcementConfigIterator() (memdb.ResultIterator, error)

+ func (b *LoginMFABackend) MemDBUpsertMFALoginEnforcementConfig(ctx context.Context, eConfig *mfa.MFAEnforcementConfig) error

+ func (b *LoginMFABackend) ResetLoginMFAMemDB() error

+ type LoginMFAPriorityQueue struct

+ func NewLoginMFAPriorityQueue() *LoginMFAPriorityQueue

+ func (pq *LoginMFAPriorityQueue) Len() int

+ func (pq *LoginMFAPriorityQueue) PopByKey(reqID string) (*MFACachedAuthResponse, error)

+ func (pq *LoginMFAPriorityQueue) Push(resp *MFACachedAuthResponse) error

+ func (pq *LoginMFAPriorityQueue) RemoveExpiredMfaAuthResponse(expiryTime time.Duration, cutoffTime time.Time) error

+ type MFABackend struct

+ Core *Core

+ func NewMFABackend(core *Core, logger hclog.Logger, prefix string, ...) *MFABackend

+ func (b *MFABackend) MemDBUpsertMFAConfig(ctx context.Context, mConfig *mfa.Config) error

+ func (b *MFABackend) MemDBUpsertMFAConfigInTxn(txn *memdb.Txn, mConfig *mfa.Config) error

+ type MFACachedAuthResponse struct

+ CachedAuth *logical.Auth

+ RequestConnRemoteAddr string

+ RequestID string

+ RequestNSID string

+ RequestNSPath string

+ RequestPath string

+ TimeOfStorage time.Time

+ type MFAFactor struct

+ type MountConfig struct

+ AllowedManagedKeys []string

+ AllowedResponseHeaders []string

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ DefaultLeaseTTL time.Duration

+ ForceNoCache bool

+ ListingVisibility ListingVisibilityType

+ MaxLeaseTTL time.Duration

+ PassthroughRequestHeaders []string

+ PluginName string

+ TokenType logical.TokenType

+ UserLockoutConfig *UserLockoutConfig

+ type MountEntry struct

+ Accessor string

+ BackendAwareUUID string

+ Config MountConfig

+ Description string

+ ExternalEntropyAccess bool

+ Local bool

+ MountState string

+ NamespaceID string

+ Options map[string]string

+ Path string

+ RunningSha256 string

+ RunningVersion string

+ SealWrap bool

+ Table string

+ Tainted bool

+ Type string

+ UUID string

+ Version string

+ func (e *MountEntry) APIPath() string

+ func (e *MountEntry) APIPathNoNamespace() string

+ func (e *MountEntry) Clone() (*MountEntry, error)

+ func (e *MountEntry) IsExternalPlugin() bool

+ func (e *MountEntry) MountClass() string

+ func (e *MountEntry) Namespace() *namespace.Namespace

+ func (e *MountEntry) SyncCache()

+ func (e *MountEntry) ViewPath() string

+ func (entry *MountEntry) Deserialize() map[string]interface{}

+ type MountMigrationInfo struct

+ MigrationStatus string

+ SourceMount string

+ TargetMount string

+ type MountMigrationStatus int

+ const MigrationFailureStatus

+ const MigrationInProgressStatus

+ const MigrationSuccessStatus

+ func (m MountMigrationStatus) String() string

+ type MountTable struct

+ Entries []*MountEntry

+ Type string

+ type Namespacer interface

+ ListNamespaces func(includePath bool) []*namespace.Namespace

+ NamespaceByID func(context.Context, string) (*namespace.Namespace, error)

+ type NodeInformation struct

+ ApiAddr string

+ ClusterAddr string

+ Hostname string

+ Mode string

+ NodeID string

+ ReplicationState uint32

+ func (*NodeInformation) Descriptor() ([]byte, []int)

+ func (*NodeInformation) ProtoMessage()

+ func (x *NodeInformation) GetApiAddr() string

+ func (x *NodeInformation) GetClusterAddr() string

+ func (x *NodeInformation) GetHostname() string

+ func (x *NodeInformation) GetMode() string

+ func (x *NodeInformation) GetNodeID() string

+ func (x *NodeInformation) GetReplicationState() uint32

+ func (x *NodeInformation) ProtoReflect() protoreflect.Message

+ func (x *NodeInformation) Reset()

+ func (x *NodeInformation) String() string

+ type NonFatalError struct

+ Err error

+ func NewNonFatalError(err error) *NonFatalError

+ func (e *NonFatalError) Error() string

+ func (e *NonFatalError) WrappedErrors() []error

+ type NoopBackend struct

+ BackendType logical.BackendType

+ DefaultLeaseTTL time.Duration

+ Invalidations []string

+ Login []string

+ MaxLeaseTTL time.Duration

+ Paths []string

+ RequestHandler RouterTestHandlerFunc

+ Requests []*logical.Request

+ Response *logical.Response

+ RollbackErrs bool

+ Root []string

+ func (n *NoopBackend) Cleanup(ctx context.Context)

+ func (n *NoopBackend) HandleExistenceCheck(ctx context.Context, req *logical.Request) (bool, bool, error)

+ func (n *NoopBackend) HandleRequest(ctx context.Context, req *logical.Request) (*logical.Response, error)

+ func (n *NoopBackend) Initialize(ctx context.Context, req *logical.InitializationRequest) error

+ func (n *NoopBackend) InvalidateKey(ctx context.Context, k string)

+ func (n *NoopBackend) Logger() log.Logger

+ func (n *NoopBackend) Setup(ctx context.Context, config *logical.BackendConfig) error

+ func (n *NoopBackend) SpecialPaths() *logical.Paths

+ func (n *NoopBackend) System() logical.SystemView

+ func (n *NoopBackend) Type() logical.BackendType

+ type PassthroughBackend struct

+ func (b *PassthroughBackend) GeneratesLeases() bool

+ type PathRules struct

+ AllowedParametersHCL map[string][]interface{}

+ Capabilities []string

+ DeniedParametersHCL map[string][]interface{}

+ HasSegmentWildcards bool

+ IsPrefix bool

+ MFAMethodsHCL []string

+ MaxWrappingTTLHCL interface{}

+ MinWrappingTTLHCL interface{}

+ Path string

+ Permissions *ACLPermissions

+ Policy string

+ RequiredParametersHCL []string

+ type PeerNode struct

+ APIAddress string

+ ClusterAddress string

+ Hostname string

+ LastEcho time.Time

+ UpgradeVersion string

+ Version string

+ type PhysicalBackendBundle struct

+ Backend physical.Backend

+ Cleanup func()

+ HABackend physical.HABackend

+ type PluginCatalog struct

+ func (c *PluginCatalog) Delete(ctx context.Context, name string, pluginType consts.PluginType, ...) error

+ func (c *PluginCatalog) Get(ctx context.Context, name string, pluginType consts.PluginType, version string) (*pluginutil.PluginRunner, error)

+ func (c *PluginCatalog) List(ctx context.Context, pluginType consts.PluginType) ([]string, error)

+ func (c *PluginCatalog) ListVersionedPlugins(ctx context.Context, pluginType consts.PluginType) ([]pluginutil.VersionedPlugin, error)

+ func (c *PluginCatalog) NewPluginClient(ctx context.Context, config pluginutil.PluginClientConfig) (*pluginClient, error)

+ func (c *PluginCatalog) Set(ctx context.Context, name string, pluginType consts.PluginType, version string, ...) error

+ func (c *PluginCatalog) UpgradePlugins(ctx context.Context, logger log.Logger) error

+ type Policy struct

+ Name string

+ Paths []*PathRules

+ Raw string

+ Templated bool

+ Type PolicyType

+ func ParseACLPolicy(ns *namespace.Namespace, rules string) (*Policy, error)

+ func (p *Policy) ShallowClone() *Policy

+ type PolicyCheckOpts struct

+ RootPrivsRequired bool

+ Unauth bool

+ type PolicyEntry struct

+ Raw string

+ Templated bool

+ Type PolicyType

+ Version int

+ type PolicyStore struct

+ func NewPolicyStore(ctx context.Context, core *Core, baseView *BarrierView, ...) (*PolicyStore, error)

+ func (ps *PolicyStore) ACL(ctx context.Context, entity *identity.Entity, policyNames map[string][]string, ...) (*ACL, error)

+ func (ps *PolicyStore) DeletePolicy(ctx context.Context, name string, policyType PolicyType) error

+ func (ps *PolicyStore) GetNonEGPPolicyType(nsID string, name string) (*PolicyType, error)

+ func (ps *PolicyStore) GetPolicy(ctx context.Context, name string, policyType PolicyType) (*Policy, error)

+ func (ps *PolicyStore) ListPolicies(ctx context.Context, policyType PolicyType) ([]string, error)

+ func (ps *PolicyStore) SetPolicy(ctx context.Context, p *Policy) error

+ type PolicyType uint32

+ const PolicyTypeACL

+ const PolicyTypeToken

+ func (p PolicyType) String() string

+ type RawBackend struct

+ func NewRawBackend(core *Core) *RawBackend

+ type RegisterAuthFunc func(context.Context, time.Duration, string, *logical.Auth, string) error

+ type RekeyBackup struct

+ Keys map[string][]string

+ Nonce string

+ type RekeyResult struct

+ Backup bool

+ PGPFingerprints []string

+ RecoveryKey bool

+ SecretShares [][]byte

+ VerificationNonce string

+ VerificationRequired bool

+ type RekeyVerifyResult struct

+ Complete bool

+ Nonce string

+ type RequestForwardingClient interface

+ Echo func(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error)

+ ForwardRequest func(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error)

+ func NewRequestForwardingClient(cc grpc.ClientConnInterface) RequestForwardingClient

+ type RequestForwardingServer interface

+ Echo func(context.Context, *EchoRequest) (*EchoReply, error)

+ ForwardRequest func(context.Context, *forwarding.Request) (*forwarding.Response, error)

+ type ResponseMountAccessors struct

+ AliasIdentifiers []string

+ Counts int

+ MountAccessor string

+ type RollbackManager struct

+ func NewRollbackManager(ctx context.Context, logger log.Logger, backendsFunc func() []*MountEntry, ...) *RollbackManager

+ func (m *RollbackManager) Rollback(ctx context.Context, path string) error

+ func (m *RollbackManager) Start()

+ func (m *RollbackManager) Stop()

+ func (m *RollbackManager) StopTicker()

+ type Router struct

+ func NewRouter() *Router

+ func (r *Router) GetRecords(tag string) ([]map[string]interface{}, error)

+ func (r *Router) LoginPath(ctx context.Context, path string) bool

+ func (r *Router) MatchingAPIPrefixByStoragePath(ctx context.Context, path string) (*namespace.Namespace, string, string, bool)

+ func (r *Router) MatchingBackend(ctx context.Context, path string) logical.Backend

+ func (r *Router) MatchingMount(ctx context.Context, path string) string

+ func (r *Router) MatchingMountByAPIPath(ctx context.Context, path string) string

+ func (r *Router) MatchingMountByAccessor(mountAccessor string) *MountEntry

+ func (r *Router) MatchingMountByUUID(mountID string) *MountEntry

+ func (r *Router) MatchingMountEntry(ctx context.Context, path string) *MountEntry

+ func (r *Router) MatchingStorageByAPIPath(ctx context.Context, path string) logical.Storage

+ func (r *Router) MatchingStorageByStoragePath(ctx context.Context, path string) logical.Storage

+ func (r *Router) MatchingStoragePrefixByAPIPath(ctx context.Context, path string) (string, bool)

+ func (r *Router) MatchingSystemView(ctx context.Context, path string) logical.SystemView

+ func (r *Router) Mount(backend logical.Backend, prefix string, mountEntry *MountEntry, ...) error

+ func (r *Router) MountConflict(ctx context.Context, path string) string

+ func (r *Router) Remount(ctx context.Context, src, dst string) error

+ func (r *Router) RootPath(ctx context.Context, path string) bool

+ func (r *Router) Route(ctx context.Context, req *logical.Request) (*logical.Response, error)

+ func (r *Router) RouteExistenceCheck(ctx context.Context, req *logical.Request) (*logical.Response, bool, bool, error)

+ func (r *Router) Taint(ctx context.Context, path string) error

+ func (r *Router) Unmount(ctx context.Context, prefix string) error

+ func (r *Router) Untaint(ctx context.Context, path string) error

+ func (r *Router) ValidateMountByAccessor(accessor string) *ValidateMountResponse

+ type RouterAccess struct

+ func NewRouterAccess(c *Core) *RouterAccess

+ func (r *RouterAccess) StoragePrefixByAPIPath(ctx context.Context, path string) (string, bool)

+ type RouterTestHandlerFunc func(context.Context, *logical.Request) (*logical.Response, error)

+ type SSCTokenGenerationCounter struct

+ Counter int

+ type Seal interface

+ BarrierConfig func(context.Context) (*SealConfig, error)

+ BarrierType func() wrapping.WrapperType

+ Finalize func(context.Context) error

+ GetAccess func() seal.Access

+ GetShamirWrapper func() (*aeadwrapper.ShamirWrapper, error)

+ GetStoredKeys func(context.Context) ([][]byte, error)

+ Init func(context.Context) error

+ RecoveryConfig func(context.Context) (*SealConfig, error)

+ RecoveryKey func(context.Context) ([]byte, error)

+ RecoveryKeySupported func() bool

+ RecoveryType func() string

+ SealWrapable func() bool

+ SetBarrierConfig func(context.Context, *SealConfig) error

+ SetCachedBarrierConfig func(*SealConfig)

+ SetCachedRecoveryConfig func(*SealConfig)

+ SetCore func(*Core)

+ SetRecoveryConfig func(context.Context, *SealConfig) error

+ SetRecoveryKey func(context.Context, []byte) error

+ SetStoredKeys func(context.Context, [][]byte) error

+ StoredKeysSupported func() seal.StoredKeysSupport

+ VerifyRecoveryKey func(context.Context, []byte) error

+ func NewDefaultSeal(lowLevel seal.Access) Seal

+ func NewTestSeal(t testing.T, opts *seal.TestSealOpts) Seal

+ type SealAccess struct

+ func NewSealAccess(seal Seal) *SealAccess

+ func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error)

+ func (s *SealAccess) BarrierType() wrapping.WrapperType

+ func (s *SealAccess) ClearCaches(ctx context.Context)

+ func (s *SealAccess) GetAccess() seal.Access

+ func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error)

+ func (s *SealAccess) RecoveryKeySupported() bool

+ func (s *SealAccess) StoredKeysSupported() seal.StoredKeysSupport

+ func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error

+ type SealConfig struct

+ Backup bool

+ Nonce string

+ PGPKeys []string

+ RekeyProgress [][]byte

+ SecretShares int

+ SecretThreshold int

+ StoredShares int

+ Type string

+ VerificationKey []byte

+ VerificationNonce string

+ VerificationProgress [][]byte

+ VerificationRequired bool

+ func (s *SealConfig) Clone() *SealConfig

+ func (s *SealConfig) Validate() error

+ type SealStatusResponse struct

+ BuildDate string

+ ClusterID string

+ ClusterName string

+ Initialized bool

+ Migration bool

+ N int

+ Nonce string

+ Progress int

+ RecoverySeal bool

+ Sealed bool

+ StorageType string

+ T int

+ Type string

+ Version string

+ Warnings []string

+ type SecurityBarrier interface

+ func NewAESGCMBarrier(storage physical.Backend) (SecurityBarrier, error)

+ type SecurityBarrierCore interface

+ ActiveKeyInfo func() (*KeyInfo, error)

+ AddRemoteEncryptions func(encryptions int64)

+ CheckBarrierAutoRotate func(ctx context.Context) (string, error)

+ CheckUpgrade func(ctx context.Context) (bool, uint32, error)

+ ConsumeEncryptionCount func(consumer func(int64) error) error

+ CreateUpgrade func(ctx context.Context, term uint32) error

+ DestroyUpgrade func(ctx context.Context, term uint32) error

+ GenerateKey func(io.Reader) ([]byte, error)

+ Initialize func(ctx context.Context, rootKey []byte, sealKey []byte, random io.Reader) error

+ Initialized func(ctx context.Context) (bool, error)

+ KeyLength func() (int, int)

+ Keyring func() (*Keyring, error)

+ Rekey func(context.Context, []byte) error

+ ReloadKeyring func(ctx context.Context) error

+ ReloadRootKey func(ctx context.Context) error

+ Rotate func(ctx context.Context, reader io.Reader) (uint32, error)

+ RotationConfig func() (KeyRotationConfig, error)

+ Seal func() error

+ Sealed func() (bool, error)

+ SetRootKey func(key []byte) error

+ SetRotationConfig func(ctx context.Context, config KeyRotationConfig) error

+ Unseal func(ctx context.Context, key []byte) error

+ VerifyRoot func(key []byte) error

+ type SecurityBarrierTransaction interface

+ type SentinelResults struct

+ GrantingPolicies []logical.PolicyInfo

+ type SystemBackend struct

+ Core *Core

+ func NewSystemBackend(core *Core, logger log.Logger) *SystemBackend

+ type TOTPPersister interface

+ PersistTOTPKey func(ctx context.Context, configID string, entityID string, key string) error

+ type TestCluster struct

+ BarrierKeys [][]byte

+ CACert *x509.Certificate

+ CACertBytes []byte

+ CACertPEM []byte

+ CACertPEMFile string

+ CAKey *ecdsa.PrivateKey

+ CAKeyPEM []byte

+ CleanupFunc func()

+ ClientAuthRequired bool

+ Cores []*TestClusterCore

+ ID string

+ LicensePrivateKey ed25519.PrivateKey

+ LicensePublicKey ed25519.PublicKey

+ Logger log.Logger

+ Plugins []pluginhelpers.TestPlugin

+ RecoveryKeys [][]byte

+ RootCAs *x509.CertPool

+ RootToken string

+ SetupFunc func()

+ TempDir string

+ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *TestCluster

+ func (c *TestCluster) AttemptUnsealCore(core *TestClusterCore) error

+ func (c *TestCluster) Cleanup()

+ func (c *TestCluster) ClusterID() string

+ func (c *TestCluster) EnsureCoresSealed(t testing.T)

+ func (c *TestCluster) GetBarrierKeys() [][]byte

+ func (c *TestCluster) GetBarrierOrRecoveryKeys() [][]byte

+ func (c *TestCluster) GetCACertPEMFile() string

+ func (c *TestCluster) GetRecoveryKeys() [][]byte

+ func (c *TestCluster) GetRootToken() string

+ func (c *TestCluster) NamedLogger(name string) log.Logger

+ func (c *TestCluster) Nodes() []testcluster.VaultClusterNode

+ func (c *TestCluster) SetBarrierKeys(keys [][]byte)

+ func (c *TestCluster) SetRecoveryKeys(keys [][]byte)

+ func (c *TestCluster) SetRootToken(token string)

+ func (c *TestCluster) Start()

+ func (c *TestCluster) UnsealCore(t testing.T, core *TestClusterCore)

+ func (c *TestCluster) UnsealCoreWithStoredKeys(t testing.T, core *TestClusterCore)

+ func (c *TestCluster) UnsealCores(t testing.T)

+ func (c *TestCluster) UnsealCoresWithError(useStoredKeys bool) error

+ func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOptions)

+ func (cluster *TestCluster) StopCore(t testing.T, idx int)

+ func (tc *TestCluster) InitCores(t testing.T, opts *TestClusterOptions, addAuditBackend bool)

+ type TestClusterCore struct

+ Address *net.TCPAddr

+ Barrier SecurityBarrier

+ Client *api.Client

+ CoreConfig *CoreConfig

+ Handler http.Handler

+ Listeners []*TestListener

+ NodeID string

+ ReloadFuncs *map[string][]reloadutil.ReloadFunc

+ ReloadFuncsLock *sync.RWMutex

+ Server *http.Server

+ ServerCert *x509.Certificate

+ ServerCertBytes []byte

+ ServerCertPEM []byte

+ ServerKey *ecdsa.PrivateKey

+ ServerKeyPEM []byte

+ UnderlyingHAStorage physical.HABackend

+ UnderlyingRawStorage physical.Backend

+ UnderlyingStorage physical.Backend

+ func (c *TestClusterCore) APIClient() *api.Client

+ func (c *TestClusterCore) ClusterListener() *cluster.Listener

+ func (c *TestClusterCore) GrabRollbackLock()

+ func (c *TestClusterCore) LogicalStorage() logical.Storage

+ func (c *TestClusterCore) Name() string

+ func (c *TestClusterCore) ReleaseRollbackLock()

+ func (c *TestClusterCore) Seal(t testing.T)

+ func (c *TestClusterCore) StopAutomaticRollbacks()

+ func (c *TestClusterCore) TLSConfig() *tls.Config

+ func (c *TestClusterCore) TriggerRollbacks()

+ type TestClusterOptions struct

+ ABCDLoggerNames bool

+ BaseClusterListenPort int

+ BaseListenAddress string

+ CACert []byte

+ CAKey *ecdsa.PrivateKey

+ ClusterLayers cluster.NetworkLayerSet

+ CoreMetricSinkProvider func(clusterName string) (*metricsutil.ClusterMetricSink, *metricsutil.MetricsHelper)

+ DefaultHandlerProperties HandlerProperties

+ EffectiveSDKVersionMap map[int]string

+ FirstCoreNumber int

+ HandlerFunc HandlerHandler

+ InmemClusterLayers bool

+ KVVersion string

+ KeepStandbysSealed bool

+ LicensePrivateKey ed25519.PrivateKey

+ LicensePublicKey ed25519.PublicKey

+ Logger log.Logger

+ NoDefaultQuotas bool

+ NumCores int

+ PhysicalFactory func(t testing.T, coreIdx int, logger log.Logger, conf map[string]interface{}) *PhysicalBackendBundle

+ PhysicalFactoryConfig map[string]interface{}

+ Plugins *TestPluginConfig

+ RaftAddressProvider raftlib.ServerAddressProvider

+ RequestResponseCallback func(logical.Backend, *logical.Request, *logical.Response)

+ RequireClientAuth bool

+ SealFunc func() Seal

+ SetupFunc func(t testing.T, c *TestCluster)

+ SkipInit bool

+ TempDir string

+ UnwrapSealFunc func() Seal

+ VersionMap map[int]string

+ type TestListener struct

+ Address *net.TCPAddr

+ type TestPluginConfig struct

+ Typ consts.PluginType

+ Versions []string

+ type TokenCounter struct

+ Total int

+ type TokenStore struct

+ func NewTokenStore(ctx context.Context, logger log.Logger, core *Core, ...) (*TokenStore, error)

+ func (ts *TokenStore) CalculateSignedTokenHMAC(marshalledToken []byte) ([]byte, error)

+ func (ts *TokenStore) GenerateSSCTokenID(innerToken string, te *logical.TokenEntry) string

+ func (ts *TokenStore) GetSSCTokensGenerationCounter() int

+ func (ts *TokenStore) Invalidate(ctx context.Context, key string)

+ func (ts *TokenStore) Lookup(ctx context.Context, id string) (*logical.TokenEntry, error)

+ func (ts *TokenStore) Salt(ctx context.Context) (*salt.Salt, error)

+ func (ts *TokenStore) SaltID(ctx context.Context, id string) (string, error)

+ func (ts *TokenStore) SetExpirationManager(exp *ExpirationManager)

+ func (ts *TokenStore) UpdateSSCTokensGenerationCounter(ctx context.Context) error

+ func (ts *TokenStore) UseToken(ctx context.Context, te *logical.TokenEntry) (*logical.TokenEntry, error)

+ func (ts *TokenStore) UseTokenByID(ctx context.Context, id string) (*logical.TokenEntry, error)

+ type TokenStorer interface

+ CreateToken func(context.Context, *logical.TokenEntry) error

+ LookupToken func(context.Context, string) (*logical.TokenEntry, error)

+ type TransactionalAESGCMBarrier struct

+ func (b *TransactionalAESGCMBarrier) BeginReadOnlyTx(ctx context.Context) (logical.Transaction, error)

+ func (b *TransactionalAESGCMBarrier) BeginTx(ctx context.Context) (logical.Transaction, error)

+ type TransactionalSecurityBarrier interface

+ type UIConfig struct

+ func NewUIConfig(enabled bool, physicalStorage physical.Backend, barrierStorage logical.Storage) *UIConfig

+ func (c *UIConfig) DeleteHeader(ctx context.Context, header string) error

+ func (c *UIConfig) Enabled() bool

+ func (c *UIConfig) GetHeader(ctx context.Context, header string) ([]string, error)

+ func (c *UIConfig) HeaderKeys(ctx context.Context) ([]string, error)

+ func (c *UIConfig) Headers(ctx context.Context) (http.Header, error)

+ func (c *UIConfig) SetHeader(ctx context.Context, header string, values []string) error

+ type UnimplementedRequestForwardingServer struct

+ func (UnimplementedRequestForwardingServer) Echo(context.Context, *EchoRequest) (*EchoReply, error)

+ func (UnimplementedRequestForwardingServer) ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error)

+ type UnsafeRequestForwardingServer interface

+ type UnsealStrategy interface

+ type UserLockoutConfig struct

+ DisableLockout bool

+ LockoutCounterReset time.Duration

+ LockoutDuration time.Duration

+ LockoutThreshold uint64

+ type ValidateMountResponse struct

+ MountAccessor string

+ MountLocal bool

+ MountPath string

+ MountType string

+ type VaultVersion struct

+ BuildDate string

+ TimestampInstalled time.Time

+ Version string