README
¶
certmagic-vault-storage
This is a Storage backend for CertMagic which allows storing of TLS certificates managed by it in HashiCorp's Vault.
This plugin can be used standalone in your own go-program, or it can be pulled in to Caddy by using the associated project: https://github.com/mywordpress-io/caddy-vault-storage
Usage
Caddy
For usage as a Caddy plugin built with xcaddy, review this project.
Standalone
For standalone usage in your own go module:
package main
import (
"github.com/mywordpress-io/certmagic-vault-storage"
"github.com/mywordpress-io/caddy-vault-storage"
)
func Setup() {
certmagic := certmagic.NewDefault()
// This is the base configuration object used by certmagic_vault_storage--you can either use the
// one specified in the caddy_vault_storage repo, or roll your own (as long as it satisfies the
// certmagic_vault_storage.StorageConfigInterface interface).
customLockTimeout := certmagic_vault_storage.Duration(60 * time.Second)
customLockPollingDuration := certmagic_vault_storage.Duration(5 * time.Second)
caddyStorage := &caddy_vault_storage.Storage{
URL: certmagic_vault_storage.MustParseURL("http://localhost:8200"),
Token: "dead-beef",
SecretsPath: "secrets",
PathPrefix: "certificates",
LockTimeout: &customLockTimeout,
LockPollingInterval: &customLockPollingDuration,
InsecureSkipVerify: false,
}
// Specify your setting to certMagicVaultStorage here, and assign the Storage provider to CertMagic:
certmagic.Storage = certmagic_vault_storage.NewStorage(caddyStorage)
// Now do other operations with 'certmagic' as you normally would:
certmagic.Issuers = ...
}
Documentation
¶
Index ¶
- type Duration
- type Storage
- func (s *Storage) Delete(_ context.Context, key string) error
- func (s *Storage) Exists(_ context.Context, key string) bool
- func (s *Storage) List(ctx context.Context, prefix string, recursive bool) ([]string, error)
- func (s *Storage) Load(_ context.Context, key string) ([]byte, error)
- func (s *Storage) Lock(ctx context.Context, key string) error
- func (s *Storage) Stat(_ context.Context, key string) (certmagic.KeyInfo, error)
- func (s *Storage) Store(_ context.Context, key string, value []byte) error
- func (s *Storage) Unlock(_ context.Context, key string) error
- type StorageConfigInterface
- type Time
- type URL
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Storage ¶
type Storage struct {
// contains filtered or unexported fields
}
Storage is the main object passed to CertMagic that implements the "Storage" interface.
func NewStorage ¶
func NewStorage(config StorageConfigInterface) *Storage
func (*Storage) List ¶
List will recursively list all items at prefix if recursive==true. If not, it will just return a list of items that are NOT "directories" in Vault. Note that Vault's kv-v2 engine doesn't really have the idea of directories, they are more like paths in a tree (I guess?).
Caveats:
- When recursive==false, we ONLY include item that do NOT have a trailing slash
- When recursive==true, we include ALL items from the specified prefix that do NOT have a trailing slash
type StorageConfigInterface ¶
type StorageConfigInterface interface {
GetLogger() *zap.SugaredLogger
GetVaultBaseUrl() string
GetToken() string
GetApproleLoginPath() string
GetApproleLogoutPath() string
GetApproleRoleId() string
GetApproleSecretId() string
GetSecretsPath() string
GetPathPrefix() string
GetInsecureSkipVerify() bool
GetLockTimeout() Duration
GetLockPollingInterval() Duration
}
Source Files
Directories