vaulthelper

package
v0.0.0-...-b939d74 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2018 License: GPL-2.0-or-later Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTokenNotFound = errors.New("no token found")
)

Functions

func GetEC2InstanceIdentityPKCS7 

func GetEC2InstanceIdentityPKCS7() (string, error)

func GetMountVersion 

func GetMountVersion(client *vault.Client, mountPath string) (int, error)

GetMountVersion determines the version of a mounted backend. Requires read access to /sys/mounts

func LoginWithEC2InstanceProfile 

func LoginWithEC2InstanceProfile(client *vault.Client, role string, nonce string) (*vault.Secret, error)

func NewClient 

func NewClient(config *vault.Config) (*vault.Client, error)

Types

type EnvTokenProvider 

type EnvTokenProvider struct{}

func (*EnvTokenProvider) RetrieveToken 

func (p *EnvTokenProvider) RetrieveToken() (string, error)

type KV 

type KV struct {
	MountPoint string
	Client     *vault.Client
	// contains filtered or unexported fields
}

KV is used for accessing kv data in vault. Only v2 compatible

func NewKV 

func NewKV(client *vault.Client, mountPath string, version int) *KV

NewKV creates a KV object for the kv backend mounted at mountPath

func (*KV) DeleteLatest 

func (kv *KV) DeleteLatest(key string) error

DeleteLatest deletes the latest version of a key

func (*KV) ReadLatest 

func (kv *KV) ReadLatest(key string) (map[string]interface{}, map[string]interface{}, error)

ReadLatest reads the latest version of a given secret

func (*KV) Write 

func (kv *KV) Write(key string, data map[string]interface{}, options *WriteOptions) error

Write writes a new version of the secret

type LoginTokenProvider 

type LoginTokenProvider struct{}

LoginTokenProvider finds tokens output by `vault login`

func (*LoginTokenProvider) RetrieveToken 

func (p *LoginTokenProvider) RetrieveToken() (string, error)

type TlsCertTokenProvider 

type TlsCertTokenProvider struct {
	Client *vault.Client
}

func (*TlsCertTokenProvider) RetrieveToken 

func (p *TlsCertTokenProvider) RetrieveToken() (string, error)

type TokenChainProvider 

type TokenChainProvider struct {
	Providers []TokenProvider
	Validator TokenValidFunc
}

func NewDefaultChainProvider 

func NewDefaultChainProvider(client *vault.Client) *TokenChainProvider

func (*TokenChainProvider) RetrieveToken 

func (p *TokenChainProvider) RetrieveToken() (string, error)

type TokenProvider 

type TokenProvider interface {
	RetrieveToken() (string, error)
}

type TokenValidFunc 

type TokenValidFunc func(token string) bool

TokenExpiredFunc returns true if the token is valid

type VaultAwsStsCredentials 

type VaultAwsStsCredentials struct {
	VaultClient *vault.Client
	VaultRole   string
	// contains filtered or unexported fields
}

func (*VaultAwsStsCredentials) IsExpired 

func (v *VaultAwsStsCredentials) IsExpired() bool

func (*VaultAwsStsCredentials) Retrieve 

func (v *VaultAwsStsCredentials) Retrieve() (credentials.Value, error)

type WriteOptions 

type WriteOptions struct {
	CasVersion int64 `json:"cas"`
}

WriteOptions see options for create/updates to the KV api

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.