README
¶
CaddyVault
A Storage plugin for CaddyServer V2 using Vault as backend for storing TLS data like certificates, keys etc., This is a fork from https://github.com/siva-chegondi/caddyvault who initially wrote the Caddy V1 version.
Prerequisite
This plugin expects the following environment.
- A VAULT server running and accessible from the machine/s on which caddy is running.
- A KV secret engine version 2 on the path caddycerts:
vault secrets enable -version=2 -path=caddycerts kv - A VAULT_TOKEN set in the environment variable
Compile Caddy v2 with CaddyVault plugin
To extend caddy with CaddyVault plugin, we need to include following import statement
in github.com/caddyserver/caddy/caddy/caddymain/run.go file.
import (
_ "github.com/caddyserver/caddy/v2"
_ "github.com/pydio/caddyvault"
)
Configuration
Vault configuration
- We need to enable KV2 secrets engine on the path
certpaths.
Caddy configuration
- Enable this storage in the Caddyfile using
{
storage vault {
address https://localhost:8200 # can be passed via VAULT_ADDR as well
prefix caddycerts # store name, defaults to caddycerts
token xxx # [optional if not set via VAULT_TOKEN env]
}
}
Documentation
¶
Index ¶
- type VaultStorage
- func (vs *VaultStorage) CaddyModule() caddy.ModuleInfo
- func (vs *VaultStorage) CertMagicStorage() (certmagic.Storage, error)
- func (vs *VaultStorage) Delete(ctx context.Context, key string) error
- func (vs *VaultStorage) Exists(ctx context.Context, key string) bool
- func (vs *VaultStorage) List(ctx context.Context, prefix string, recursive bool) ([]string, error)
- func (vs *VaultStorage) Load(ctx context.Context, key string) ([]byte, error)
- func (vs *VaultStorage) Lock(c context.Context, key string) error
- func (vs *VaultStorage) Provision(ctx caddy.Context) error
- func (vs *VaultStorage) Stat(ctx context.Context, key string) (certmagic.KeyInfo, error)
- func (vs *VaultStorage) Store(ctx context.Context, key string, value []byte) error
- func (vs *VaultStorage) Unlock(ctx context.Context, key string) error
- func (vs *VaultStorage) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type VaultStorage ¶
type VaultStorage struct {
// API is the vault server address, including scheme, host and port. If it is empty, module looks up for VAULT_ADDR env variable.
API string
// Prefix is the vault server store path. A secret engine **v2** must be created at this path. Defaults to 'caddycerts'.
Prefix string
// Token should generally be passed via the VAULT_TOKEN env variable, but can be set manually here.
Token string
}
VaultStorage is a certmagic.Storage implementation for storing for ACME certificates inside an Hashicorp Vault server.
func (*VaultStorage) CaddyModule ¶
func (vs *VaultStorage) CaddyModule() caddy.ModuleInfo
func (*VaultStorage) CertMagicStorage ¶
func (vs *VaultStorage) CertMagicStorage() (certmagic.Storage, error)
CertMagicStorage converts vs to a certmagic.Storage instance.
func (*VaultStorage) Delete ¶
func (vs *VaultStorage) Delete(ctx context.Context, key string) error
Delete deletes the certificate from vault.
func (*VaultStorage) Exists ¶
func (vs *VaultStorage) Exists(ctx context.Context, key string) bool
Exists returns existance of certificate with key
func (*VaultStorage) Lock ¶
func (vs *VaultStorage) Lock(c context.Context, key string) error
Lock locks operations on certificate with particular key
func (*VaultStorage) Provision ¶
func (vs *VaultStorage) Provision(ctx caddy.Context) error
func (*VaultStorage) Unlock ¶
func (vs *VaultStorage) Unlock(ctx context.Context, key string) error
Unlock unlocks operations on certificate data
func (*VaultStorage) UnmarshalCaddyfile ¶
func (vs *VaultStorage) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
Source Files
Directories