Documentation
¶
Overview ¶
Package hashivault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.
URLs ¶
For secrets.OpenKeeper, hashivault registers for the scheme "hashivault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" (or "VAULT_ADDR") and "VAULT_SERVER_TOKEN" (or "VAULT_TOKEN"). To customize the URL opener, or for more details on the URL format, see URLOpener. See https://sraphs.github.io/gdk/concepts/urls/ for background information.
As ¶
hashivault does not support any types for As.
Example (OpenFromURL) ¶
package main
import (
"context"
"log"
"github.com/sraphs/gdk/secrets"
)
func main() {
// PRAGMA: This example is used on github.com/sraphs/gdk; PRAGMA comments adjust how it is shown and can be ignored.
// PRAGMA: On github.com/sraphs/gdk, add a blank import: _ "github.com/sraphs/gdk/secrets/hashivault"
// PRAGMA: On github.com/sraphs/gdk, hide lines until the next blank line.
ctx := context.Background()
keeper, err := secrets.OpenKeeper(ctx, "hashivault://mykey")
if err != nil {
log.Fatal(err)
}
defer keeper.Close()
}
Output:
Index ¶
Examples ¶
Constants ¶
const Scheme = "hashivault"
Scheme is the URL scheme hashivault registers its URLOpener under on secrets.DefaultMux.
Variables ¶
This section is empty.
Functions ¶
func OpenKeeper ¶
OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.
Example ¶
package main
import (
"context"
"log"
"github.com/hashicorp/vault/api"
"github.com/sraphs/gdk/secrets/hashivault"
)
func main() {
// PRAGMA: This example is used on github.com/sraphs/gdk; PRAGMA comments adjust how it is shown and can be ignored.
// PRAGMA: On github.com/sraphs/gdk, hide lines until the next blank line.
ctx := context.Background()
// Get a client to use with the Vault API.
client, err := hashivault.Dial(ctx, &hashivault.Config{
Token: "CLIENT_TOKEN",
APIConfig: api.Config{
Address: "http://127.0.0.1:8200",
},
})
if err != nil {
log.Fatal(err)
}
// Construct a *secrets.Keeper.
keeper := hashivault.OpenKeeper(client, "my-key", nil)
defer keeper.Close()
}
Output:
Types ¶
type Config ¶
type Config struct {
// Token is the access token the Vault client uses to talk to the server.
// See https://www.vaultproject.io/docs/concepts/tokens.html for more
// information.
Token string
// APIConfig is used to configure the creation of the client.
APIConfig api.Config
}
Config is the authentication configurations of the Vault server.
type KeeperOptions ¶
type KeeperOptions struct {
// Engine is the name of the secrets engine to use.
// It defaults to "transit".
Engine string
}
KeeperOptions controls Keeper behaviors. It is provided for future extensibility.
type URLOpener ¶
type URLOpener struct {
// Client must be non-nil.
Client *api.Client
// Options specifies the options to pass to OpenKeeper.
Options KeeperOptions
}
URLOpener opens Vault URLs like "hashivault://mykey".
The URL Host + Path are used as the keyID.
The following query parameters are supported: - engine: The secrets engine to use; defaults to "transit".
Source Files