vault

package
v0.9.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2018 License: MIT Imports: 37 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Canonicalize added in v0.4.1 

func Canonicalize(p string) string

func DecodeErrorResponse added in v0.0.22 

func DecodeErrorResponse(body []byte) error

func IsKeyNotFound added in v0.1.5 

func IsKeyNotFound(err error) bool

IsKeyNotFound returns true if the given error was created with NewKeyNotFoundError(). False otherwise.

func IsNotFound added in v0.0.26 

func IsNotFound(err error) bool

IsNotFound returns true if the given error is a SecretNotFound error 

or a KeyNotFound error. Returns false otherwise.

func IsSecretNotFound added in v0.1.5 

func IsSecretNotFound(err error) bool

IsSecretNotFound returns true if the given error was created with NewSecretNotFoundError(). False otherwise.

func NewKeyNotFoundError added in v0.0.26 

func NewKeyNotFoundError(path, key string) error

NewKeyNotFoundError returns an error object describing the key that could not be located within the secret it was searched for in. Returning a KeyNotFound error should semantically mean that the secret it would've been contained in was located in the vault.

func NewSecretNotFoundError added in v0.0.26 

func NewSecretNotFoundError(path string) error

NewSecretNotFoundError returns an error with a message descibing the path which could not be found in the secret backend.

func ParsePath added in v0.0.26 

func ParsePath(path string) (secret, key string)

ParsePath splits the given path string into its respective secret path 

and contained key parts

func PathHasKey added in v0.1.5 

func PathHasKey(path string) bool

PathHasKey returns true if the given path has a key specified in its syntax. False otherwise.

Types

type CertOptions added in v0.0.22 

type CertOptions struct {
	CN                string `json:"common_name"`
	TTL               string `json:"ttl,omitempty"`
	AltNames          string `json:"alt_names,omitempty"`
	IPSans            string `json:"ip_sans,omitempty"`
	ExcludeCNFromSans bool   `json:"exclude_cn_from_sans,omitempty"`
}

type RekeyOpts added in v0.3.0 

type RekeyOpts struct {
	SecretShares    int      `json:"secret_shares"`
	SecretThreshold int      `json:"secret_threshold"`
	PGPKeys         []string `json:"pgp_keys,omitempty"`
	Backup          bool     `json:"backup,omitempty"`
}

type RekeyResponse added in v0.3.0 

type RekeyResponse struct {
	Errors   []string `json:"errors"`
	Complete bool     `json:"complete"`
	Progress int      `json:"progress"`
	Required int      `json:"required"`
	Nonce    string   `json:"nonce"`
	Keys     []string `json:"keys"`
}

type RekeyUpdateOpts added in v0.3.0 

type RekeyUpdateOpts struct {
	Key   string `json:"key"`
	Nonce string `json:"nonce"`
}

type Secret 

type Secret struct {
	// contains filtered or unexported fields
}

A Secret contains a set of key/value pairs that store anything you want, including passwords, RSAKey keys, usernames, etc.

func NewSecret 

func NewSecret() *Secret

func (*Secret) DHParam added in v0.0.23 

func (s *Secret) DHParam(length int, skipIfExists bool) error

func (*Secret) Delete added in v0.1.5 

func (s *Secret) Delete(key string) bool

Delete removes the entry with the given key from the Secret. Returns true if there was a matching object to delete. False otherwise.

func (*Secret) Empty added in v0.1.5 

func (s *Secret) Empty() bool

Empty returns true if there are no key-value pairs in this Secret object. False otherwise.

func (*Secret) Format added in v0.0.14 

func (s *Secret) Format(oldKey, newKey, fmtType string, skipIfExists bool) error

func (*Secret) Get 

func (s *Secret) Get(key string) string

Get retrieves the value of the given key, or "" if no such key exists.

func (*Secret) Has 

func (s *Secret) Has(key string) bool

Has returns true if the Secret has defined the given key.

func (*Secret) JSON 

func (s *Secret) JSON() string

JSON converts a Secret to its JSON representation and returns it as a string. Returns an empty string if there were any errors.

func (*Secret) Keys added in v0.1.8 

func (s *Secret) Keys() []string

func (Secret) MarshalJSON added in v0.0.3 

func (s Secret) MarshalJSON() ([]byte, error)

func (*Secret) Password 

func (s *Secret) Password(key string, length int, policy string, skipIfExists bool) error

Password creates and stores a new randomized password.

func (*Secret) RSAKey 

func (s *Secret) RSAKey(bits int, skipIfExists bool) error

RSAKey generates a new public/private keypair, and stores it in the secret, under the 'public' and 'private' keys.

func (*Secret) SSHKey 

func (s *Secret) SSHKey(bits int, skipIfExists bool) error

SSHKey generates a new public/private keypair, and stores it in the secret, under the 'public' and 'private' keys.

func (*Secret) Set 

func (s *Secret) Set(key, value string, skipIfExists bool) error

Set stores a value in the Secret, under the given key.

func (*Secret) SingleValue added in v0.0.26 

func (s *Secret) SingleValue() (string, error)

SingleValue converts a secret to a string representing the value extracted. Returns an error if there are not exactly one results in the secret object

func (*Secret) UnmarshalJSON added in v0.0.3 

func (s *Secret) UnmarshalJSON(b []byte) error

func (Secret) X509 added in v0.1.4 

func (s Secret) X509(requireKey bool) (*X509, error)

func (*Secret) YAML 

func (s *Secret) YAML() string

YAML converts a Secret to its YAML representation and returns it as a string. Returns an empty string if there were any errors.

type TreeOptions added in v0.0.26 

type TreeOptions struct {
	UseANSI      bool /* Use ANSI colorizing sequences */
	HideLeaves   bool /* Hide leaf nodes of the tree (actual secrets) */
	ShowKeys     bool /* Include keys in the output */
	InSubbranch  bool /* If true, suppresses key output on branches */
	StripSlashes bool /* If true, strip the trailing slashes from interior nodes */
}

type Vault 

type Vault struct {
	URL    string
	Token  string
	Client *http.Client
}

A Vault represents a means for interacting with a remote Vault instance (unsealed and pre-authenticated) to read and write secrets.

func NewVault 

func NewVault(url, token string, auth bool) (*Vault, error)

NewVault creates a new Vault object. If an empty token is specified, the current user's token is read from ~/.vault-token.

func (*Vault) CheckPKIBackend added in v0.1.3 

func (v *Vault) CheckPKIBackend(backend string) error

func (*Vault) Configure added in v0.0.26 

func (v *Vault) Configure(path string, params map[string]string) error

func (*Vault) Copy 

func (v *Vault) Copy(oldpath, newpath string, skipIfExists bool, quiet bool) error

Copy copies secrets from one path to another. With a secret:key specified: key -> key is good. key -> no-key is okay - we assume to keep old key name no-key -> key is bad. That makes no sense and the user should feel bad. Returns KeyNotFoundError if there is no such specified key in the secret at oldpath

func (*Vault) CreateSignedCertificate added in v0.0.22 

func (v *Vault) CreateSignedCertificate(backend, role, path string, params CertOptions, skipIfExists bool) error

func (*Vault) Curl added in v0.0.22 

func (v *Vault) Curl(method string, path string, body []byte) (*http.Response, error)

func (*Vault) Delete 

func (v *Vault) Delete(path string) error

Delete removes the secret or key stored at the specified path.

func (*Vault) DeleteTree added in v0.0.21 

func (v *Vault) DeleteTree(root string) error

DeleteTree recursively deletes the leaf nodes beneath the given root until the root has no children, and then deletes that.

func (*Vault) FindSigningCA added in v0.8.0 

func (v *Vault) FindSigningCA(cert *X509, certPath string, signPath string) (*X509, string, error)

func (*Vault) Init added in v0.6.0 

func (v *Vault) Init(nkeys, threshold int) ([]string, string, error)

func (*Vault) IsMounted added in v0.0.26 

func (v *Vault) IsMounted(typ, path string) (bool, error)

func (*Vault) List added in v0.0.3 

func (v *Vault) List(path string) (paths []string, err error)

List returns the set of (relative) paths that are directly underneath the given path. Intermediate path nodes are suffixed with a single "/", whereas leaf nodes (the secrets themselves) are not.

func (*Vault) Mount added in v0.0.26 

func (v *Vault) Mount(typ, path string, params map[string]interface{}) error

func (*Vault) Mounts added in v0.4.3 

func (v *Vault) Mounts(typ string) ([]string, error)

func (*Vault) Move 

func (v *Vault) Move(oldpath, newpath string, skipIfExists bool, quiet bool) error

Move moves secrets from one path to another. A move is semantically a copy and then a deletion of the original item. For more information on the behavior of Move pertaining to keys, look at Copy.

func (*Vault) MoveCopyTree added in v0.0.21 

func (v *Vault) MoveCopyTree(oldRoot, newRoot string, f func(string, string, bool, bool) error, skipIfExists bool, quiet bool) error

MoveCopyTree will recursively copy all nodes from the root to the new location. This function will get confused about 'secret:key' syntax, so don't let those get routed here - they don't make sense for a recursion anyway.

func (*Vault) NewRootToken added in v0.7.0 

func (v *Vault) NewRootToken(keys []string) (string, error)

func (*Vault) ReKey added in v0.3.0 

func (v *Vault) ReKey(unsealKeyCount, numToUnseal int, pgpKeys []string) ([]string, error)

func (*Vault) Read 

func (v *Vault) Read(path string) (secret *Secret, err error)

Read checks the Vault for a Secret at the specified path, and returns it. If there is nothing at that path, a nil *Secret will be returned, with no error.

func (*Vault) RenewLease added in v0.6.0 

func (v *Vault) RenewLease() error

func (*Vault) RetrievePem added in v0.0.22 

func (v *Vault) RetrievePem(backend, path string) ([]byte, error)

func (*Vault) RevokeCertificate added in v0.0.22 

func (v *Vault) RevokeCertificate(backend, serial string) error

func (*Vault) SaveSealKeys added in v0.8.1 

func (v *Vault) SaveSealKeys(keys []string)

func (*Vault) Seal added in v0.0.28 

func (v *Vault) Seal() (bool, error)

func (*Vault) SealKeys added in v0.0.28 

func (v *Vault) SealKeys() (int, error)

func (*Vault) Strongbox added in v0.0.28 

func (v *Vault) Strongbox() (map[string]string, error)

func (*Vault) Tree added in v0.0.3 

func (v *Vault) Tree(path string, options TreeOptions) (tree.Node, error)

Tree returns a tree that represents the hierarchy of paths contained below the given path, inside of the Vault.

func (*Vault) Unseal added in v0.0.28 

func (v *Vault) Unseal(keys []string) error

func (*Vault) Write 

func (v *Vault) Write(path string, s *Secret) error

Write takes a Secret and writes it to the Vault at the specified path.

type X509 added in v0.1.4 

type X509 struct {
	Intermediaries []*x509.Certificate
	Certificate    *x509.Certificate
	PrivateKey     *rsa.PrivateKey
	Serial         *big.Int
	CRL            *pkix.CertificateList

	KeyUsage    x509.KeyUsage
	ExtKeyUsage []x509.ExtKeyUsage
}

func NewCertificate added in v0.1.4 

func NewCertificate(subj string, names, keyUsage []string, bits int) (*X509, error)

func (X509) CheckStrength added in v0.1.4 

func (x X509) CheckStrength(bits ...int) error

func (X509) Expired added in v0.1.4 

func (x X509) Expired() bool

func (*X509) HasRevoked added in v0.1.4 

func (ca *X509) HasRevoked(cert *X509) bool

func (*X509) IntermediarySubject added in v0.9.3 

func (x *X509) IntermediarySubject(n int) string

func (X509) IsCA added in v0.1.4 

func (x X509) IsCA() bool

func (*X509) Issuer added in v0.2.0 

func (x *X509) Issuer() string

func (*X509) MakeCA added in v0.1.4 

func (x *X509) MakeCA(serial int64)

func (*X509) Revoke added in v0.1.4 

func (ca *X509) Revoke(cert *X509)

func (*X509) SaveTo added in v0.8.0 

func (ca *X509) SaveTo(v *Vault, path string, skipIfExists bool) error

func (X509) Secret added in v0.1.4 

func (x X509) Secret(skipIfExists bool) (*Secret, error)

func (*X509) Sign added in v0.1.4 

func (ca *X509) Sign(x *X509, ttl time.Duration) error

func (*X509) Subject added in v0.2.0 

func (x *X509) Subject() string

func (X509) ValidFor added in v0.1.4 

func (x X509) ValidFor(names ...string) (bool, error)

func (X509) ValidForDomain added in v0.1.4 

func (x X509) ValidForDomain(domain string) bool

func (X509) ValidForEmail added in v0.1.4 

func (x X509) ValidForEmail(email string) bool

func (X509) ValidForIP added in v0.1.4 

func (x X509) ValidForIP(ip net.IP) bool

func (X509) Validate added in v0.1.4 

func (x X509) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.