Documentation ¶
Index ¶
Constants ¶
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
func NewConfigFromEnv ¶
type FileConfig ¶
type FileConfig struct {
// contains filtered or unexported fields
}
func (*FileConfig) Parse ¶
func (c *FileConfig) Parse() (Profiles, error)
type KeyringProvider ¶
func (*KeyringProvider) Delete ¶
func (p *KeyringProvider) Delete() error
func (*KeyringProvider) IsExpired ¶
func (p *KeyringProvider) IsExpired() bool
func (*KeyringProvider) Retrieve ¶
func (p *KeyringProvider) Retrieve() (val credentials.Value, err error)
func (*KeyringProvider) Store ¶
func (p *KeyringProvider) Store(val credentials.Value) error
type KeyringSessions ¶
func NewKeyringSessions ¶
func NewKeyringSessions(k keyring.Keyring, p Profiles) (*KeyringSessions, error)
func (*KeyringSessions) Delete ¶
func (s *KeyringSessions) Delete(profile string) (n int, err error)
func (*KeyringSessions) Retrieve ¶
func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)
func (*KeyringSessions) Store ¶
func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error
type Profiles ¶
func (Profiles) SourceProfile ¶
SourceProfile returns either the defined source_profile or profileKey if none exists
type VaultCredentials ¶
type VaultCredentials struct { *credentials.Credentials // contains filtered or unexported fields }
func NewVaultCredentials ¶
func NewVaultCredentials(k keyring.Keyring, profile string, opts VaultOptions) (*VaultCredentials, error)
func (*VaultCredentials) Expires ¶
func (v *VaultCredentials) Expires() time.Time
type VaultOptions ¶
type VaultOptions struct { SessionDuration time.Duration AssumeRoleDuration time.Duration ExpiryWindow time.Duration MfaToken string MfaPrompt prompt.PromptFunc NoSession bool Profiles Profiles MasterCreds *credentials.Value }
func (VaultOptions) ApplyDefaults ¶
func (o VaultOptions) ApplyDefaults() VaultOptions
func (VaultOptions) Validate ¶
func (o VaultOptions) Validate() error
type VaultProvider ¶
type VaultProvider struct { credentials.Expiry VaultOptions // contains filtered or unexported fields }
func NewVaultProvider ¶
func NewVaultProvider(k keyring.Keyring, profile string, opts VaultOptions) (*VaultProvider, error)
func (*VaultProvider) Retrieve ¶
func (p *VaultProvider) Retrieve() (credentials.Value, error)
Retrieve returns credentials protected by a GetSessionToken. If there is an associated role in the profile then AssumeRole is applied. The benefit of a session is that it doesn't require MFA or a user prompt to access the keychain item, much like sudo.
func (*VaultProvider) RetrieveWithoutSessionToken ¶
func (p *VaultProvider) RetrieveWithoutSessionToken() (credentials.Value, error)
RetrieveWithoutSessionToken returns credentials that are either the master credentials or a session created with AssumeRole. This allows for usecases where a token created with AssumeRole wouldn't work.
Click to show internal directories.
Click to hide internal directories.