vault

package
v4.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2017 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MaxSessionDuration    = time.Hour * 36
	MinSessionDuration    = time.Minute * 15
	MinAssumeRoleDuration = time.Minute * 15
	MaxAssumeRoleDuration = time.Hour

	DefaultSessionDuration    = time.Hour * 4
	DefaultAssumeRoleDuration = time.Minute * 15
)

Variables

This section is empty.

Functions

func FormatCredentialError

func FormatCredentialError(profileKey string, from Profiles, err error) string

Types

type Config

type Config interface {
	Parse() (Profiles, error)
}

func NewConfigFromEnv

func NewConfigFromEnv() (Config, error)

type FileConfig

type FileConfig struct {
	// contains filtered or unexported fields
}

func (*FileConfig) Parse

func (c *FileConfig) Parse() (Profiles, error)

type KeyringProvider

type KeyringProvider struct {
	Keyring keyring.Keyring
	Profile string
}

func (*KeyringProvider) Delete

func (p *KeyringProvider) Delete() error

func (*KeyringProvider) IsExpired

func (p *KeyringProvider) IsExpired() bool

func (*KeyringProvider) Retrieve

func (p *KeyringProvider) Retrieve() (val credentials.Value, err error)

func (*KeyringProvider) Store

func (p *KeyringProvider) Store(val credentials.Value) error

type KeyringSessions

type KeyringSessions struct {
	Keyring  keyring.Keyring
	Profiles Profiles
}

func NewKeyringSessions

func NewKeyringSessions(k keyring.Keyring, p Profiles) (*KeyringSessions, error)

func (*KeyringSessions) Delete

func (s *KeyringSessions) Delete(profile string) (n int, err error)

func (*KeyringSessions) Retrieve

func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)

func (*KeyringSessions) Store

func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error

type Profiles

type Profiles map[string]map[string]string

func (Profiles) SourceProfile

func (p Profiles) SourceProfile(profileKey string) string

SourceProfile returns either the defined source_profile or profileKey if none exists

type VaultCredentials

type VaultCredentials struct {
	*credentials.Credentials
	// contains filtered or unexported fields
}

func NewVaultCredentials

func NewVaultCredentials(k keyring.Keyring, profile string, opts VaultOptions) (*VaultCredentials, error)

func (*VaultCredentials) Expires

func (v *VaultCredentials) Expires() time.Time

type VaultOptions

type VaultOptions struct {
	SessionDuration    time.Duration
	AssumeRoleDuration time.Duration
	ExpiryWindow       time.Duration
	MfaToken           string
	MfaPrompt          prompt.PromptFunc
	NoSession          bool
	Profiles           Profiles
	MasterCreds        *credentials.Value
}

func (VaultOptions) ApplyDefaults

func (o VaultOptions) ApplyDefaults() VaultOptions

func (VaultOptions) Validate

func (o VaultOptions) Validate() error

type VaultProvider

type VaultProvider struct {
	credentials.Expiry
	VaultOptions
	// contains filtered or unexported fields
}

func NewVaultProvider

func NewVaultProvider(k keyring.Keyring, profile string, opts VaultOptions) (*VaultProvider, error)

func (*VaultProvider) Retrieve

func (p *VaultProvider) Retrieve() (credentials.Value, error)

Retrieve returns credentials protected by a GetSessionToken. If there is an associated role in the profile then AssumeRole is applied. The benefit of a session is that it doesn't require MFA or a user prompt to access the keychain item, much like sudo.

func (*VaultProvider) RetrieveWithoutSessionToken

func (p *VaultProvider) RetrieveWithoutSessionToken() (credentials.Value, error)

RetrieveWithoutSessionToken returns credentials that are either the master credentials or a session created with AssumeRole. This allows for usecases where a token created with AssumeRole wouldn't work.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL