vault

Documentation

Index

• Constants
• type Client
  • func NewClient() (*Client, error)
  • func (c *Client) ReadKV(spec *SecretSpec) (*api.KVSecret, error)
• type KVReader
• type SecretSpec
  • func NewSecretSpec(s string) (*SecretSpec, error)
  • func (spec *SecretSpec) FormatSecret(secret *api.KVSecret) (string, error)

Constants

const (
	KVv1 = "v1"
	KVv2 = "v2"
)

Types

type Client

type Client struct {
	KVReader KVReader
}

Client thinly wraps a vault client. It provides a minimal subset of functionality required for interacting with KV stores.

func NewClient

func NewClient() (*Client, error)

NewClient returns a new vault client. Address and token initialization are handled internally. Any errors encountered during initialization (for instance due to lacking environment variables) are returned to the caller.

func (*Client) ReadKV

func (c *Client) ReadKV(spec *SecretSpec) (*api.KVSecret, error)

type KVReader

type KVReader interface {
	ReadKVv1(mount, path string) (*api.KVSecret, error)
	ReadKVv2(mount, path string) (*api.KVSecret, error)
}

type SecretSpec

type SecretSpec struct {
	Path            string   `mapstructure:"path"`
	Field           string   `mapstructure:"field"`
	B64             bool     `mapstructure:"b64"`
	MountVersion    string   `mapstructure:"ver"`
	Transformations []string `mapstructure:"transform"`
}

SecretSpec represents a single secret in a file to be patched.

func NewSecretSpec

func NewSecretSpec(s string) (*SecretSpec, error)

NewSecretSpec constructs and returns a new SecretSpec from a structured string s.

func (*SecretSpec) FormatSecret

func (spec *SecretSpec) FormatSecret(secret *api.KVSecret) (string, error)

FormatSecret returns a formatted secret value field from a vault KV secret, based on the spec's internally configured transformations.