vault

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrLeaseNotFound = errors.New("lease not found or is not renewable")
View Source 
var ErrPermissionDenied = errors.New("permission denied")

Functions

This section is empty.

Types

type AuthClient added in v0.13.0 

type AuthClient struct {
	Client *api.Client
	// contains filtered or unexported fields
}

func (*AuthClient) Save added in v0.13.0 

func (a *AuthClient) Save(path string) error

type Certificate added in v0.14.0 

type Certificate struct {
	Certificate string
	PrivateKey  string
	Expiration  int64
	Secret      *api.Secret
}

func (*Certificate) EnvVars added in v0.14.0 

func (c *Certificate) EnvVars() map[string]string

func (*Certificate) Save added in v0.14.0 

func (c *Certificate) Save(path string) error

type ClientFactory 

type ClientFactory interface {
	Create() (*AuthClient, error)
}

func NewFileAuthClientFactory added in v0.13.0 

func NewFileAuthClientFactory(vault *VaultConfig, path string) ClientFactory

func NewKubernetesAuthClientFactory 

func NewKubernetesAuthClientFactory(vault *VaultConfig, kube *KubernetesAuthConfig) ClientFactory

type Credentials 

type Credentials struct {
	Username        string
	Password        string
	Secret          *api.Secret
	LeaseExpireTime *string
}

func (*Credentials) EnvVars added in v0.14.0 

func (c *Credentials) EnvVars() map[string]string

func (*Credentials) Save added in v0.13.0 

func (c *Credentials) Save(path string) error

type CredentialsRenewer 

type CredentialsRenewer interface {
	Renew(ctx context.Context) error
	RevokeSelf(ctx context.Context)
	Run(ctx context.Context, c chan int)
	Save() error
}

func NewManager added in v0.14.0 

func NewManager(client *api.Client, secret Secret, lease time.Duration, renew time.Duration, provider *VaultSecretsProvider, template *template.Template, gateway *metrics.PushGateway, outPath string) CredentialsRenewer

type DefaultManager added in v0.14.0 

type DefaultManager struct {
	// contains filtered or unexported fields
}

func (*DefaultManager) Renew added in v0.14.0 

func (m *DefaultManager) Renew(ctx context.Context) error

func (*DefaultManager) RevokeSelf added in v0.14.0 

func (m *DefaultManager) RevokeSelf(ctx context.Context)

RevokeSelf this will attempt to revoke its own token

func (DefaultManager) Run added in v0.14.0 

func (m DefaultManager) Run(ctx context.Context, c chan int)

func (*DefaultManager) Save added in v0.14.0 

func (m *DefaultManager) Save() error

type FileSecretsProvider added in v0.14.0 

type FileSecretsProvider struct {
	// contains filtered or unexported fields
}

func (*FileSecretsProvider) Fetch added in v0.14.0 

func (c *FileSecretsProvider) Fetch() (Secret, error)

type FileVaultClientFactory added in v0.13.0 

type FileVaultClientFactory struct {
	// contains filtered or unexported fields
}

func (*FileVaultClientFactory) Create added in v0.13.0 

func (f *FileVaultClientFactory) Create() (*AuthClient, error)

type KubernetesAuthConfig 

type KubernetesAuthConfig struct {
	TokenFile string
	LoginPath string
	Role      string
}

type KubernetesVaultClientFactory added in v0.13.0 

type KubernetesVaultClientFactory struct {
	// contains filtered or unexported fields
}

KubernetesVaultClientFactory creates a Vault client authenticated against a kubernetes service account token

func (*KubernetesVaultClientFactory) Create added in v0.13.0 

func (f *KubernetesVaultClientFactory) Create() (*AuthClient, error)

Create returns a Vault client that has been authenticated with the service account token. It can be used to make other Vault requests

type Secret added in v0.14.0 

type Secret interface {
	Save(path string) error
	EnvVars() map[string]string
}

type SecretType added in v0.14.0 

type SecretType string
const (
	CredentialType  SecretType = "credential"
	CertificateType SecretType = "certificate"
)

type SecretsProvider added in v0.14.0 

type SecretsProvider interface {
	Fetch() (Secret, error)
}

func NewFileSecretsProvider added in v0.14.0 

func NewFileSecretsProvider(secretType SecretType, path string, options map[string]string) SecretsProvider

func NewVaultSecretsProvider added in v0.14.0 

func NewVaultSecretsProvider(client *api.Client, secretType SecretType, secretPath string, options map[string]string) SecretsProvider

type TLSConfig 

type TLSConfig struct {
	CACert string
	CAPath string
}

type VaultConfig 

type VaultConfig struct {
	VaultAddr string
	TLS       *TLSConfig
}

type VaultSecretsProvider added in v0.14.0 

type VaultSecretsProvider struct {
	// contains filtered or unexported fields
}

func (*VaultSecretsProvider) Fetch added in v0.14.0 

func (c *VaultSecretsProvider) Fetch() (Secret, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.