vault

package
v0.0.0-...-408f673 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2020 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultCertMountPoint    = "cert"
	DefaultPKIMountPoint     = "pki"
	DefaultAppRoleMountPoint = "approle"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthMethod 

type AuthMethod int
const (
	CERT AuthMethod
	TOKEN
	APPROLE
)

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func (*Client) Auth 

func (c *Client) Auth(path string, body map[string]interface{}) (*vapi.Secret, error)

TLSAuth authenticates to vault server with TLS certificate method

func (*Client) SetToken 

func (c *Client) SetToken(v string)

SetToken wraps vapi.Client.SetToken()

func (*Client) SignIntermediate 

func (c *Client) SignIntermediate(ttl string, csr []byte) (*SignCSRResponse, error)

SignIntermediate requests sign-intermediate endpoint to generate certificate. ttl = Issue Intermediate CA Certificate by given TTL csr = PEM format CSR see: https://www.vaultproject.io/api/secret/pki/index.html#sign-intermediate

type ClientParams 

type ClientParams struct {
	// A URL of Vault server. (e.g., https://vault.example.com:8443/)
	VaultAddr string
	// Name of mount point where PKI secret engine is mounted. (e.e., /<mount_point>/ca/pem )
	PKIMountPoint string
	// token string to use when auth method is 'token'
	Token string
	// Name of mount point where TLS Cert auth method is mounted. (e.g., /auth/<mount_point>/login )
	CertAuthMountPoint string
	// Path to a client certificate file to be used when auth method is 'cert'
	ClientCertPath string
	// Path to a client private key file to be used when auth method is 'cert'
	ClientKeyPath string
	// Path to a CA certificate file to be used when client verifies a server certificate
	CACertPath string
	// Name of mount point where AppRole auth method is mounted. (e.g., /auth/<mount_point>/login )
	AppRoleAuthMountPoint string
	// An identifier of AppRole
	AppRoleID string
	// A credential set of AppRole
	AppRoleSecretID string
	// If true, client accepts any certificates.
	// It should be used only test environment so on.
	TLSSKipVerify bool
	// MaxRetries controls the number of times to retry to connect
	// Set to 0 to disable retrying.
	// If the value is nil, to use the default in hashicorp/vault/api.
	MaxRetries *int
}

type Config 

type Config struct {
	Logger hclog.Logger
	// contains filtered or unexported fields
}

Config represents configuration parameters for vault client

func New 

func New(authMethod AuthMethod) *Config

New returns a new *Config with default parameters.

func (*Config) ConfigureTLS 

func (c *Config) ConfigureTLS(vc *vapi.Config) error

ConfigureTLS Configures TLS for Vault Client

func (*Config) NewAuthenticatedClient 

func (c *Config) NewAuthenticatedClient() (*Client, error)

NewAuthenticatedClient returns a new authenticated vault client

func (*Config) SetClientParams 

func (c *Config) SetClientParams(p *ClientParams) error

SetClientParams merges given p into c.clientParam

func (*Config) WithEnvVar 

func (c *Config) WithEnvVar() *Config

WithEnvVar set parameters with environment variables

type Renew 

type Renew struct {
	Logger hclog.Logger
	// contains filtered or unexported fields
}

func NewRenew 

func NewRenew(client *vapi.Client, secret *vapi.Secret) (*Renew, error)

func (*Renew) Run 

func (r *Renew) Run()

type SignCSRResponse 

type SignCSRResponse struct {
	// A certificate requested to sign
	CertPEM string
	// A certificate of CA(Vault)
	CACertPEM string
	// Set of Upstream CA certificates
	CACertChainPEM []string
}

SignCSRResponse includes certificates which are generates by Vault

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.