vault

Documentation

Overview

Package vault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use NewKeeper to construct a *secrets.Keeper.

As

vault does not support any types for As.

Example (Encrypt)

package main

import (
	"context"
	"log"

	"github.com/hashicorp/vault/api"
	"gocloud.dev/secrets/vault"
)

func main() {

	// Get a client to use with the Vault API.
	ctx := context.Background()
	client, err := vault.Dial(ctx, &vault.Config{
		Token: "<Client (Root) Token>",
		APIConfig: &api.Config{
			Address: "http://127.0.0.1:8200",
		},
	})

	// Construct a *secrets.Keeper.
	keeper := vault.NewKeeper(client, "my-key", nil)

	// Now we can use keeper to encrypt or decrypt.
	plaintext := []byte("Hello, Secrets!")
	ciphertext, err := keeper.Encrypt(ctx, plaintext)
	if err != nil {
		log.Fatal(err)
	}
	decrypted, err := keeper.Decrypt(ctx, ciphertext)
	_ = decrypted
}

Index

• func Dial(ctx context.Context, cfg *Config) (*api.Client, error)
• func NewKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper
• type Config
• type KeeperOptions

Examples

• Package (Encrypt)

Functions

func Dial

func Dial(ctx context.Context, cfg *Config) (*api.Client, error)

Dial gets a Vault client.

func NewKeeper

func NewKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper

NewKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.

Types

type Config

type Config struct {
	// Token is the access token the Vault client uses to talk to the server.
	// See https://www.vaultproject.io/docs/concepts/tokens.html for more
	// information.
	Token     string
	APIConfig *api.Config
}

Config is the authentication configurations of the Vault server.

type KeeperOptions

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.