Documentation ¶
Overview ¶
Package vault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.
URLs ¶
For secrets.OpenKeeper, vault registers for the scheme "vault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" and "VAULT_SERVER_TOKEN". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://godoc.org/gocloud.dev#hdr-URLs for background information.
As ¶
vault does not support any types for As.
Example (Encrypt) ¶
package main import ( "context" "log" "github.com/hashicorp/vault/api" "gocloud.dev/secrets/vault" ) func main() { // Get a client to use with the Vault API. ctx := context.Background() client, err := vault.Dial(ctx, &vault.Config{ Token: "<Client (Root) Token>", APIConfig: api.Config{ Address: "http://127.0.0.1:8200", }, }) if err != nil { log.Fatal(err) } // Construct a *secrets.Keeper. keeper := vault.OpenKeeper(client, "my-key", nil) defer keeper.Close() // Now we can use keeper to encrypt or decrypt. plaintext := []byte("Hello, Secrets!") ciphertext, err := keeper.Encrypt(ctx, plaintext) if err != nil { log.Fatal(err) } decrypted, err := keeper.Decrypt(ctx, ciphertext) if err != nil { log.Fatal(err) } _ = decrypted }
Output:
Example (OpenKeeper) ¶
package main import ( "context" "log" "gocloud.dev/secrets" ) func main() { ctx := context.Background() // OpenKeeper creates a *secrets.Keeper from a URL. // The default opener dials a default Vault server based on the environment // variables VAULT_SERVER_URL and VAULT_SERVER_TOKEN. keeper, err := secrets.OpenKeeper(ctx, "vault://mykey") if err != nil { log.Fatal(err) } defer keeper.Close() }
Output:
Index ¶
Examples ¶
Constants ¶
const Scheme = "vault"
Scheme is the URL scheme vault registers its URLOpener under on secrets.DefaultMux.
Variables ¶
This section is empty.
Functions ¶
func OpenKeeper ¶ added in v0.13.0
OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.
Types ¶
type Config ¶
type Config struct { // Token is the access token the Vault client uses to talk to the server. // See https://www.vaultproject.io/docs/concepts/tokens.html for more // information. Token string // APIConfig is used to configure the creation of the client. APIConfig api.Config }
Config is the authentication configurations of the Vault server.
type KeeperOptions ¶
type KeeperOptions struct{}
KeeperOptions controls Keeper behaviors. It is provided for future extensibility.
type URLOpener ¶ added in v0.12.0
type URLOpener struct { // Client must be non-nil. Client *api.Client // Options specifies the options to pass to OpenKeeper. Options KeeperOptions }
URLOpener opens Vault URLs like "vault://mykey".
The URL Host + Path are used as the keyID.
No query parameters are supported.