Versions in this module Expand all Collapse all v1 v1.1.1 Mar 21, 2019 Changes in this version + const EnvRateLimit + const EnvVaultAddress + const EnvVaultAgentAddr + const EnvVaultCACert + const EnvVaultCAPath + const EnvVaultClientCert + const EnvVaultClientKey + const EnvVaultClientTimeout + const EnvVaultMFA + const EnvVaultMaxRetries + const EnvVaultNamespace + const EnvVaultSkipVerify + const EnvVaultTLSServerName + const EnvVaultToken + const EnvVaultWrapTTL + const ErrOutputStringRequest + const SSHHelperDefaultMountPoint + const VerifyEchoRequest + const VerifyEchoResponse + var DefaultRenewerRenewBuffer = 5 + var DefaultWrappingLookupFunc = func(operation, path string) string + var DefaultWrappingTTL = "5m" + var ErrRenewerMissingInput = errors.New("missing input to renewer") + var ErrRenewerMissingSecret = errors.New("missing secret to renew") + var ErrRenewerNoSecretData = errors.New("returned empty secret data") + var ErrRenewerNotRenewable = errors.New("secret is not renewable") + type Audit struct + Description string + Local bool + Options map[string]string + Path string + Type string + type Auth struct + func (a *Auth) Token() *TokenAuth + type AuthConfigInput = MountConfigInput + type AuthConfigOutput = MountConfigOutput + type AuthMount = MountOutput + type CORSRequest struct + AllowedOrigins string + Enabled bool + type CORSResponse struct + AllowedOrigins string + Enabled bool + type Client struct + func NewClient(c *Config) (*Client, error) + func (c *Client) Address() string + func (c *Client) Auth() *Auth + func (c *Client) ClearToken() + func (c *Client) Clone() (*Client, error) + func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc + func (c *Client) Headers() http.Header + func (c *Client) Help(path string) (*Help, error) + func (c *Client) Logical() *Logical + func (c *Client) NewRenewer(i *RenewerInput) (*Renewer, error) + func (c *Client) NewRequest(method, requestPath string) *Request + func (c *Client) OutputCurlString() bool + func (c *Client) RawRequest(r *Request) (*Response, error) + func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error) + func (c *Client) SSH() *SSH + func (c *Client) SSHHelper() *SSHHelper + func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper + func (c *Client) SSHWithMountPoint(mountPoint string) *SSH + func (c *Client) SetAddress(addr string) error + func (c *Client) SetBackoff(backoff retryablehttp.Backoff) + func (c *Client) SetClientTimeout(timeout time.Duration) + func (c *Client) SetHeaders(headers http.Header) + func (c *Client) SetLimiter(rateLimit float64, burst int) + func (c *Client) SetMFACreds(creds []string) + func (c *Client) SetMaxRetries(retries int) + func (c *Client) SetNamespace(namespace string) + func (c *Client) SetOutputCurlString(curl bool) + func (c *Client) SetPolicyOverride(override bool) + func (c *Client) SetToken(v string) + func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc) + func (c *Client) Sys() *Sys + func (c *Client) Token() string + type Config struct + Address string + AgentAddress string + Backoff retryablehttp.Backoff + Error error + HttpClient *http.Client + Limiter *rate.Limiter + MaxRetries int + OutputCurlString bool + Timeout time.Duration + func DefaultConfig() *Config + func (c *Config) ConfigureTLS(t *TLSConfig) error + func (c *Config) ReadEnvironment() error + type DeregisterPluginInput struct + Name string + Type consts.PluginType + type EnableAuditOptions struct + Description string + Local bool + Options map[string]string + Type string + type EnableAuthOptions = MountInput + type ErrorResponse struct + Errors []string + type GenerateRootStatusResponse struct + Complete bool + EncodedRootToken string + EncodedToken string + Nonce string + OTP string + OTPLength int + PGPFingerprint string + Progress int + Required int + Started bool + type GetPluginInput struct + Name string + Type consts.PluginType + type GetPluginResponse struct + Args []string + Builtin bool + Command string + Name string + SHA256 string + type HealthResponse struct + ClusterID string + ClusterName string + Initialized bool + LastWAL uint64 + PerformanceStandby bool + ReplicationDRMode string + ReplicationPerformanceMode string + Sealed bool + ServerTimeUTC int64 + Standby bool + Version string + type Help struct + Help string + SeeAlso []string + type InitRequest struct + PGPKeys []string + RecoveryPGPKeys []string + RecoveryShares int + RecoveryThreshold int + RootTokenPGPKey string + SecretShares int + SecretThreshold int + StoredShares int + type InitResponse struct + Keys []string + KeysB64 []string + RecoveryKeys []string + RecoveryKeysB64 []string + RootToken string + type InitStatusResponse struct + Initialized bool + type KeyStatus struct + InstallTime time.Time + Term int + type LeaderResponse struct + HAEnabled bool + IsSelf bool + LastWAL uint64 + LeaderAddress string + LeaderClusterAddress string + PerfStandby bool + PerfStandbyLastRemoteWAL uint64 + type ListPluginsInput struct + Type consts.PluginType + type ListPluginsResponse struct + Names []string + PluginsByType map[consts.PluginType][]string + type Logical struct + func (c *Logical) Delete(path string) (*Secret, error) + func (c *Logical) List(path string) (*Secret, error) + func (c *Logical) Read(path string) (*Secret, error) + func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error) + func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) + func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error) + type MountConfigInput struct + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL string + Description *string + ForceNoCache bool + ListingVisibility string + MaxLeaseTTL string + Options map[string]string + PassthroughRequestHeaders []string + PluginName string + TokenType string + type MountConfigOutput struct + AllowedResponseHeaders []string + AuditNonHMACRequestKeys []string + AuditNonHMACResponseKeys []string + DefaultLeaseTTL int + ForceNoCache bool + ListingVisibility string + MaxLeaseTTL int + PassthroughRequestHeaders []string + PluginName string + TokenType string + type MountInput struct + Config MountConfigInput + Description string + Local bool + Options map[string]string + PluginName string + SealWrap bool + Type string + type MountOutput struct + Accessor string + Config MountConfigOutput + Description string + Local bool + Options map[string]string + SealWrap bool + Type string + type OutputStringError struct + var LastOutputStringError *OutputStringError + func (d *OutputStringError) CurlString() string + func (d *OutputStringError) Error() string + type RegisterPluginInput struct + Args []string + Command string + Name string + SHA256 string + Type consts.PluginType + type RekeyInitRequest struct + Backup bool + PGPKeys []string + RequireVerification bool + SecretShares int + SecretThreshold int + StoredShares int + type RekeyRetrieveResponse struct + Keys map[string][]string + KeysB64 map[string][]string + Nonce string + type RekeyStatusResponse struct + Backup bool + N int + Nonce string + PGPFingerprints []string + Progress int + Required int + Started bool + T int + VerificationNonce string + VerificationRequired bool + type RekeyUpdateResponse struct + Backup bool + Complete bool + Keys []string + KeysB64 []string + Nonce string + PGPFingerprints []string + VerificationNonce string + VerificationRequired bool + type RekeyVerificationStatusResponse struct + N int + Nonce string + Progress int + Started bool + T int + type RekeyVerificationUpdateResponse struct + Complete bool + Nonce string + type RenewOutput struct + RenewedAt time.Time + Secret *Secret + type Renewer struct + func (r *Renewer) DoneCh() <-chan error + func (r *Renewer) Renew() + func (r *Renewer) RenewCh() <-chan *RenewOutput + func (r *Renewer) Stop() + type RenewerInput struct + Grace time.Duration + Increment int + Rand *rand.Rand + RenewBuffer int + Secret *Secret + type Request struct + Body io.Reader + BodyBytes []byte + BodySize int64 + ClientToken string + Headers http.Header + MFAHeaderVals []string + Method string + Obj interface{} + Params url.Values + PolicyOverride bool + URL *url.URL + WrapTTL string + func (r *Request) ResetJSONBody() error + func (r *Request) SetJSONBody(val interface{}) error + func (r *Request) ToHTTP() (*http.Request, error) + type Response struct + func (r *Response) DecodeJSON(out interface{}) error + func (r *Response) Error() error + type RevokeOptions struct + Force bool + LeaseID string + Prefix bool + Sync bool + type SSH struct + MountPoint string + func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, error) + func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error) + type SSHHelper struct + MountPoint string + func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) + type SSHHelperConfig struct + AllowedCidrList string + AllowedRoles string + CACert string + CAPath string + SSHMountPoint string + TLSServerName string + TLSSkipVerify bool + VaultAddr string + func LoadSSHHelperConfig(path string) (*SSHHelperConfig, error) + func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) + func (c *SSHHelperConfig) NewClient() (*Client, error) + func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.CertPool) + type SSHVerifyResponse struct + IP string + Message string + RoleName string + Username string + type SealStatusResponse struct + ClusterID string + ClusterName string + Initialized bool + Migration bool + N int + Nonce string + Progress int + RecoverySeal bool + Sealed bool + T int + Type string + Version string + type Secret struct + Auth *SecretAuth + Data map[string]interface{} + LeaseDuration int + LeaseID string + Renewable bool + RequestID string + Warnings []string + WrapInfo *SecretWrapInfo + func ParseSecret(r io.Reader) (*Secret, error) + func (s *Secret) TokenAccessor() (string, error) + func (s *Secret) TokenID() (string, error) + func (s *Secret) TokenIsRenewable() (bool, error) + func (s *Secret) TokenMetadata() (map[string]string, error) + func (s *Secret) TokenPolicies() ([]string, error) + func (s *Secret) TokenRemainingUses() (int, error) + func (s *Secret) TokenTTL() (time.Duration, error) + type SecretAuth struct + Accessor string + ClientToken string + IdentityPolicies []string + LeaseDuration int + Metadata map[string]string + Orphan bool + Policies []string + Renewable bool + TokenPolicies []string + type SecretWrapInfo struct + Accessor string + CreationPath string + CreationTime time.Time + TTL int + Token string + WrappedAccessor string + type Sys struct + func (c *Sys) AuditHash(path string, input string) (string, error) + func (c *Sys) CORSStatus() (*CORSResponse, error) + func (c *Sys) Capabilities(token, path string) ([]string, error) + func (c *Sys) CapabilitiesSelf(path string) ([]string, error) + func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error) + func (c *Sys) DeletePolicy(name string) error + func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error + func (c *Sys) DisableAudit(path string) error + func (c *Sys) DisableAuth(path string) error + func (c *Sys) DisableCORS() (*CORSResponse, error) + func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error + func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error + func (c *Sys) EnableAuth(path, authType, desc string) error + func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error + func (c *Sys) GenerateDROperationTokenCancel() error + func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootCancel() error + func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error) + func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) + func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) + func (c *Sys) GetPolicy(name string) (string, error) + func (c *Sys) Health() (*HealthResponse, error) + func (c *Sys) Init(opts *InitRequest) (*InitResponse, error) + func (c *Sys) InitStatus() (bool, error) + func (c *Sys) KeyStatus() (*KeyStatus, error) + func (c *Sys) Leader() (*LeaderResponse, error) + func (c *Sys) ListAudit() (map[string]*Audit, error) + func (c *Sys) ListAuth() (map[string]*AuthMount, error) + func (c *Sys) ListMounts() (map[string]*MountOutput, error) + func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) + func (c *Sys) ListPolicies() ([]string, error) + func (c *Sys) Mount(path string, mountInfo *MountInput) error + func (c *Sys) MountConfig(path string) (*MountConfigOutput, error) + func (c *Sys) PutPolicy(name, rules string) error + func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error + func (c *Sys) RekeyCancel() error + func (c *Sys) RekeyDeleteBackup() error + func (c *Sys) RekeyDeleteRecoveryBackup() error + func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyCancel() error + func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) + func (c *Sys) RekeyRecoveryKeyVerificationCancel() error + func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) + func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) + func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) + func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) + func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) + func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) + func (c *Sys) RekeyVerificationCancel() error + func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) + func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) + func (c *Sys) Remount(from, to string) error + func (c *Sys) Renew(id string, increment int) (*Secret, error) + func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error) + func (c *Sys) Revoke(id string) error + func (c *Sys) RevokeForce(id string) error + func (c *Sys) RevokePrefix(id string) error + func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error + func (c *Sys) Rotate() error + func (c *Sys) Seal() error + func (c *Sys) SealStatus() (*SealStatusResponse, error) + func (c *Sys) StepDown() error + func (c *Sys) TuneMount(path string, config MountConfigInput) error + func (c *Sys) Unmount(path string) error + func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) + func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error) + type TLSConfig struct + CACert string + CAPath string + ClientCert string + ClientKey string + Insecure bool + TLSServerName string + type TokenAuth struct + func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) + func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error) + func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error) + func (c *TokenAuth) Lookup(token string) (*Secret, error) + func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) + func (c *TokenAuth) LookupSelf() (*Secret, error) + func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) + func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) + func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error) + func (c *TokenAuth) RevokeAccessor(accessor string) error + func (c *TokenAuth) RevokeOrphan(token string) error + func (c *TokenAuth) RevokeSelf(token string) error + func (c *TokenAuth) RevokeTree(token string) error + type TokenCreateRequest struct + DisplayName string + ExplicitMaxTTL string + ID string + Lease string + Metadata map[string]string + NoDefaultPolicy bool + NoParent bool + NumUses int + Period string + Policies []string + Renewable *bool + TTL string + Type string + type UnsealOpts struct + Key string + Migrate bool + Reset bool + type WrappingLookupFunc func(operation, path string) string