README
¶
Certmagic Storage Backend for NATS KV
This library allows you to use NATS KV as a key/certificate storage backend for Certmagic.
Using it wit Caddy
Enable the nats storage module in your Caddyfile:
{
storage nats {
hosts "tls://nats01.example.com,tls://nats02.example.com,tls://nats03.example.com"
bucket "caddy_store"
creds "/etc/caddy/caddy.creds"
inbox_prefix "_CADDYINBOX"
connection_name "caddy"
}
}
:443 {
}
Nats permissions
Pub Allow:
$JS.API.CONSUMER.CREATE.KV_caddy_store
$JS.API.CONSUMER.DELETE.KV_caddy_store.>
$JS.API.STREAM.INFO.KV_caddy_store
$JS.API.STREAM.LIST
$JS.API.STREAM.MSG.GET.KV_caddy_store
$JS.API.STREAM.NAMES
$KV.caddy_store.>
Sub Allow
_CADDYINBOX.>
Documentation
¶
Index ¶
- type Nats
- func (Nats) CaddyModule() caddy.ModuleInfo
- func (n *Nats) CertMagicStorage() (certmagic.Storage, error)
- func (n *Nats) Delete(ctx context.Context, key string) error
- func (n *Nats) Exists(ctx context.Context, key string) bool
- func (n *Nats) List(ctx context.Context, prefix string, recursive bool) ([]string, error)
- func (n *Nats) Load(ctx context.Context, key string) ([]byte, error)
- func (n *Nats) Lock(ctx context.Context, key string) error
- func (n *Nats) Provision(ctx caddy.Context) error
- func (n *Nats) Stat(ctx context.Context, key string) (certmagic.KeyInfo, error)
- func (n *Nats) Store(ctx context.Context, key string, value []byte) error
- func (n *Nats) Unlock(ctx context.Context, key string) error
- func (n *Nats) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Nats ¶
type Nats struct {
Client nats.KeyValue
Hosts string `json:"hosts"`
Bucket string `json:"bucket"`
Creds string `json:"creds"`
InboxPrefix string `json:"inbox_prefix"`
ConnectionName string `json:"connection_name"`
// contains filtered or unexported fields
}
func (Nats) CaddyModule ¶
func (Nats) CaddyModule() caddy.ModuleInfo
func (*Nats) CertMagicStorage ¶
CertMagicStorage converts s to a certmagic.Storage instance.
func (*Nats) Lock ¶
Lock acquires the lock for key, blocking until the lock can be obtained or an error is returned. Note that, even after acquiring a lock, an idempotent operation may have already been performed by another process that acquired the lock before - so always check to make sure idempotent operations still need to be performed after acquiring the lock.
The actual implementation of obtaining of a lock must be an atomic operation so that multiple Lock calls at the same time always results in only one caller receiving the lock at any given time.
To prevent deadlocks, all implementations (where this concern is relevant) should put a reasonable expiration on the lock in case Unlock is unable to be called due to some sort of network failure or system crash.
Source Files