vault

Documentation

Overview

Package vault provides adapter to connect to vault server.

Index

• func RunProtoTypeSignCsrFlow() error
• type CA
  • func New() (*CA, error)
  • func (v *CA) GetKeyCertBundle() util.KeyCertBundle
  • func (v *CA) Sign(csrPEM []byte, ttl time.Duration) ([]byte, error)
  • func (v *CA) SignCAServerCert(csrPEM []byte, ttl time.Duration) ([]byte, error)

Functions

func RunProtoTypeSignCsrFlow

func RunProtoTypeSignCsrFlow() error

RunProtoTypeSignCsrFlow runs a prototyping signCsr flow, includes: - Create a connection to Vault - Mount Vault PKI - Set CA signing key and cert - Set workload role for issuing certificates - Sign CSR and print the certificate signed

Types

type CA

type CA struct {
}

CA connects to Vault to sign certificates.

func New

func New() (*CA, error)

New returns a new CA instance.

func (*CA) GetKeyCertBundle

func (v *CA) GetKeyCertBundle() util.KeyCertBundle

GetKeyCertBundle returns the KeyCertBundle for the CA.

func (*CA) Sign

func (v *CA) Sign(csrPEM []byte, ttl time.Duration) ([]byte, error)

Sign takes a PEM-encoded CSR and returns a signed certificate. If the CA is a multicluster CA, the signed certificate is a CA certificate (CA:TRUE in X509v3 Basic Constraints), otherwise, it is a workload certificate.

func (*CA) SignCAServerCert

func (v *CA) SignCAServerCert(csrPEM []byte, ttl time.Duration) ([]byte, error)

SignCAServerCert signs the certificate for the Istio CA server (to serve the CSR, etc).