Back to godoc.org

Package vault

v0.3.1
Latest Go to latest
Published: Jun 10, 2020 | License: Apache-2.0 | Module: github.com/banzaicloud/bank-vaults/pkg/sdk

Index

Package Files

Constants

const DefaultConfigFile = "vault-config.yml"

DefaultConfigFile is the name of the default config file

func NewData

func NewData(cas int, data map[string]interface{}) map[string]interface{}

NewData is a helper function for Vault KV Version two secret data creation

func NewRawClient

func NewRawClient() (*api.Client, error)

NewRawClient creates a new raw Vault client.

type Client

type Client struct {
	// Easy to use wrapper for transit secret engine calls
	Transit *Transit
	// contains filtered or unexported fields
}

Client is a Vault client with Kubernetes support, token automatic renewing and access to Transit Secret Engine wrapper

func NewClient

func NewClient(role string) (*Client, error)

NewClient creates a new Vault client.

func NewClientFromConfig

func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)

NewClientFromConfig creates a new Vault client from custom configuration.

func NewClientFromRawClient

func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)

NewClientFromRawClient creates a new Vault client from custom raw client.

func NewClientWithConfig

func NewClientWithConfig(config *vaultapi.Config, role, path string) (*Client, error)

NewClientWithConfig creates a new Vault client with custom configuration. Deprecated: use NewClientFromConfig instead.

func NewClientWithOptions

func NewClientWithOptions(opts ...ClientOption) (*Client, error)

NewClientWithOptions creates a new Vault client with custom options.

func (*Client) Close

func (client *Client) Close()

Close stops the token renewing process of this client

func (*Client) RawClient

func (client *Client) RawClient() *vaultapi.Client

RawClient returns the underlying raw Vault client.

func (*Client) Vault

func (client *Client) Vault() *vaultapi.Client

Vault returns the underlying hashicorp Vault client. Deprecated: use RawClient instead.

type ClientAuthPath

type ClientAuthPath string

ClientAuthPath is the mount path where the auth method is enabled.

type ClientOption

type ClientOption interface {
	// contains filtered or unexported methods
}

ClientOption configures a Vault client using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.

type ClientRole

type ClientRole string

ClientRole is the vault role which the client would like to receive

type ClientTimeout

type ClientTimeout time.Duration

ClientTimeout after which the client fails.

type ClientToken

type ClientToken string

ClientToken is a Vault token.

type ClientTokenPath

type ClientTokenPath string

ClientTokenPath file where the Vault token can be found.

type ClientURL

type ClientURL string

ClientURL is the vault url EX: https://my-vault.vault.org

type Config

type Config struct {
	// how many key parts exist
	SecretShares int
	// how many of these parts are needed to unseal Vault (secretThreshold <= secretShares)
	SecretThreshold int

	// if this root token is set, the dynamic generated will be invalidated and this created instead
	InitRootToken string
	// should the root token be stored in the keyStore
	StoreRootToken bool

	// should the KV backend be tested first to validate access rights
	PreFlightChecks bool
}

Config holds the configuration of the Vault initialization

type KVService

type KVService interface {
	Set(key string, value []byte) error
	Get(key string) ([]byte, error)
}

type Transit

type Transit struct {
	// contains filtered or unexported fields
}

Transit is a wrapper for Transit Secret Engine ref: https://www.vaultproject.io/docs/secrets/transit/index.html

func (*Transit) Decrypt

func (t *Transit) Decrypt(transitPath, keyID string, ciphertext []byte) ([]byte, error)

Decrypt decrypts the ciphertext into a plaintext ref: https://www.vaultproject.io/api/secret/transit/index.html#decrypt-data

func (*Transit) IsEncrypted

func (t *Transit) IsEncrypted(value string) bool

IsEncrypted check with regexp that value encrypter by Vault transit secret engine

type Vault

type Vault interface {
	Init() error
	RaftInitialized() (bool, error)
	RaftJoin(string) error
	Sealed() (bool, error)
	Active() (bool, error)
	Unseal() error
	Leader() (bool, error)
	Configure(config *viper.Viper) error
	StepDownActive(string) error
}

Vault is an interface that can be used to attempt to perform actions against a Vault server.

func New

func New(k KVService, cl *api.Client, config Config) (Vault, error)

New returns a new vault Vault, or an error.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier