hashicorp

package

v0.0.0-...-982e07a Latest Latest Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cossacklabs/acra

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func RegisterCLIParametersWithFlagSet(flags *flag.FlagSet, prefix, description string)
type KeyEncryptorFabric
type VaultCLIOptions
- func ParseCLIParametersFromFlags(extractor *args.ServiceExtractor, prefix string) *VaultCLIOptions
- func (options *VaultCLIOptions) VaultHTTPClient() (*http.Client, error)
type VaultLoader
- func NewMasterKeyLoader(extractor *args.ServiceExtractor, prefix string) (*VaultLoader, error)
- func NewVaultLoader(config *api.Config, secretPath string) (*VaultLoader, error)
- func (loader VaultLoader) LoadMasterKey() ([]byte, error)
- func (loader VaultLoader) LoadMasterKeys() ([]byte, []byte, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrEngineNotFound     = errors.New("unable to find secret engine")
	ErrEmptyAPIToken      = errors.New("HashiCorp Vault api token is empty")
	ErrSecretNotFound     = errors.New("HashiCorp Vault kv secret not found")
	ErrDataPathNotFound   = errors.New("no data path found for kv secret engine version 2")
	ErrMasterKeyNotFound  = errors.New("ACRA_MASTER_KEY was not found by kv secret path")
	ErrMasterKeyConvert   = errors.New("unable to convert acra master key id to string")
	ErrNoOptionsFound     = errors.New("no options found for secret engine path")
	ErrNoKVSecretEngine   = errors.New("incorrect secret engine type - should be kv")
	ErrGetEngineInfo      = errors.New("failed to get secret engine info by path")
	ErrGetEngineType      = errors.New("failed to get secret engine type by path")
	ErrParseEngineType    = errors.New("failed to parse secret engine type by path")
	ErrParseEngineOptions = errors.New("failed to parse secret engine options")
	ErrGetEngineVersion   = errors.New("failed to get secret engine version")
	ErrConvertToPathList  = errors.New("failed to convert secrets to kv secrets list")
)

set of predefined errors used in HashiCorp Vault loader and its tests

View Source

var ErrEmptyConnectionURL = errors.New("empty Hashicorp Vault connection URL provided")

ErrEmptyConnectionURL error displaying empty Hashicorp Vault connection URL

Functions ¶

func RegisterCLIParametersWithFlagSet ¶

func RegisterCLIParametersWithFlagSet(flags *flag.FlagSet, prefix, description string)

RegisterCLIParametersWithFlagSet look up for vault_connection_api_string, if none exists, vault_connection_api_string and vault_secrets_path will be added to provided flags.

Types ¶

type KeyEncryptorFabric ¶

type KeyEncryptorFabric struct{}

KeyEncryptorFabric implementation of keyloader.KeyEncryptorFabric for `vault_master_key` strategy

func (KeyEncryptorFabric) GetKeyMapper ¶

func (k KeyEncryptorFabric) GetKeyMapper() baseKMS.KeyMapper

GetKeyMapper return KeyMapper for `vault_master_key` strategy

func (KeyEncryptorFabric) NewKeyEncryptor ¶

func (k KeyEncryptorFabric) NewKeyEncryptor(extractor *args.ServiceExtractor, prefix string) (keystore.KeyEncryptor, error)

NewKeyEncryptor fabric of keystore.KeyEncryptor for for `vault_master_key` strategy

func (KeyEncryptorFabric) NewKeyEncryptorSuite ¶

func (k KeyEncryptorFabric) NewKeyEncryptorSuite(extractor *args.ServiceExtractor, prefix string) (*crypto.KeyStoreSuite, error)

NewKeyEncryptorSuite fabric of crypto.KeyStoreSuite for `vault_master_key` strategy

func (KeyEncryptorFabric) RegisterCLIParameters ¶

func (k KeyEncryptorFabric) RegisterCLIParameters(flags *flag.FlagSet, prefix, description string)

RegisterCLIParameters empty implementation of KeyEncryptorFabric interface

type VaultCLIOptions ¶

type VaultCLIOptions struct {
	Address     string
	SecretsPath string
	EnableTLS   bool
	// contains filtered or unexported fields
}

VaultCLIOptions keep command-line options related to HashiCorp Vault ACRA_MASTER_KEY loading.

func ParseCLIParametersFromFlags ¶

func ParseCLIParametersFromFlags(extractor *args.ServiceExtractor, prefix string) *VaultCLIOptions

ParseCLIParametersFromFlags VaultCLIOptions from provided FlagSet

func (*VaultCLIOptions) VaultHTTPClient ¶

func (options *VaultCLIOptions) VaultHTTPClient() (*http.Client, error)

VaultHTTPClient returns api.Config connection configuration

type VaultLoader ¶

type VaultLoader struct {
	// contains filtered or unexported fields
}

VaultLoader is HashiCorp Vault ACRA_MASTER_KEY loader implementation, it consist of api.Client used for interacting with HashiCorp Vault throughout API and secretPath which is the path where VaultLoader should look up for ACRA_MASTER_KEY; where secretPath is user provided value.

func NewMasterKeyLoader ¶

func NewMasterKeyLoader(extractor *args.ServiceExtractor, prefix string) (*VaultLoader, error)

NewMasterKeyLoader create MasterKeyLoader from VaultCLIOptions

func NewVaultLoader ¶

func NewVaultLoader(config *api.Config, secretPath string) (*VaultLoader, error)

NewVaultLoader read VAULT_API_TOKEN env, decode it and return initialized VaultLoader

func (VaultLoader) LoadMasterKey ¶

func (loader VaultLoader) LoadMasterKey() ([]byte, error)

LoadMasterKey read ACRA_MASTER_KEY key from HashiCorp Vault by secretPath, decode and validate it.

func (VaultLoader) LoadMasterKeys ¶

func (loader VaultLoader) LoadMasterKeys() ([]byte, []byte, error)

LoadMasterKeys read ACRA_MASTER_KEYs from HashiCorp Vault and validate it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL