Documentation
¶
Overview ¶
Package vault provides the ability for Vela to integrate with HashiCorp Vault as a secret backend.
Usage:
import "github.com/go-vela/server/secret/vault"
Index ¶
- Constants
- type Client
- func (c *Client) Count(_ context.Context, sType, org, name string, _ []string) (i int64, err error)
- func (c *Client) Create(_ context.Context, sType, org, name string, s *api.Secret) (*api.Secret, error)
- func (c *Client) Delete(_ context.Context, sType, org, name, path string) error
- func (c *Client) Driver() string
- func (c *Client) Get(_ context.Context, sType, org, name, path string) (s *velaAPI.Secret, err error)
- func (c *Client) List(ctx context.Context, sType, org, name string, _, _ int, _ []string) ([]*velaAPI.Secret, error)
- func (c *Client) Update(ctx context.Context, sType, org, name string, s *api.Secret) (*api.Secret, error)
- type ClientOpt
- func WithAWSRole(awsRole string) ClientOpt
- func WithAddress(address string) ClientOpt
- func WithAuthMethod(authMethod string) ClientOpt
- func WithPrefix(prefix string) ClientOpt
- func WithToken(token string) ClientOpt
- func WithTokenDuration(tokenDuration time.Duration) ClientOpt
- func WithVersion(version string) ClientOpt
- type STSPresigner
Constants ¶
const ( PrefixVaultV1 = "secret" PrefixVaultV2 = "secret/data" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶ added in v0.27.0
type Client struct {
AWS *awsCfg
Vault *api.Client
// https://pkg.go.dev/github.com/sirupsen/logrus#Entry
Logger *logrus.Entry
// contains filtered or unexported fields
}
func NewWithContext ¶ added in v0.28.0
NewWithContext matches New but allows callers to provide a context.
func (*Client) Create ¶ added in v0.27.0
func (c *Client) Create(_ context.Context, sType, org, name string, s *api.Secret) (*api.Secret, error)
Create creates a new secret.
func (*Client) Get ¶ added in v0.27.0
func (c *Client) Get(_ context.Context, sType, org, name, path string) (s *velaAPI.Secret, err error)
Get captures a secret.
func (*Client) List ¶ added in v0.27.0
func (c *Client) List(ctx context.Context, sType, org, name string, _, _ int, _ []string) ([]*velaAPI.Secret, error)
List captures a list of secrets. TODO: Implement fake pagination? We drop page and perPage as we are always returning all results. Vault API doesn't seem to support pagination. Might result in undesired behavior for fetching Vault secrets in paginated manner.
type ClientOpt ¶ added in v0.8.0
ClientOpt represents a configuration option to initialize the secret client for Vault.
func WithAWSRole ¶ added in v0.8.0
WithAWSRole sets the AWS role in the secret client for Vault.
func WithAddress ¶ added in v0.8.0
WithAddress sets the address in the secret client for Vault.
func WithAuthMethod ¶ added in v0.8.0
WithAuthMethod sets the authentication method in the secret client for Vault.
func WithPrefix ¶ added in v0.8.0
WithPrefix sets the prefix in the secret client for Vault.
func WithTokenDuration ¶ added in v0.8.0
WithTokenDuration sets the token duration in the secret client for Vault.
func WithVersion ¶ added in v0.8.0
WithVersion sets the version in the secret client for Vault.
type STSPresigner ¶ added in v0.28.0
type STSPresigner interface {
PresignGetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.PresignOptions)) (*sigV4.PresignedHTTPRequest, error)
}
STSPresigner captures the subset of the STS presign client we rely on so the AWS SDK v2 dependency can be mocked in tests; v2 removed the old stsiface shim.
Source Files