README

Vault API

This provides the github.com/hashicorp/vault/api package which contains code useful for interacting with a Vault server.

GoDoc

Expand ▾ Collapse ▴

Documentation

Index

Constants

View Source
const (
	// SSHHelperDefaultMountPoint is the default path at which SSH backend will be
	// mounted in the Vault server.
	SSHHelperDefaultMountPoint = "ssh"

	// VerifyEchoRequest is the echo request message sent as OTP by the helper.
	VerifyEchoRequest = "verify-echo-request"

	// VerifyEchoResponse is the echo response message sent as a response to OTP
	// matching echo request.
	VerifyEchoResponse = "verify-echo-response"
)
View Source
const EnvRateLimit = "VAULT_RATE_LIMIT"
View Source
const EnvVaultAddress = "VAULT_ADDR"
View Source
const EnvVaultAgentAddr = "VAULT_AGENT_ADDR"
View Source
const EnvVaultAgentAddress = "VAULT_AGENT_ADDR"

    Deprecated values

    View Source
    const EnvVaultCACert = "VAULT_CACERT"
    View Source
    const EnvVaultCAPath = "VAULT_CAPATH"
    View Source
    const EnvVaultClientCert = "VAULT_CLIENT_CERT"
    View Source
    const EnvVaultClientKey = "VAULT_CLIENT_KEY"
    View Source
    const EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
    View Source
    const EnvVaultInsecure = "VAULT_SKIP_VERIFY"
    View Source
    const EnvVaultMFA = "VAULT_MFA"
    View Source
    const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
    View Source
    const EnvVaultNamespace = "VAULT_NAMESPACE"
    View Source
    const EnvVaultSRVLookup = "VAULT_SRV_LOOKUP"
    View Source
    const EnvVaultSkipVerify = "VAULT_SKIP_VERIFY"
    View Source
    const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
    View Source
    const EnvVaultToken = "VAULT_TOKEN"
    View Source
    const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
    View Source
    const (
    	ErrOutputStringRequest = "output a string, please"
    )

    Variables

    View Source
    var (
    	ErrLifetimeWatcherMissingInput  = errors.New("missing input")
    	ErrLifetimeWatcherMissingSecret = errors.New("missing secret")
    	ErrLifetimeWatcherNotRenewable  = errors.New("secret is not renewable")
    	ErrLifetimeWatcherNoSecretData  = errors.New("returned empty secret data")
    
    	// Deprecated; kept for compatibility
    	ErrRenewerMissingInput  = errors.New("missing input to renewer")
    	ErrRenewerMissingSecret = errors.New("missing secret to renew")
    	ErrRenewerNotRenewable  = errors.New("secret is not renewable")
    	ErrRenewerNoSecretData  = errors.New("returned empty secret data")
    
    	// DefaultLifetimeWatcherRenewBuffer is the default size of the buffer for renew
    	// messages on the channel.
    	DefaultLifetimeWatcherRenewBuffer = 5
    	// Deprecated: kept for backwards compatibility
    	DefaultRenewerRenewBuffer = 5
    )
    View Source
    var (
    	// The default TTL that will be used with `sys/wrapping/wrap`, can be
    	// changed
    	DefaultWrappingTTL = "5m"
    
    	// The default function used if no other function is set. It honors the env
    	// var to set the wrap TTL. The default wrap TTL will apply when when writing
    	// to `sys/wrapping/wrap` when the env var is not set.
    	DefaultWrappingLookupFunc = func(operation, path string) string {
    		if os.Getenv(EnvVaultWrapTTL) != "" {
    			return os.Getenv(EnvVaultWrapTTL)
    		}
    
    		if (operation == "PUT" || operation == "POST") && path == "sys/wrapping/wrap" {
    			return DefaultWrappingTTL
    		}
    
    		return ""
    	}
    )
    View Source
    var (
    	// PluginMetadataModeEnv is an ENV name used to disable TLS communication
    	// to bootstrap mounting plugins.
    	PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
    
    	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
    	// plugin.
    	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"
    )

    Functions

    func DefaultRetryPolicy

    func DefaultRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error)

      DefaultRetryPolicy is the default retry policy used by new Client objects. It is the same as retryablehttp.DefaultRetryPolicy except that it also retries 412 requests, which are returned by Vault when a X-Vault-Index header isn't satisfied.

      func VaultPluginTLSProvider

      func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error)

        VaultPluginTLSProvider is run inside a plugin and retrieves the response wrapped TLS certificate from vault. It returns a configured TLS Config.

        Types

        type Audit

        type Audit struct {
        	Type        string            `json:"type" mapstructure:"type"`
        	Description string            `json:"description" mapstructure:"description"`
        	Options     map[string]string `json:"options" mapstructure:"options"`
        	Local       bool              `json:"local" mapstructure:"local"`
        	Path        string            `json:"path" mapstructure:"path"`
        }

        type Auth

        type Auth struct {
        	// contains filtered or unexported fields
        }

          Auth is used to perform credential backend related operations.

          func (*Auth) Token

          func (a *Auth) Token() *TokenAuth

            Token is used to return the client for token-backend API calls

            type AuthConfigInput

            type AuthConfigInput = MountConfigInput

            type AuthConfigOutput

            type AuthConfigOutput = MountConfigOutput

            type AuthMount

            type AuthMount = MountOutput

            type AutopilotConfig

            type AutopilotConfig struct {
            	CleanupDeadServers             bool          `json:"cleanup_dead_servers" mapstructure:"cleanup_dead_servers"`
            	LastContactThreshold           time.Duration `json:"last_contact_threshold" mapstructure:"-"`
            	DeadServerLastContactThreshold time.Duration `json:"dead_server_last_contact_threshold" mapstructure:"-"`
            	MaxTrailingLogs                uint64        `json:"max_trailing_logs" mapstructure:"max_trailing_logs"`
            	MinQuorum                      uint          `json:"min_quorum" mapstructure:"min_quorum"`
            	ServerStabilizationTime        time.Duration `json:"server_stabilization_time" mapstructure:"-"`
            }

              AutopilotConfig is used for querying/setting the Autopilot configuration.

              func (*AutopilotConfig) MarshalJSON

              func (ac *AutopilotConfig) MarshalJSON() ([]byte, error)

                MarshalJSON makes the autopilot config fields JSON compatible

                func (*AutopilotConfig) UnmarshalJSON

                func (ac *AutopilotConfig) UnmarshalJSON(b []byte) error

                  UnmarshalJSON parses the autopilot config JSON blob

                  type AutopilotServer

                  type AutopilotServer struct {
                  	ID          string            `mapstructure:"id"`
                  	Name        string            `mapstructure:"name"`
                  	Address     string            `mapstructure:"address"`
                  	NodeStatus  string            `mapstructure:"node_status"`
                  	LastContact string            `mapstructure:"last_contact"`
                  	LastTerm    uint64            `mapstructure:"last_term"`
                  	LastIndex   uint64            `mapstructure:"last_index"`
                  	Healthy     bool              `mapstructure:"healthy"`
                  	StableSince string            `mapstructure:"stable_since"`
                  	Status      string            `mapstructure:"status"`
                  	Meta        map[string]string `mapstructure:"meta"`
                  }

                    AutopilotServer represents the server blocks in the response of the raft autopilot state API.

                    type AutopilotState

                    type AutopilotState struct {
                    	Healthy          bool                        `mapstructure:"healthy"`
                    	FailureTolerance int                         `mapstructure:"failure_tolerance"`
                    	Servers          map[string]*AutopilotServer `mapstructure:"servers"`
                    	Leader           string                      `mapstructure:"leader"`
                    	Voters           []string                    `mapstructure:"voters"`
                    	NonVoters        []string                    `mapstructure:"non_voters"`
                    }

                      AutopilotState represents the response of the raft autopilot state API

                      type CORSRequest

                      type CORSRequest struct {
                      	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
                      	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
                      	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
                      }

                      type CORSResponse

                      type CORSResponse struct {
                      	AllowedOrigins []string `json:"allowed_origins" mapstructure:"allowed_origins"`
                      	AllowedHeaders []string `json:"allowed_headers" mapstructure:"allowed_headers"`
                      	Enabled        bool     `json:"enabled" mapstructure:"enabled"`
                      }

                      type Client

                      type Client struct {
                      	// contains filtered or unexported fields
                      }

                        Client is the client to the Vault API. Create a client with NewClient.

                        func NewClient

                        func NewClient(c *Config) (*Client, error)

                          NewClient returns a new client for the given configuration.

                          If the configuration is nil, Vault will use configuration from DefaultConfig(), which is the recommended starting configuration.

                          If the environment variable `VAULT_TOKEN` is present, the token will be automatically added to the client. Otherwise, you must manually call `SetToken()`.

                          func (*Client) AddHeader

                          func (c *Client) AddHeader(key, value string)

                            AddHeader allows a single header key/value pair to be added in a race-safe fashion.

                            func (*Client) Address

                            func (c *Client) Address() string

                              Address returns the Vault URL the client is configured to connect to

                              func (*Client) Auth

                              func (c *Client) Auth() *Auth

                                Auth is used to return the client for credential-backend API calls.

                                func (*Client) CheckRetry

                                func (c *Client) CheckRetry() retryablehttp.CheckRetry

                                func (*Client) ClearToken

                                func (c *Client) ClearToken()

                                  ClearToken deletes the token if it is set or does nothing otherwise.

                                  func (*Client) ClientTimeout

                                  func (c *Client) ClientTimeout() time.Duration

                                  func (*Client) Clone

                                  func (c *Client) Clone() (*Client, error)

                                    Clone creates a new client with the same configuration. Note that the same underlying http.Client is used; modifying the client from more than one goroutine at once may not be safe, so modify the client as needed and then clone.

                                    Also, only the client's config is currently copied; this means items not in the api.Config struct, such as policy override and wrapping function behavior, must currently then be set as desired on the new client.

                                    func (*Client) CloneConfig

                                    func (c *Client) CloneConfig() *Config

                                    func (*Client) CurrentWrappingLookupFunc

                                    func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc

                                      CurrentWrappingLookupFunc sets a lookup function that returns desired wrap TTLs for a given operation and path.

                                      func (*Client) Headers

                                      func (c *Client) Headers() http.Header

                                        Headers gets the current set of headers used for requests. This returns a copy; to modify it call AddHeader or SetHeaders.

                                        func (*Client) Help

                                        func (c *Client) Help(path string) (*Help, error)

                                          Help reads the help information for the given path.

                                          func (*Client) Limiter

                                          func (c *Client) Limiter() *rate.Limiter

                                          func (*Client) Logical

                                          func (c *Client) Logical() *Logical

                                            Logical is used to return the client for logical-backend API calls.

                                            func (*Client) MaxRetries

                                            func (c *Client) MaxRetries() int

                                            func (*Client) NewLifetimeWatcher

                                            func (c *Client) NewLifetimeWatcher(i *LifetimeWatcherInput) (*LifetimeWatcher, error)

                                              NewLifetimeWatcher creates a new renewer from the given input.

                                              func (*Client) NewRenewer

                                              func (c *Client) NewRenewer(i *LifetimeWatcherInput) (*LifetimeWatcher, error)

                                                Deprecated: exists only for backwards compatibility. Calls NewLifetimeWatcher, and sets compatibility flags.

                                                func (*Client) NewRequest

                                                func (c *Client) NewRequest(method, requestPath string) *Request

                                                  NewRequest creates a new raw request object to query the Vault server configured for this client. This is an advanced method and generally doesn't need to be called externally.

                                                  func (*Client) OutputCurlString

                                                  func (c *Client) OutputCurlString() bool

                                                  func (*Client) RawRequest

                                                  func (c *Client) RawRequest(r *Request) (*Response, error)

                                                    RawRequest performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.

                                                    func (*Client) RawRequestWithContext

                                                    func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error)

                                                      RawRequestWithContext performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.

                                                      func (*Client) SRVLookup

                                                      func (c *Client) SRVLookup() bool

                                                      func (*Client) SSH

                                                      func (c *Client) SSH() *SSH

                                                        SSH returns the client for logical-backend API calls.

                                                        func (*Client) SSHHelper

                                                        func (c *Client) SSHHelper() *SSHHelper

                                                          SSHHelper creates an SSHHelper object which can talk to Vault server with SSH backend mounted at default path ("ssh").

                                                          func (*Client) SSHHelperWithMountPoint

                                                          func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper

                                                            SSHHelperWithMountPoint creates an SSHHelper object which can talk to Vault server with SSH backend mounted at a specific mount point.

                                                            func (*Client) SSHWithMountPoint

                                                            func (c *Client) SSHWithMountPoint(mountPoint string) *SSH

                                                              SSHWithMountPoint returns the client with specific SSH mount point.

                                                              func (*Client) SetAddress

                                                              func (c *Client) SetAddress(addr string) error

                                                                Sets the address of Vault in the client. The format of address should be "<Scheme>://<Host>:<Port>". Setting this on a client will override the value of VAULT_ADDR environment variable.

                                                                func (*Client) SetBackoff

                                                                func (c *Client) SetBackoff(backoff retryablehttp.Backoff)

                                                                  SetBackoff sets the backoff function to be used for future requests.

                                                                  func (*Client) SetCheckRetry

                                                                  func (c *Client) SetCheckRetry(checkRetry retryablehttp.CheckRetry)

                                                                    SetCheckRetry sets the CheckRetry function to be used for future requests.

                                                                    func (*Client) SetClientTimeout

                                                                    func (c *Client) SetClientTimeout(timeout time.Duration)

                                                                      SetClientTimeout sets the client request timeout

                                                                      func (*Client) SetHeaders

                                                                      func (c *Client) SetHeaders(headers http.Header)

                                                                        SetHeaders clears all previous headers and uses only the given ones going forward.

                                                                        func (*Client) SetLimiter

                                                                        func (c *Client) SetLimiter(rateLimit float64, burst int)

                                                                          SetLimiter will set the rate limiter for this client. This method is thread-safe. rateLimit and burst are specified according to https://godoc.org/golang.org/x/time/rate#NewLimiter

                                                                          func (*Client) SetMFACreds

                                                                          func (c *Client) SetMFACreds(creds []string)

                                                                            SetMFACreds sets the MFA credentials supplied either via the environment variable or via the command line.

                                                                            func (*Client) SetMaxRetries

                                                                            func (c *Client) SetMaxRetries(retries int)

                                                                              SetMaxRetries sets the number of retries that will be used in the case of certain errors

                                                                              func (*Client) SetNamespace

                                                                              func (c *Client) SetNamespace(namespace string)

                                                                                SetNamespace sets the namespace supplied either via the environment variable or via the command line.

                                                                                func (*Client) SetOutputCurlString

                                                                                func (c *Client) SetOutputCurlString(curl bool)

                                                                                func (*Client) SetPolicyOverride

                                                                                func (c *Client) SetPolicyOverride(override bool)

                                                                                  SetPolicyOverride sets whether requests should be sent with the policy override flag to request overriding soft-mandatory Sentinel policies (both RGPs and EGPs)

                                                                                  func (*Client) SetSRVLookup

                                                                                  func (c *Client) SetSRVLookup(srv bool)

                                                                                  func (*Client) SetToken

                                                                                  func (c *Client) SetToken(v string)

                                                                                    SetToken sets the token directly. This won't perform any auth verification, it simply sets the token properly for future requests.

                                                                                    func (*Client) SetWrappingLookupFunc

                                                                                    func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc)

                                                                                      SetWrappingLookupFunc sets a lookup function that returns desired wrap TTLs for a given operation and path.

                                                                                      func (*Client) Sys

                                                                                      func (c *Client) Sys() *Sys

                                                                                        Sys is used to return the client for sys-related API calls.

                                                                                        func (*Client) Token

                                                                                        func (c *Client) Token() string

                                                                                          Token returns the access token being used by this client. It will return the empty string if there is no token set.

                                                                                          func (*Client) WithRequestCallbacks

                                                                                          func (c *Client) WithRequestCallbacks(callbacks ...RequestCallback) *Client

                                                                                            WithRequestCallbacks makes a shallow clone of Client, modifies it to use the given callbacks, and returns it. Each of the callbacks will be invoked on every outgoing request. A client may be used to issue requests concurrently; any locking needed by callbacks invoked concurrently is the callback's responsibility.

                                                                                            func (*Client) WithResponseCallbacks

                                                                                            func (c *Client) WithResponseCallbacks(callbacks ...ResponseCallback) *Client

                                                                                              WithResponseCallbacks makes a shallow clone of Client, modifies it to use the given callbacks, and returns it. Each of the callbacks will be invoked on every received response. A client may be used to issue requests concurrently; any locking needed by callbacks invoked concurrently is the callback's responsibility.

                                                                                              type Config

                                                                                              type Config struct {
                                                                                              
                                                                                              	// Address is the address of the Vault server. This should be a complete
                                                                                              	// URL such as "http://vault.example.com". If you need a custom SSL
                                                                                              	// cert or want to enable insecure mode, you need to specify a custom
                                                                                              	// HttpClient.
                                                                                              	Address string
                                                                                              
                                                                                              	// AgentAddress is the address of the local Vault agent. This should be a
                                                                                              	// complete URL such as "http://vault.example.com".
                                                                                              	AgentAddress string
                                                                                              
                                                                                              	// HttpClient is the HTTP client to use. Vault sets sane defaults for the
                                                                                              	// http.Client and its associated http.Transport created in DefaultConfig.
                                                                                              	// If you must modify Vault's defaults, it is suggested that you start with
                                                                                              	// that client and modify as needed rather than start with an empty client
                                                                                              	// (or http.DefaultClient).
                                                                                              	HttpClient *http.Client
                                                                                              
                                                                                              	// MaxRetries controls the maximum number of times to retry when a 5xx
                                                                                              	// error occurs. Set to 0 to disable retrying. Defaults to 2 (for a total
                                                                                              	// of three tries).
                                                                                              	MaxRetries int
                                                                                              
                                                                                              	// Timeout is for setting custom timeout parameter in the HttpClient
                                                                                              	Timeout time.Duration
                                                                                              
                                                                                              	// If there is an error when creating the configuration, this will be the
                                                                                              	// error
                                                                                              	Error error
                                                                                              
                                                                                              	// The Backoff function to use; a default is used if not provided
                                                                                              	Backoff retryablehttp.Backoff
                                                                                              
                                                                                              	// The CheckRetry function to use; a default is used if not provided
                                                                                              	CheckRetry retryablehttp.CheckRetry
                                                                                              
                                                                                              	// Limiter is the rate limiter used by the client.
                                                                                              	// If this pointer is nil, then there will be no limit set.
                                                                                              	// In contrast, if this pointer is set, even to an empty struct,
                                                                                              	// then that limiter will be used. Note that an empty Limiter
                                                                                              	// is equivalent blocking all events.
                                                                                              	Limiter *rate.Limiter
                                                                                              
                                                                                              	// OutputCurlString causes the actual request to return an error of type
                                                                                              	// *OutputStringError. Type asserting the error message will allow
                                                                                              	// fetching a cURL-compatible string for the operation.
                                                                                              	//
                                                                                              	// Note: It is not thread-safe to set this and make concurrent requests
                                                                                              	// with the same client. Cloning a client will not clone this value.
                                                                                              	OutputCurlString bool
                                                                                              
                                                                                              	// SRVLookup enables the client to lookup the host through DNS SRV lookup
                                                                                              	SRVLookup bool
                                                                                              	// contains filtered or unexported fields
                                                                                              }

                                                                                                Config is used to configure the creation of the client.

                                                                                                func DefaultConfig

                                                                                                func DefaultConfig() *Config

                                                                                                  DefaultConfig returns a default configuration for the client. It is safe to modify the return value of this function.

                                                                                                  The default Address is https://127.0.0.1:8200, but this can be overridden by setting the `VAULT_ADDR` environment variable.

                                                                                                  If an error is encountered, this will return nil.

                                                                                                  func (*Config) ConfigureTLS

                                                                                                  func (c *Config) ConfigureTLS(t *TLSConfig) error

                                                                                                    ConfigureTLS takes a set of TLS configurations and applies those to the the HTTP client.

                                                                                                    func (*Config) ReadEnvironment

                                                                                                    func (c *Config) ReadEnvironment() error

                                                                                                      ReadEnvironment reads configuration information from the environment. If there is an error, no configuration value is updated.

                                                                                                      type DeregisterPluginInput

                                                                                                      type DeregisterPluginInput struct {
                                                                                                      	// Name is the name of the plugin. Required.
                                                                                                      	Name string `json:"-"`
                                                                                                      
                                                                                                      	// Type of the plugin. Required.
                                                                                                      	Type consts.PluginType `json:"type"`
                                                                                                      }

                                                                                                        DeregisterPluginInput is used as input to the DeregisterPlugin function.

                                                                                                        type EnableAuditOptions

                                                                                                        type EnableAuditOptions struct {
                                                                                                        	Type        string            `json:"type" mapstructure:"type"`
                                                                                                        	Description string            `json:"description" mapstructure:"description"`
                                                                                                        	Options     map[string]string `json:"options" mapstructure:"options"`
                                                                                                        	Local       bool              `json:"local" mapstructure:"local"`
                                                                                                        }

                                                                                                        type EnableAuthOptions

                                                                                                        type EnableAuthOptions = MountInput

                                                                                                          Rather than duplicate, we can use modern Go's type aliasing

                                                                                                          type ErrorResponse

                                                                                                          type ErrorResponse struct {
                                                                                                          	Errors []string
                                                                                                          }

                                                                                                            ErrorResponse is the raw structure of errors when they're returned by the HTTP API.

                                                                                                            type GenerateRootStatusResponse

                                                                                                            type GenerateRootStatusResponse struct {
                                                                                                            	Nonce            string `json:"nonce"`
                                                                                                            	Started          bool   `json:"started"`
                                                                                                            	Progress         int    `json:"progress"`
                                                                                                            	Required         int    `json:"required"`
                                                                                                            	Complete         bool   `json:"complete"`
                                                                                                            	EncodedToken     string `json:"encoded_token"`
                                                                                                            	EncodedRootToken string `json:"encoded_root_token"`
                                                                                                            	PGPFingerprint   string `json:"pgp_fingerprint"`
                                                                                                            	OTP              string `json:"otp"`
                                                                                                            	OTPLength        int    `json:"otp_length"`
                                                                                                            }

                                                                                                            type GetPluginInput

                                                                                                            type GetPluginInput struct {
                                                                                                            	Name string `json:"-"`
                                                                                                            
                                                                                                            	// Type of the plugin. Required.
                                                                                                            	Type consts.PluginType `json:"type"`
                                                                                                            }

                                                                                                              GetPluginInput is used as input to the GetPlugin function.

                                                                                                              type GetPluginResponse

                                                                                                              type GetPluginResponse struct {
                                                                                                              	Args    []string `json:"args"`
                                                                                                              	Builtin bool     `json:"builtin"`
                                                                                                              	Command string   `json:"command"`
                                                                                                              	Name    string   `json:"name"`
                                                                                                              	SHA256  string   `json:"sha256"`
                                                                                                              }

                                                                                                                GetPluginResponse is the response from the GetPlugin call.

                                                                                                                type HealthResponse

                                                                                                                type HealthResponse struct {
                                                                                                                	Initialized                bool   `json:"initialized"`
                                                                                                                	Sealed                     bool   `json:"sealed"`
                                                                                                                	Standby                    bool   `json:"standby"`
                                                                                                                	PerformanceStandby         bool   `json:"performance_standby"`
                                                                                                                	ReplicationPerformanceMode string `json:"replication_performance_mode"`
                                                                                                                	ReplicationDRMode          string `json:"replication_dr_mode"`
                                                                                                                	ServerTimeUTC              int64  `json:"server_time_utc"`
                                                                                                                	Version                    string `json:"version"`
                                                                                                                	ClusterName                string `json:"cluster_name,omitempty"`
                                                                                                                	ClusterID                  string `json:"cluster_id,omitempty"`
                                                                                                                	LastWAL                    uint64 `json:"last_wal,omitempty"`
                                                                                                                }

                                                                                                                type Help

                                                                                                                type Help struct {
                                                                                                                	Help    string                 `json:"help"`
                                                                                                                	SeeAlso []string               `json:"see_also"`
                                                                                                                	OpenAPI map[string]interface{} `json:"openapi"`
                                                                                                                }

                                                                                                                type InitRequest

                                                                                                                type InitRequest struct {
                                                                                                                	SecretShares      int      `json:"secret_shares"`
                                                                                                                	SecretThreshold   int      `json:"secret_threshold"`
                                                                                                                	StoredShares      int      `json:"stored_shares"`
                                                                                                                	PGPKeys           []string `json:"pgp_keys"`
                                                                                                                	RecoveryShares    int      `json:"recovery_shares"`
                                                                                                                	RecoveryThreshold int      `json:"recovery_threshold"`
                                                                                                                	RecoveryPGPKeys   []string `json:"recovery_pgp_keys"`
                                                                                                                	RootTokenPGPKey   string   `json:"root_token_pgp_key"`
                                                                                                                }

                                                                                                                type InitResponse

                                                                                                                type InitResponse struct {
                                                                                                                	Keys            []string `json:"keys"`
                                                                                                                	KeysB64         []string `json:"keys_base64"`
                                                                                                                	RecoveryKeys    []string `json:"recovery_keys"`
                                                                                                                	RecoveryKeysB64 []string `json:"recovery_keys_base64"`
                                                                                                                	RootToken       string   `json:"root_token"`
                                                                                                                }

                                                                                                                type InitStatusResponse

                                                                                                                type InitStatusResponse struct {
                                                                                                                	Initialized bool
                                                                                                                }

                                                                                                                type KeyStatus

                                                                                                                type KeyStatus struct {
                                                                                                                	Term        int       `json:"term"`
                                                                                                                	InstallTime time.Time `json:"install_time"`
                                                                                                                	Encryptions int       `json:"encryptions"`
                                                                                                                }

                                                                                                                type LeaderResponse

                                                                                                                type LeaderResponse struct {
                                                                                                                	HAEnabled                bool      `json:"ha_enabled"`
                                                                                                                	IsSelf                   bool      `json:"is_self"`
                                                                                                                	ActiveTime               time.Time `json:"active_time"`
                                                                                                                	LeaderAddress            string    `json:"leader_address"`
                                                                                                                	LeaderClusterAddress     string    `json:"leader_cluster_address"`
                                                                                                                	PerfStandby              bool      `json:"performance_standby"`
                                                                                                                	PerfStandbyLastRemoteWAL uint64    `json:"performance_standby_last_remote_wal"`
                                                                                                                	LastWAL                  uint64    `json:"last_wal"`
                                                                                                                	RaftCommittedIndex       uint64    `json:"raft_committed_index,omitempty"`
                                                                                                                	RaftAppliedIndex         uint64    `json:"raft_applied_index,omitempty"`
                                                                                                                }

                                                                                                                type LifetimeWatcher

                                                                                                                type LifetimeWatcher struct {
                                                                                                                	// contains filtered or unexported fields
                                                                                                                }

                                                                                                                  LifetimeWatcher is a process for watching lifetime of a secret.

                                                                                                                  watcher, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{
                                                                                                                  	Secret: mySecret,
                                                                                                                  })
                                                                                                                  go watcher.Start()
                                                                                                                  defer watcher.Stop()
                                                                                                                  
                                                                                                                  for {
                                                                                                                  	select {
                                                                                                                  	case err := <-watcher.DoneCh():
                                                                                                                  		if err != nil {
                                                                                                                  			log.Fatal(err)
                                                                                                                  		}
                                                                                                                  
                                                                                                                  		// Renewal is now over
                                                                                                                  	case renewal := <-watcher.RenewCh():
                                                                                                                  		log.Printf("Successfully renewed: %#v", renewal)
                                                                                                                  	}
                                                                                                                  }
                                                                                                                  

                                                                                                                  `DoneCh` will return if renewal fails, or if the remaining lease duration is under a built-in threshold and either renewing is not extending it or renewing is disabled. In both cases, the caller should attempt a re-read of the secret. Clients should check the return value of the channel to see if renewal was successful.

                                                                                                                  func (*LifetimeWatcher) DoneCh

                                                                                                                  func (r *LifetimeWatcher) DoneCh() <-chan error

                                                                                                                    DoneCh returns the channel where the renewer will publish when renewal stops. If there is an error, this will be an error.

                                                                                                                    func (*LifetimeWatcher) Renew

                                                                                                                    func (r *LifetimeWatcher) Renew()

                                                                                                                      Renew is for comnpatibility with the legacy api.Renewer. Calling Renew simply chains to Start.

                                                                                                                      func (*LifetimeWatcher) RenewCh

                                                                                                                      func (r *LifetimeWatcher) RenewCh() <-chan *RenewOutput

                                                                                                                        RenewCh is a channel that receives a message when a successful renewal takes place and includes metadata about the renewal.

                                                                                                                        func (*LifetimeWatcher) Start

                                                                                                                        func (r *LifetimeWatcher) Start()

                                                                                                                          Start starts a background process for watching the lifetime of this secret. If renewal is enabled, when the secret has auth data, this attempts to renew the auth (token); When the secret has a lease, this attempts to renew the lease.

                                                                                                                          func (*LifetimeWatcher) Stop

                                                                                                                          func (r *LifetimeWatcher) Stop()

                                                                                                                            Stop stops the renewer.

                                                                                                                            type LifetimeWatcherInput

                                                                                                                            type LifetimeWatcherInput struct {
                                                                                                                            	// Secret is the secret to renew
                                                                                                                            	Secret *Secret
                                                                                                                            
                                                                                                                            	// DEPRECATED: this does not do anything.
                                                                                                                            	Grace time.Duration
                                                                                                                            
                                                                                                                            	// Rand is the randomizer to use for underlying randomization. If not
                                                                                                                            	// provided, one will be generated and seeded automatically. If provided, it
                                                                                                                            	// is assumed to have already been seeded.
                                                                                                                            	Rand *rand.Rand
                                                                                                                            
                                                                                                                            	// RenewBuffer is the size of the buffered channel where renew messages are
                                                                                                                            	// dispatched.
                                                                                                                            	RenewBuffer int
                                                                                                                            
                                                                                                                            	// The new TTL, in seconds, that should be set on the lease. The TTL set
                                                                                                                            	// here may or may not be honored by the vault server, based on Vault
                                                                                                                            	// configuration or any associated max TTL values.
                                                                                                                            	Increment int
                                                                                                                            
                                                                                                                            	// RenewBehavior controls what happens when a renewal errors or the
                                                                                                                            	// passed-in secret is not renewable.
                                                                                                                            	RenewBehavior RenewBehavior
                                                                                                                            }

                                                                                                                              LifetimeWatcherInput is used as input to the renew function.

                                                                                                                              type ListPluginsInput

                                                                                                                              type ListPluginsInput struct {
                                                                                                                              	// Type of the plugin. Required.
                                                                                                                              	Type consts.PluginType `json:"type"`
                                                                                                                              }

                                                                                                                                ListPluginsInput is used as input to the ListPlugins function.

                                                                                                                                type ListPluginsResponse

                                                                                                                                type ListPluginsResponse struct {
                                                                                                                                	// PluginsByType is the list of plugins by type.
                                                                                                                                	PluginsByType map[consts.PluginType][]string `json:"types"`
                                                                                                                                
                                                                                                                                	// Names is the list of names of the plugins.
                                                                                                                                	//
                                                                                                                                	// Deprecated: Newer server responses should be returning PluginsByType (json:
                                                                                                                                	// "types") instead.
                                                                                                                                	Names []string `json:"names"`
                                                                                                                                }

                                                                                                                                  ListPluginsResponse is the response from the ListPlugins call.

                                                                                                                                  type Logical

                                                                                                                                  type Logical struct {
                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                  }

                                                                                                                                    Logical is used to perform logical backend operations on Vault.

                                                                                                                                    func (*Logical) Delete

                                                                                                                                    func (c *Logical) Delete(path string) (*Secret, error)

                                                                                                                                    func (*Logical) DeleteWithData

                                                                                                                                    func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret, error)

                                                                                                                                    func (*Logical) List

                                                                                                                                    func (c *Logical) List(path string) (*Secret, error)

                                                                                                                                    func (*Logical) Read

                                                                                                                                    func (c *Logical) Read(path string) (*Secret, error)

                                                                                                                                    func (*Logical) ReadWithData

                                                                                                                                    func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error)

                                                                                                                                    func (*Logical) Unwrap

                                                                                                                                    func (c *Logical) Unwrap(wrappingToken string) (*Secret, error)

                                                                                                                                    func (*Logical) Write

                                                                                                                                    func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error)

                                                                                                                                    func (*Logical) WriteBytes

                                                                                                                                    func (c *Logical) WriteBytes(path string, data []byte) (*Secret, error)

                                                                                                                                    type MountConfigInput

                                                                                                                                    type MountConfigInput struct {
                                                                                                                                    	Options                   map[string]string `json:"options" mapstructure:"options"`
                                                                                                                                    	DefaultLeaseTTL           string            `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
                                                                                                                                    	Description               *string           `json:"description,omitempty" mapstructure:"description"`
                                                                                                                                    	MaxLeaseTTL               string            `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
                                                                                                                                    	ForceNoCache              bool              `json:"force_no_cache" mapstructure:"force_no_cache"`
                                                                                                                                    	AuditNonHMACRequestKeys   []string          `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
                                                                                                                                    	AuditNonHMACResponseKeys  []string          `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
                                                                                                                                    	ListingVisibility         string            `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
                                                                                                                                    	PassthroughRequestHeaders []string          `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
                                                                                                                                    	AllowedResponseHeaders    []string          `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
                                                                                                                                    	TokenType                 string            `json:"token_type,omitempty" mapstructure:"token_type"`
                                                                                                                                    
                                                                                                                                    	// Deprecated: This field will always be blank for newer server responses.
                                                                                                                                    	PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
                                                                                                                                    }

                                                                                                                                    type MountConfigOutput

                                                                                                                                    type MountConfigOutput struct {
                                                                                                                                    	DefaultLeaseTTL           int      `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
                                                                                                                                    	MaxLeaseTTL               int      `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
                                                                                                                                    	ForceNoCache              bool     `json:"force_no_cache" mapstructure:"force_no_cache"`
                                                                                                                                    	AuditNonHMACRequestKeys   []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
                                                                                                                                    	AuditNonHMACResponseKeys  []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
                                                                                                                                    	ListingVisibility         string   `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
                                                                                                                                    	PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
                                                                                                                                    	AllowedResponseHeaders    []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
                                                                                                                                    	TokenType                 string   `json:"token_type,omitempty" mapstructure:"token_type"`
                                                                                                                                    
                                                                                                                                    	// Deprecated: This field will always be blank for newer server responses.
                                                                                                                                    	PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
                                                                                                                                    }

                                                                                                                                    type MountInput

                                                                                                                                    type MountInput struct {
                                                                                                                                    	Type                  string            `json:"type"`
                                                                                                                                    	Description           string            `json:"description"`
                                                                                                                                    	Config                MountConfigInput  `json:"config"`
                                                                                                                                    	Local                 bool              `json:"local"`
                                                                                                                                    	SealWrap              bool              `json:"seal_wrap" mapstructure:"seal_wrap"`
                                                                                                                                    	ExternalEntropyAccess bool              `json:"external_entropy_access" mapstructure:"external_entropy_access"`
                                                                                                                                    	Options               map[string]string `json:"options"`
                                                                                                                                    
                                                                                                                                    	// Deprecated: Newer server responses should be returning this information in the
                                                                                                                                    	// Type field (json: "type") instead.
                                                                                                                                    	PluginName string `json:"plugin_name,omitempty"`
                                                                                                                                    }

                                                                                                                                    type MountOutput

                                                                                                                                    type MountOutput struct {
                                                                                                                                    	UUID                  string            `json:"uuid"`
                                                                                                                                    	Type                  string            `json:"type"`
                                                                                                                                    	Description           string            `json:"description"`
                                                                                                                                    	Accessor              string            `json:"accessor"`
                                                                                                                                    	Config                MountConfigOutput `json:"config"`
                                                                                                                                    	Options               map[string]string `json:"options"`
                                                                                                                                    	Local                 bool              `json:"local"`
                                                                                                                                    	SealWrap              bool              `json:"seal_wrap" mapstructure:"seal_wrap"`
                                                                                                                                    	ExternalEntropyAccess bool              `json:"external_entropy_access" mapstructure:"external_entropy_access"`
                                                                                                                                    }

                                                                                                                                    type OutputStringError

                                                                                                                                    type OutputStringError struct {
                                                                                                                                    	*retryablehttp.Request
                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                    }
                                                                                                                                    var (
                                                                                                                                    	LastOutputStringError *OutputStringError
                                                                                                                                    )

                                                                                                                                    func (*OutputStringError) CurlString

                                                                                                                                    func (d *OutputStringError) CurlString() string

                                                                                                                                    func (*OutputStringError) Error

                                                                                                                                    func (d *OutputStringError) Error() string

                                                                                                                                    type PluginAPIClientMeta

                                                                                                                                    type PluginAPIClientMeta struct {
                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                    }

                                                                                                                                      PluginAPIClientMeta is a helper that plugins can use to configure TLS connections back to Vault.

                                                                                                                                      func (*PluginAPIClientMeta) FlagSet

                                                                                                                                      func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet

                                                                                                                                        FlagSet returns the flag set for configuring the TLS connection

                                                                                                                                        func (*PluginAPIClientMeta) GetTLSConfig

                                                                                                                                        func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig

                                                                                                                                          GetTLSConfig will return a TLSConfig based off the values from the flags

                                                                                                                                          type RaftJoinRequest

                                                                                                                                          type RaftJoinRequest struct {
                                                                                                                                          	AutoJoin         string `json:"auto_join"`
                                                                                                                                          	AutoJoinScheme   string `json:"auto_join_scheme"`
                                                                                                                                          	AutoJoinPort     uint   `json:"auto_join_port"`
                                                                                                                                          	LeaderAPIAddr    string `json:"leader_api_addr"`
                                                                                                                                          	LeaderCACert     string `json:"leader_ca_cert"`
                                                                                                                                          	LeaderClientCert string `json:"leader_client_cert"`
                                                                                                                                          	LeaderClientKey  string `json:"leader_client_key"`
                                                                                                                                          	Retry            bool   `json:"retry"`
                                                                                                                                          	NonVoter         bool   `json:"non_voter"`
                                                                                                                                          }

                                                                                                                                            RaftJoinRequest represents the parameters consumed by the raft join API

                                                                                                                                            type RaftJoinResponse

                                                                                                                                            type RaftJoinResponse struct {
                                                                                                                                            	Joined bool `json:"joined"`
                                                                                                                                            }

                                                                                                                                              RaftJoinResponse represents the response of the raft join API

                                                                                                                                              type RegisterPluginInput

                                                                                                                                              type RegisterPluginInput struct {
                                                                                                                                              	// Name is the name of the plugin. Required.
                                                                                                                                              	Name string `json:"-"`
                                                                                                                                              
                                                                                                                                              	// Type of the plugin. Required.
                                                                                                                                              	Type consts.PluginType `json:"type"`
                                                                                                                                              
                                                                                                                                              	// Args is the list of args to spawn the process with.
                                                                                                                                              	Args []string `json:"args,omitempty"`
                                                                                                                                              
                                                                                                                                              	// Command is the command to run.
                                                                                                                                              	Command string `json:"command,omitempty"`
                                                                                                                                              
                                                                                                                                              	// SHA256 is the shasum of the plugin.
                                                                                                                                              	SHA256 string `json:"sha256,omitempty"`
                                                                                                                                              }

                                                                                                                                                RegisterPluginInput is used as input to the RegisterPlugin function.

                                                                                                                                                type RekeyInitRequest

                                                                                                                                                type RekeyInitRequest struct {
                                                                                                                                                	SecretShares        int      `json:"secret_shares"`
                                                                                                                                                	SecretThreshold     int      `json:"secret_threshold"`
                                                                                                                                                	StoredShares        int      `json:"stored_shares"`
                                                                                                                                                	PGPKeys             []string `json:"pgp_keys"`
                                                                                                                                                	Backup              bool
                                                                                                                                                	RequireVerification bool `json:"require_verification"`
                                                                                                                                                }

                                                                                                                                                type RekeyRetrieveResponse

                                                                                                                                                type RekeyRetrieveResponse struct {
                                                                                                                                                	Nonce   string              `json:"nonce" mapstructure:"nonce"`
                                                                                                                                                	Keys    map[string][]string `json:"keys" mapstructure:"keys"`
                                                                                                                                                	KeysB64 map[string][]string `json:"keys_base64" mapstructure:"keys_base64"`
                                                                                                                                                }

                                                                                                                                                type RekeyStatusResponse

                                                                                                                                                type RekeyStatusResponse struct {
                                                                                                                                                	Nonce                string   `json:"nonce"`
                                                                                                                                                	Started              bool     `json:"started"`
                                                                                                                                                	T                    int      `json:"t"`
                                                                                                                                                	N                    int      `json:"n"`
                                                                                                                                                	Progress             int      `json:"progress"`
                                                                                                                                                	Required             int      `json:"required"`
                                                                                                                                                	PGPFingerprints      []string `json:"pgp_fingerprints"`
                                                                                                                                                	Backup               bool     `json:"backup"`
                                                                                                                                                	VerificationRequired bool     `json:"verification_required"`
                                                                                                                                                	VerificationNonce    string   `json:"verification_nonce"`
                                                                                                                                                }

                                                                                                                                                type RekeyUpdateResponse

                                                                                                                                                type RekeyUpdateResponse struct {
                                                                                                                                                	Nonce                string   `json:"nonce"`
                                                                                                                                                	Complete             bool     `json:"complete"`
                                                                                                                                                	Keys                 []string `json:"keys"`
                                                                                                                                                	KeysB64              []string `json:"keys_base64"`
                                                                                                                                                	PGPFingerprints      []string `json:"pgp_fingerprints"`
                                                                                                                                                	Backup               bool     `json:"backup"`
                                                                                                                                                	VerificationRequired bool     `json:"verification_required"`
                                                                                                                                                	VerificationNonce    string   `json:"verification_nonce,omitempty"`
                                                                                                                                                }

                                                                                                                                                type RekeyVerificationStatusResponse

                                                                                                                                                type RekeyVerificationStatusResponse struct {
                                                                                                                                                	Nonce    string `json:"nonce"`
                                                                                                                                                	Started  bool   `json:"started"`
                                                                                                                                                	T        int    `json:"t"`
                                                                                                                                                	N        int    `json:"n"`
                                                                                                                                                	Progress int    `json:"progress"`
                                                                                                                                                }

                                                                                                                                                type RekeyVerificationUpdateResponse

                                                                                                                                                type RekeyVerificationUpdateResponse struct {
                                                                                                                                                	Nonce    string `json:"nonce"`
                                                                                                                                                	Complete bool   `json:"complete"`
                                                                                                                                                }

                                                                                                                                                type ReloadPluginInput

                                                                                                                                                type ReloadPluginInput struct {
                                                                                                                                                	// Plugin is the name of the plugin to reload, as registered in the plugin catalog
                                                                                                                                                	Plugin string `json:"plugin"`
                                                                                                                                                
                                                                                                                                                	// Mounts is the array of string mount paths of the plugin backends to reload
                                                                                                                                                	Mounts []string `json:"mounts"`
                                                                                                                                                
                                                                                                                                                	// Scope is the scope of the plugin reload
                                                                                                                                                	Scope string `json:"scope"`
                                                                                                                                                }

                                                                                                                                                  ReloadPluginInput is used as input to the ReloadPlugin function.

                                                                                                                                                  type ReloadPluginStatusInput

                                                                                                                                                  type ReloadPluginStatusInput struct {
                                                                                                                                                  	// ReloadID is the ID of the reload operation
                                                                                                                                                  	ReloadID string `json:"reload_id"`
                                                                                                                                                  }

                                                                                                                                                    ReloadPluginStatusInput is used as input to the ReloadStatusPlugin function.

                                                                                                                                                    type ReloadStatus

                                                                                                                                                    type ReloadStatus struct {
                                                                                                                                                    	Timestamp time.Time `json:"timestamp" mapstructure:"timestamp"`
                                                                                                                                                    	Error     string    `json:"error" mapstructure:"error"`
                                                                                                                                                    }

                                                                                                                                                      ReloadStatus is the status of an individual node's plugin reload

                                                                                                                                                      type ReloadStatusResponse

                                                                                                                                                      type ReloadStatusResponse struct {
                                                                                                                                                      	ReloadID string                   `mapstructure:"reload_id"`
                                                                                                                                                      	Results  map[string]*ReloadStatus `mapstructure:"results"`
                                                                                                                                                      }

                                                                                                                                                        ReloadStatusResponse is the combined response of all known completed plugin reloads

                                                                                                                                                        type RenewBehavior

                                                                                                                                                        type RenewBehavior uint
                                                                                                                                                        const (
                                                                                                                                                        	// RenewBehaviorIgnoreErrors means we will attempt to keep renewing until
                                                                                                                                                        	// we hit the lifetime threshold. It also ignores errors stemming from
                                                                                                                                                        	// passing a non-renewable lease in. In practice, this means you simply
                                                                                                                                                        	// reauthenticate/refetch credentials when the watcher exits. This is the
                                                                                                                                                        	// default.
                                                                                                                                                        	RenewBehaviorIgnoreErrors RenewBehavior = iota
                                                                                                                                                        
                                                                                                                                                        	// RenewBehaviorRenewDisabled turns off renewal attempts entirely. This
                                                                                                                                                        	// allows you to simply watch lifetime and have the watcher return at a
                                                                                                                                                        	// reasonable threshold without actually making Vault calls.
                                                                                                                                                        	RenewBehaviorRenewDisabled
                                                                                                                                                        
                                                                                                                                                        	// RenewBehaviorErrorOnErrors is the "legacy" behavior which always exits
                                                                                                                                                        	// on some kind of error
                                                                                                                                                        	RenewBehaviorErrorOnErrors
                                                                                                                                                        )

                                                                                                                                                        type RenewOutput

                                                                                                                                                        type RenewOutput struct {
                                                                                                                                                        	// RenewedAt is the timestamp when the renewal took place (UTC).
                                                                                                                                                        	RenewedAt time.Time
                                                                                                                                                        
                                                                                                                                                        	// Secret is the underlying renewal data. It's the same struct as all data
                                                                                                                                                        	// that is returned from Vault, but since this is renewal data, it will not
                                                                                                                                                        	// usually include the secret itself.
                                                                                                                                                        	Secret *Secret
                                                                                                                                                        }

                                                                                                                                                          RenewOutput is the metadata returned to the client (if it's listening) to renew messages.

                                                                                                                                                          type Renewer

                                                                                                                                                          type Renewer = LifetimeWatcher

                                                                                                                                                          type RenewerInput

                                                                                                                                                          type RenewerInput = LifetimeWatcherInput

                                                                                                                                                          type Request

                                                                                                                                                          type Request struct {
                                                                                                                                                          	Method        string
                                                                                                                                                          	URL           *url.URL
                                                                                                                                                          	Host          string
                                                                                                                                                          	Params        url.Values
                                                                                                                                                          	Headers       http.Header
                                                                                                                                                          	ClientToken   string
                                                                                                                                                          	MFAHeaderVals []string
                                                                                                                                                          	WrapTTL       string
                                                                                                                                                          	Obj           interface{}
                                                                                                                                                          
                                                                                                                                                          	// When possible, use BodyBytes as it is more efficient due to how the
                                                                                                                                                          	// retry logic works
                                                                                                                                                          	BodyBytes []byte
                                                                                                                                                          
                                                                                                                                                          	// Fallback
                                                                                                                                                          	Body     io.Reader
                                                                                                                                                          	BodySize int64
                                                                                                                                                          
                                                                                                                                                          	// Whether to request overriding soft-mandatory Sentinel policies (RGPs and
                                                                                                                                                          	// EGPs). If set, the override flag will take effect for all policies
                                                                                                                                                          	// evaluated during the request.
                                                                                                                                                          	PolicyOverride bool
                                                                                                                                                          }

                                                                                                                                                            Request is a raw request configuration structure used to initiate API requests to the Vault server.

                                                                                                                                                            func (*Request) ResetJSONBody

                                                                                                                                                            func (r *Request) ResetJSONBody() error

                                                                                                                                                              ResetJSONBody is used to reset the body for a redirect

                                                                                                                                                              func (*Request) SetJSONBody

                                                                                                                                                              func (r *Request) SetJSONBody(val interface{}) error

                                                                                                                                                                SetJSONBody is used to set a request body that is a JSON-encoded value.

                                                                                                                                                                func (*Request) ToHTTP

                                                                                                                                                                func (r *Request) ToHTTP() (*http.Request, error)

                                                                                                                                                                  DEPRECATED: ToHTTP turns this request into a valid *http.Request for use with the net/http package.

                                                                                                                                                                  type RequestCallback

                                                                                                                                                                  type RequestCallback func(*Request)

                                                                                                                                                                  func ForwardAlways

                                                                                                                                                                  func ForwardAlways() RequestCallback

                                                                                                                                                                    ForwardAlways returns a request callback which adds a header telling any performance standbys handling the request to forward it to the active node. This feature must be enabled in Vault's configuration.

                                                                                                                                                                    func ForwardInconsistent

                                                                                                                                                                    func ForwardInconsistent() RequestCallback

                                                                                                                                                                      ForwardInconsistent returns a request callback that will add a request header which says: if the state required isn't present on the node receiving this request, forward it to the active node. This should be used in conjunction with RequireState.

                                                                                                                                                                      func RequireState

                                                                                                                                                                      func RequireState(states ...string) RequestCallback

                                                                                                                                                                        RequireState returns a request callback that will add a request header to specify the state we require of Vault. This state was obtained from a response header seen previous, probably captured with RecordState.

                                                                                                                                                                        type Response

                                                                                                                                                                        type Response struct {
                                                                                                                                                                        	*http.Response
                                                                                                                                                                        }

                                                                                                                                                                          Response is a raw response that wraps an HTTP response.

                                                                                                                                                                          func (*Response) DecodeJSON

                                                                                                                                                                          func (r *Response) DecodeJSON(out interface{}) error

                                                                                                                                                                            DecodeJSON will decode the response body to a JSON structure. This will consume the response body, but will not close it. Close must still be called.

                                                                                                                                                                            func (*Response) Error

                                                                                                                                                                            func (r *Response) Error() error

                                                                                                                                                                              Error returns an error response if there is one. If there is an error, this will fully consume the response body, but will not close it. The body must still be closed manually.

                                                                                                                                                                              type ResponseCallback

                                                                                                                                                                              type ResponseCallback func(*Response)

                                                                                                                                                                              func RecordState

                                                                                                                                                                              func RecordState(state *string) ResponseCallback

                                                                                                                                                                                RecordState returns a response callback that will record the state returned by Vault in a response header.

                                                                                                                                                                                type ResponseError

                                                                                                                                                                                type ResponseError struct {
                                                                                                                                                                                	// HTTPMethod is the HTTP method for the request (PUT, GET, etc).
                                                                                                                                                                                	HTTPMethod string
                                                                                                                                                                                
                                                                                                                                                                                	// URL is the URL of the request.
                                                                                                                                                                                	URL string
                                                                                                                                                                                
                                                                                                                                                                                	// StatusCode is the HTTP status code.
                                                                                                                                                                                	StatusCode int
                                                                                                                                                                                
                                                                                                                                                                                	// RawError marks that the underlying error messages returned by Vault were
                                                                                                                                                                                	// not parsable. The Errors slice will contain the raw response body as the
                                                                                                                                                                                	// first and only error string if this value is set to true.
                                                                                                                                                                                	RawError bool
                                                                                                                                                                                
                                                                                                                                                                                	// Errors are the underlying errors returned by Vault.
                                                                                                                                                                                	Errors []string
                                                                                                                                                                                }

                                                                                                                                                                                  ResponseError is the error returned when Vault responds with an error or non-success HTTP status code. If a request to Vault fails because of a network error a different error message will be returned. ResponseError gives access to the underlying errors and status code.

                                                                                                                                                                                  func (*ResponseError) Error

                                                                                                                                                                                  func (r *ResponseError) Error() string

                                                                                                                                                                                    Error returns a human-readable error string for the response error.

                                                                                                                                                                                    type RevokeOptions

                                                                                                                                                                                    type RevokeOptions struct {
                                                                                                                                                                                    	LeaseID string
                                                                                                                                                                                    	Force   bool
                                                                                                                                                                                    	Prefix  bool
                                                                                                                                                                                    	Sync    bool
                                                                                                                                                                                    }

                                                                                                                                                                                    type SSH

                                                                                                                                                                                    type SSH struct {
                                                                                                                                                                                    	MountPoint string
                                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                                    }

                                                                                                                                                                                      SSH is used to return a client to invoke operations on SSH backend.

                                                                                                                                                                                      func (*SSH) Credential

                                                                                                                                                                                      func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, error)

                                                                                                                                                                                        Credential invokes the SSH backend API to create a credential to establish an SSH session.

                                                                                                                                                                                        func (*SSH) SignKey

                                                                                                                                                                                        func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error)

                                                                                                                                                                                          SignKey signs the given public key and returns a signed public key to pass along with the SSH request.

                                                                                                                                                                                          type SSHHelper

                                                                                                                                                                                          type SSHHelper struct {
                                                                                                                                                                                          	MountPoint string
                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                          }

                                                                                                                                                                                            SSHHelper is a structure representing a vault-ssh-helper which can talk to vault server in order to verify the OTP entered by the user. It contains the path at which SSH backend is mounted at the server.

                                                                                                                                                                                            func (*SSHHelper) Verify

                                                                                                                                                                                            func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error)

                                                                                                                                                                                              Verify verifies if the key provided by user is present in Vault server. The response will contain the IP address and username associated with the OTP. In case the OTP matches the echo request message, instead of searching an entry for the OTP, an echo response message is returned. This feature is used by ssh-helper to verify if its configured correctly.

                                                                                                                                                                                              type SSHHelperConfig

                                                                                                                                                                                              type SSHHelperConfig struct {
                                                                                                                                                                                              	VaultAddr       string `hcl:"vault_addr"`
                                                                                                                                                                                              	SSHMountPoint   string `hcl:"ssh_mount_point"`
                                                                                                                                                                                              	Namespace       string `hcl:"namespace"`
                                                                                                                                                                                              	CACert          string `hcl:"ca_cert"`
                                                                                                                                                                                              	CAPath          string `hcl:"ca_path"`
                                                                                                                                                                                              	AllowedCidrList string `hcl:"allowed_cidr_list"`
                                                                                                                                                                                              	AllowedRoles    string `hcl:"allowed_roles"`
                                                                                                                                                                                              	TLSSkipVerify   bool   `hcl:"tls_skip_verify"`
                                                                                                                                                                                              	TLSServerName   string `hcl:"tls_server_name"`
                                                                                                                                                                                              }

                                                                                                                                                                                                SSHHelperConfig is a structure which represents the entries from the vault-ssh-helper's configuration file.

                                                                                                                                                                                                func LoadSSHHelperConfig

                                                                                                                                                                                                func LoadSSHHelperConfig(path string) (*SSHHelperConfig, error)

                                                                                                                                                                                                  LoadSSHHelperConfig loads ssh-helper's configuration from the file and populates the corresponding in-memory structure.

                                                                                                                                                                                                  Vault address is a required parameter. Mount point defaults to "ssh".

                                                                                                                                                                                                  func ParseSSHHelperConfig

                                                                                                                                                                                                  func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error)

                                                                                                                                                                                                    ParseSSHHelperConfig parses the given contents as a string for the SSHHelper configuration.

                                                                                                                                                                                                    func (*SSHHelperConfig) NewClient

                                                                                                                                                                                                    func (c *SSHHelperConfig) NewClient() (*Client, error)

                                                                                                                                                                                                      NewClient returns a new client for the configuration. This client will be used by the vault-ssh-helper to communicate with Vault server and verify the OTP entered by user. If the configuration supplies Vault SSL certificates, then the client will have TLS configured in its transport.

                                                                                                                                                                                                      func (*SSHHelperConfig) SetTLSParameters

                                                                                                                                                                                                      func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.CertPool)

                                                                                                                                                                                                        SetTLSParameters sets the TLS parameters for this SSH agent.

                                                                                                                                                                                                        type SSHVerifyResponse

                                                                                                                                                                                                        type SSHVerifyResponse struct {
                                                                                                                                                                                                        	// Usually empty. If the request OTP is echo request message, this will
                                                                                                                                                                                                        	// be set to the corresponding echo response message.
                                                                                                                                                                                                        	Message string `json:"message" mapstructure:"message"`
                                                                                                                                                                                                        
                                                                                                                                                                                                        	// Username associated with the OTP
                                                                                                                                                                                                        	Username string `json:"username" mapstructure:"username"`
                                                                                                                                                                                                        
                                                                                                                                                                                                        	// IP associated with the OTP
                                                                                                                                                                                                        	IP string `json:"ip" mapstructure:"ip"`
                                                                                                                                                                                                        
                                                                                                                                                                                                        	// Name of the role against which the OTP was issued
                                                                                                                                                                                                        	RoleName string `json:"role_name" mapstructure:"role_name"`
                                                                                                                                                                                                        }

                                                                                                                                                                                                          SSHVerifyResponse is a structure representing the fields in Vault server's response.

                                                                                                                                                                                                          type SealStatusResponse

                                                                                                                                                                                                          type SealStatusResponse struct {
                                                                                                                                                                                                          	Type         string `json:"type"`
                                                                                                                                                                                                          	Initialized  bool   `json:"initialized"`
                                                                                                                                                                                                          	Sealed       bool   `json:"sealed"`
                                                                                                                                                                                                          	T            int    `json:"t"`
                                                                                                                                                                                                          	N            int    `json:"n"`
                                                                                                                                                                                                          	Progress     int    `json:"progress"`
                                                                                                                                                                                                          	Nonce        string `json:"nonce"`
                                                                                                                                                                                                          	Version      string `json:"version"`
                                                                                                                                                                                                          	Migration    bool   `json:"migration"`
                                                                                                                                                                                                          	ClusterName  string `json:"cluster_name,omitempty"`
                                                                                                                                                                                                          	ClusterID    string `json:"cluster_id,omitempty"`
                                                                                                                                                                                                          	RecoverySeal bool   `json:"recovery_seal"`
                                                                                                                                                                                                          	StorageType  string `json:"storage_type,omitempty"`
                                                                                                                                                                                                          }

                                                                                                                                                                                                          type Secret

                                                                                                                                                                                                          type Secret struct {
                                                                                                                                                                                                          	// The request ID that generated this response
                                                                                                                                                                                                          	RequestID string `json:"request_id"`
                                                                                                                                                                                                          
                                                                                                                                                                                                          	LeaseID       string `json:"lease_id"`
                                                                                                                                                                                                          	LeaseDuration int    `json:"lease_duration"`
                                                                                                                                                                                                          	Renewable     bool   `json:"renewable"`
                                                                                                                                                                                                          
                                                                                                                                                                                                          	// Data is the actual contents of the secret. The format of the data
                                                                                                                                                                                                          	// is arbitrary and up to the secret backend.
                                                                                                                                                                                                          	Data map[string]interface{} `json:"data"`
                                                                                                                                                                                                          
                                                                                                                                                                                                          	// Warnings contains any warnings related to the operation. These
                                                                                                                                                                                                          	// are not issues that caused the command to fail, but that the
                                                                                                                                                                                                          	// client should be aware of.
                                                                                                                                                                                                          	Warnings []string `json:"warnings"`
                                                                                                                                                                                                          
                                                                                                                                                                                                          	// Auth, if non-nil, means that there was authentication information
                                                                                                                                                                                                          	// attached to this response.
                                                                                                                                                                                                          	Auth *SecretAuth `json:"auth,omitempty"`
                                                                                                                                                                                                          
                                                                                                                                                                                                          	// WrapInfo, if non-nil, means that the initial response was wrapped in the
                                                                                                                                                                                                          	// cubbyhole of the given token (which has a TTL of the given number of
                                                                                                                                                                                                          	// seconds)
                                                                                                                                                                                                          	WrapInfo *SecretWrapInfo `json:"wrap_info,omitempty"`
                                                                                                                                                                                                          }

                                                                                                                                                                                                            Secret is the structure returned for every secret within Vault.

                                                                                                                                                                                                            func ParseSecret

                                                                                                                                                                                                            func ParseSecret(r io.Reader) (*Secret, error)

                                                                                                                                                                                                              ParseSecret is used to parse a secret value from JSON from an io.Reader.

                                                                                                                                                                                                              func (*Secret) TokenAccessor

                                                                                                                                                                                                              func (s *Secret) TokenAccessor() (string, error)

                                                                                                                                                                                                                TokenAccessor returns the standardized token accessor for the given secret. If the secret is nil or does not contain an accessor, this returns the empty string.

                                                                                                                                                                                                                func (*Secret) TokenID

                                                                                                                                                                                                                func (s *Secret) TokenID() (string, error)

                                                                                                                                                                                                                  TokenID returns the standardized token ID (token) for the given secret.

                                                                                                                                                                                                                  func (*Secret) TokenIsRenewable

                                                                                                                                                                                                                  func (s *Secret) TokenIsRenewable() (bool, error)

                                                                                                                                                                                                                    TokenIsRenewable returns the standardized token renewability for the given secret. If the secret is nil or does not contain the "renewable" key, this returns false.

                                                                                                                                                                                                                    func (*Secret) TokenMetadata

                                                                                                                                                                                                                    func (s *Secret) TokenMetadata() (map[string]string, error)

                                                                                                                                                                                                                      TokenMetadata returns the map of metadata associated with this token, if any exists. If the secret is nil or does not contain the "metadata" key, this returns nil.

                                                                                                                                                                                                                      func (*Secret) TokenPolicies

                                                                                                                                                                                                                      func (s *Secret) TokenPolicies() ([]string, error)

                                                                                                                                                                                                                        TokenPolicies returns the standardized list of policies for the given secret. If the secret is nil or does not contain any policies, this returns nil. It also populates the secret's Auth info with identity/token policy info.

                                                                                                                                                                                                                        func (*Secret) TokenRemainingUses

                                                                                                                                                                                                                        func (s *Secret) TokenRemainingUses() (int, error)

                                                                                                                                                                                                                          TokenRemainingUses returns the standardized remaining uses for the given secret. If the secret is nil or does not contain the "num_uses", this returns -1. On error, this will return -1 and a non-nil error.

                                                                                                                                                                                                                          func (*Secret) TokenTTL

                                                                                                                                                                                                                          func (s *Secret) TokenTTL() (time.Duration, error)

                                                                                                                                                                                                                            TokenTTL returns the standardized remaining token TTL for the given secret. If the secret is nil or does not contain a TTL, this returns 0.

                                                                                                                                                                                                                            type SecretAuth

                                                                                                                                                                                                                            type SecretAuth struct {
                                                                                                                                                                                                                            	ClientToken      string            `json:"client_token"`
                                                                                                                                                                                                                            	Accessor         string            `json:"accessor"`
                                                                                                                                                                                                                            	Policies         []string          `json:"policies"`
                                                                                                                                                                                                                            	TokenPolicies    []string          `json:"token_policies"`
                                                                                                                                                                                                                            	IdentityPolicies []string          `json:"identity_policies"`
                                                                                                                                                                                                                            	Metadata         map[string]string `json:"metadata"`
                                                                                                                                                                                                                            	Orphan           bool              `json:"orphan"`
                                                                                                                                                                                                                            	EntityID         string            `json:"entity_id"`
                                                                                                                                                                                                                            
                                                                                                                                                                                                                            	LeaseDuration int  `json:"lease_duration"`
                                                                                                                                                                                                                            	Renewable     bool `json:"renewable"`
                                                                                                                                                                                                                            }

                                                                                                                                                                                                                              SecretAuth is the structure containing auth information if we have it.

                                                                                                                                                                                                                              type SecretWrapInfo

                                                                                                                                                                                                                              type SecretWrapInfo struct {
                                                                                                                                                                                                                              	Token           string    `json:"token"`
                                                                                                                                                                                                                              	Accessor        string    `json:"accessor"`
                                                                                                                                                                                                                              	TTL             int       `json:"ttl"`
                                                                                                                                                                                                                              	CreationTime    time.Time `json:"creation_time"`
                                                                                                                                                                                                                              	CreationPath    string    `json:"creation_path"`
                                                                                                                                                                                                                              	WrappedAccessor string    `json:"wrapped_accessor"`
                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                SecretWrapInfo contains wrapping information if we have it. If what is contained is an authentication token, the accessor for the token will be available in WrappedAccessor.

                                                                                                                                                                                                                                type Sys

                                                                                                                                                                                                                                type Sys struct {
                                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                  Sys is used to perform system-related operations on Vault.

                                                                                                                                                                                                                                  func (*Sys) AuditHash

                                                                                                                                                                                                                                  func (c *Sys) AuditHash(path string, input string) (string, error)

                                                                                                                                                                                                                                  func (*Sys) CORSStatus

                                                                                                                                                                                                                                  func (c *Sys) CORSStatus() (*CORSResponse, error)

                                                                                                                                                                                                                                  func (*Sys) Capabilities

                                                                                                                                                                                                                                  func (c *Sys) Capabilities(token, path string) ([]string, error)

                                                                                                                                                                                                                                  func (*Sys) CapabilitiesSelf

                                                                                                                                                                                                                                  func (c *Sys) CapabilitiesSelf(path string) ([]string, error)

                                                                                                                                                                                                                                  func (*Sys) ConfigureCORS

                                                                                                                                                                                                                                  func (c *Sys) ConfigureCORS(req *CORSRequest) error

                                                                                                                                                                                                                                  func (*Sys) DeletePolicy

                                                                                                                                                                                                                                  func (c *Sys) DeletePolicy(name string) error

                                                                                                                                                                                                                                  func (*Sys) DeregisterPlugin

                                                                                                                                                                                                                                  func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error

                                                                                                                                                                                                                                    DeregisterPlugin removes the plugin with the given name from the plugin catalog.

                                                                                                                                                                                                                                    func (*Sys) DisableAudit

                                                                                                                                                                                                                                    func (c *Sys) DisableAudit(path string) error

                                                                                                                                                                                                                                    func (*Sys) DisableAuth

                                                                                                                                                                                                                                    func (c *Sys) DisableAuth(path string) error

                                                                                                                                                                                                                                    func (*Sys) DisableCORS

                                                                                                                                                                                                                                    func (c *Sys) DisableCORS() error

                                                                                                                                                                                                                                    func (*Sys) EnableAudit

                                                                                                                                                                                                                                    func (c *Sys) EnableAudit(
                                                                                                                                                                                                                                    	path string, auditType string, desc string, opts map[string]string) error

                                                                                                                                                                                                                                      DEPRECATED: Use EnableAuditWithOptions instead

                                                                                                                                                                                                                                      func (*Sys) EnableAuditWithOptions

                                                                                                                                                                                                                                      func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error

                                                                                                                                                                                                                                      func (*Sys) EnableAuth

                                                                                                                                                                                                                                      func (c *Sys) EnableAuth(path, authType, desc string) error

                                                                                                                                                                                                                                        DEPRECATED: Use EnableAuthWithOptions instead

                                                                                                                                                                                                                                        func (*Sys) EnableAuthWithOptions

                                                                                                                                                                                                                                        func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error

                                                                                                                                                                                                                                        func (*Sys) GenerateDROperationTokenCancel

                                                                                                                                                                                                                                        func (c *Sys) GenerateDROperationTokenCancel() error

                                                                                                                                                                                                                                        func (*Sys) GenerateDROperationTokenInit

                                                                                                                                                                                                                                        func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateDROperationTokenStatus

                                                                                                                                                                                                                                        func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateDROperationTokenUpdate

                                                                                                                                                                                                                                        func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRecoveryOperationTokenCancel

                                                                                                                                                                                                                                        func (c *Sys) GenerateRecoveryOperationTokenCancel() error

                                                                                                                                                                                                                                        func (*Sys) GenerateRecoveryOperationTokenInit

                                                                                                                                                                                                                                        func (c *Sys) GenerateRecoveryOperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRecoveryOperationTokenStatus

                                                                                                                                                                                                                                        func (c *Sys) GenerateRecoveryOperationTokenStatus() (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRecoveryOperationTokenUpdate

                                                                                                                                                                                                                                        func (c *Sys) GenerateRecoveryOperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRootCancel

                                                                                                                                                                                                                                        func (c *Sys) GenerateRootCancel() error

                                                                                                                                                                                                                                        func (*Sys) GenerateRootInit

                                                                                                                                                                                                                                        func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRootStatus

                                                                                                                                                                                                                                        func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GenerateRootUpdate

                                                                                                                                                                                                                                        func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)

                                                                                                                                                                                                                                        func (*Sys) GetPlugin

                                                                                                                                                                                                                                        func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error)

                                                                                                                                                                                                                                          GetPlugin retrieves information about the plugin.

                                                                                                                                                                                                                                          func (*Sys) GetPolicy

                                                                                                                                                                                                                                          func (c *Sys) GetPolicy(name string) (string, error)

                                                                                                                                                                                                                                          func (*Sys) Health

                                                                                                                                                                                                                                          func (c *Sys) Health() (*HealthResponse, error)

                                                                                                                                                                                                                                          func (*Sys) Init

                                                                                                                                                                                                                                          func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)

                                                                                                                                                                                                                                          func (*Sys) InitStatus

                                                                                                                                                                                                                                          func (c *Sys) InitStatus() (bool, error)

                                                                                                                                                                                                                                          func (*Sys) KeyStatus

                                                                                                                                                                                                                                          func (c *Sys) KeyStatus() (*KeyStatus, error)

                                                                                                                                                                                                                                          func (*Sys) Leader

                                                                                                                                                                                                                                          func (c *Sys) Leader() (*LeaderResponse, error)

                                                                                                                                                                                                                                          func (*Sys) ListAudit

                                                                                                                                                                                                                                          func (c *Sys) ListAudit() (map[string]*Audit, error)

                                                                                                                                                                                                                                          func (*Sys) ListAuth

                                                                                                                                                                                                                                          func (c *Sys) ListAuth() (map[string]*AuthMount, error)

                                                                                                                                                                                                                                          func (*Sys) ListMounts

                                                                                                                                                                                                                                          func (c *Sys) ListMounts() (map[string]*MountOutput, error)

                                                                                                                                                                                                                                          func (*Sys) ListPlugins

                                                                                                                                                                                                                                          func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error)

                                                                                                                                                                                                                                            ListPlugins lists all plugins in the catalog and returns their names as a list of strings.

                                                                                                                                                                                                                                            func (*Sys) ListPolicies

                                                                                                                                                                                                                                            func (c *Sys) ListPolicies() ([]string, error)

                                                                                                                                                                                                                                            func (*Sys) Monitor

                                                                                                                                                                                                                                            func (c *Sys) Monitor(ctx context.Context, logLevel string) (chan string, error)

                                                                                                                                                                                                                                              Monitor returns a channel that outputs strings containing the log messages coming from the server.

                                                                                                                                                                                                                                              func (*Sys) Mount

                                                                                                                                                                                                                                              func (c *Sys) Mount(path string, mountInfo *MountInput) error

                                                                                                                                                                                                                                              func (*Sys) MountConfig

                                                                                                                                                                                                                                              func (c *Sys) MountConfig(path string) (*MountConfigOutput, error)

                                                                                                                                                                                                                                              func (*Sys) PutPolicy

                                                                                                                                                                                                                                              func (c *Sys) PutPolicy(name, rules string) error

                                                                                                                                                                                                                                              func (*Sys) RaftAutopilotConfiguration

                                                                                                                                                                                                                                              func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error)

                                                                                                                                                                                                                                                RaftAutopilotConfiguration fetches the autopilot config.

                                                                                                                                                                                                                                                func (*Sys) RaftAutopilotState

                                                                                                                                                                                                                                                func (c *Sys) RaftAutopilotState() (*AutopilotState, error)

                                                                                                                                                                                                                                                  RaftAutopilotState returns the state of the raft cluster as seen by autopilot.

                                                                                                                                                                                                                                                  func (*Sys) RaftJoin

                                                                                                                                                                                                                                                  func (c *Sys) RaftJoin(opts *RaftJoinRequest) (*RaftJoinResponse, error)

                                                                                                                                                                                                                                                    RaftJoin adds the node from which this call is invoked from to the raft cluster represented by the leader address in the parameter.

                                                                                                                                                                                                                                                    func (*Sys) RaftSnapshot

                                                                                                                                                                                                                                                    func (c *Sys) RaftSnapshot(snapWriter io.Writer) error

                                                                                                                                                                                                                                                      RaftSnapshot invokes the API that takes the snapshot of the raft cluster and writes it to the supplied io.Writer.

                                                                                                                                                                                                                                                      func (*Sys) RaftSnapshotRestore

                                                                                                                                                                                                                                                      func (c *Sys) RaftSnapshotRestore(snapReader io.Reader, force bool) error

                                                                                                                                                                                                                                                        RaftSnapshotRestore reads the snapshot from the io.Reader and installs that snapshot, returning the cluster to the state defined by it.

                                                                                                                                                                                                                                                        func (*Sys) RegisterPlugin

                                                                                                                                                                                                                                                        func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error

                                                                                                                                                                                                                                                          RegisterPlugin registers the plugin with the given information.

                                                                                                                                                                                                                                                          func (*Sys) RekeyCancel

                                                                                                                                                                                                                                                          func (c *Sys) RekeyCancel() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyDeleteBackup

                                                                                                                                                                                                                                                          func (c *Sys) RekeyDeleteBackup() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyDeleteRecoveryBackup

                                                                                                                                                                                                                                                          func (c *Sys) RekeyDeleteRecoveryBackup() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyInit

                                                                                                                                                                                                                                                          func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyCancel

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyCancel() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyInit

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyStatus

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyUpdate

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyVerificationCancel

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyVerificationCancel() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyVerificationStatus

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRecoveryKeyVerificationUpdate

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRetrieveBackup

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyRetrieveRecoveryBackup

                                                                                                                                                                                                                                                          func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyStatus

                                                                                                                                                                                                                                                          func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyUpdate

                                                                                                                                                                                                                                                          func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyVerificationCancel

                                                                                                                                                                                                                                                          func (c *Sys) RekeyVerificationCancel() error

                                                                                                                                                                                                                                                          func (*Sys) RekeyVerificationStatus

                                                                                                                                                                                                                                                          func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) RekeyVerificationUpdate

                                                                                                                                                                                                                                                          func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)

                                                                                                                                                                                                                                                          func (*Sys) ReloadPlugin

                                                                                                                                                                                                                                                          func (c *Sys) ReloadPlugin(i *ReloadPluginInput) (string, error)

                                                                                                                                                                                                                                                            ReloadPlugin reloads mounted plugin backends, possibly returning reloadId for a cluster scoped reload

                                                                                                                                                                                                                                                            func (*Sys) ReloadPluginStatus

                                                                                                                                                                                                                                                            func (c *Sys) ReloadPluginStatus(reloadStatusInput *ReloadPluginStatusInput) (*ReloadStatusResponse, error)

                                                                                                                                                                                                                                                              ReloadPluginStatus retrieves the status of a reload operation

                                                                                                                                                                                                                                                              func (*Sys) Remount

                                                                                                                                                                                                                                                              func (c *Sys) Remount(from, to string) error

                                                                                                                                                                                                                                                              func (*Sys) Renew

                                                                                                                                                                                                                                                              func (c *Sys) Renew(id string, increment int) (*Secret, error)

                                                                                                                                                                                                                                                              func (*Sys) ResetUnsealProcess

                                                                                                                                                                                                                                                              func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error)

                                                                                                                                                                                                                                                              func (*Sys) Revoke

                                                                                                                                                                                                                                                              func (c *Sys) Revoke(id string) error

                                                                                                                                                                                                                                                              func (*Sys) RevokeForce

                                                                                                                                                                                                                                                              func (c *Sys) RevokeForce(id string) error

                                                                                                                                                                                                                                                              func (*Sys) RevokePrefix

                                                                                                                                                                                                                                                              func (c *Sys) RevokePrefix(id string) error

                                                                                                                                                                                                                                                              func (*Sys) RevokeWithOptions

                                                                                                                                                                                                                                                              func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error

                                                                                                                                                                                                                                                              func (*Sys) Rotate

                                                                                                                                                                                                                                                              func (c *Sys) Rotate() error

                                                                                                                                                                                                                                                              func (*Sys) Seal

                                                                                                                                                                                                                                                              func (c *Sys) Seal() error

                                                                                                                                                                                                                                                              func (*Sys) SealStatus

                                                                                                                                                                                                                                                              func (c *Sys) SealStatus() (*SealStatusResponse, error)

                                                                                                                                                                                                                                                              func (*Sys) StepDown

                                                                                                                                                                                                                                                              func (c *Sys) StepDown() error

                                                                                                                                                                                                                                                              func (*Sys) TuneMount

                                                                                                                                                                                                                                                              func (c *Sys) TuneMount(path string, config MountConfigInput) error

                                                                                                                                                                                                                                                              func (*Sys) Unmount

                                                                                                                                                                                                                                                              func (c *Sys) Unmount(path string) error

                                                                                                                                                                                                                                                              func (*Sys) Unseal

                                                                                                                                                                                                                                                              func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)

                                                                                                                                                                                                                                                              func (*Sys) UnsealWithOptions

                                                                                                                                                                                                                                                              func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error)

                                                                                                                                                                                                                                                              type TLSConfig

                                                                                                                                                                                                                                                              type TLSConfig struct {
                                                                                                                                                                                                                                                              	// CACert is the path to a PEM-encoded CA cert file to use to verify the
                                                                                                                                                                                                                                                              	// Vault server SSL certificate.
                                                                                                                                                                                                                                                              	CACert string
                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                              	// CAPath is the path to a directory of PEM-encoded CA cert files to verify
                                                                                                                                                                                                                                                              	// the Vault server SSL certificate.
                                                                                                                                                                                                                                                              	CAPath string
                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                              	// ClientCert is the path to the certificate for Vault communication
                                                                                                                                                                                                                                                              	ClientCert string
                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                              	// ClientKey is the path to the private key for Vault communication
                                                                                                                                                                                                                                                              	ClientKey string
                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                              	// TLSServerName, if set, is used to set the SNI host when connecting via
                                                                                                                                                                                                                                                              	// TLS.
                                                                                                                                                                                                                                                              	TLSServerName string
                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                              	// Insecure enables or disables SSL verification
                                                                                                                                                                                                                                                              	Insecure bool
                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                TLSConfig contains the parameters needed to configure TLS on the HTTP client used to communicate with Vault.

                                                                                                                                                                                                                                                                type TokenAuth

                                                                                                                                                                                                                                                                type TokenAuth struct {
                                                                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                  TokenAuth is used to perform token backend operations on Vault

                                                                                                                                                                                                                                                                  func (*TokenAuth) Create

                                                                                                                                                                                                                                                                  func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) CreateOrphan

                                                                                                                                                                                                                                                                  func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) CreateWithRole

                                                                                                                                                                                                                                                                  func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) Lookup

                                                                                                                                                                                                                                                                  func (c *TokenAuth) Lookup(token string) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) LookupAccessor

                                                                                                                                                                                                                                                                  func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) LookupSelf

                                                                                                                                                                                                                                                                  func (c *TokenAuth) LookupSelf() (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) Renew

                                                                                                                                                                                                                                                                  func (c *TokenAuth) Renew(token string, increment int) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) RenewAccessor

                                                                                                                                                                                                                                                                  func (c *TokenAuth) RenewAccessor(accessor string, increment int) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) RenewSelf

                                                                                                                                                                                                                                                                  func (c *TokenAuth) RenewSelf(increment int) (*Secret, error)

                                                                                                                                                                                                                                                                  func (*TokenAuth) RenewTokenAsSelf

                                                                                                                                                                                                                                                                  func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error)

                                                                                                                                                                                                                                                                    RenewTokenAsSelf behaves like renew-self, but authenticates using a provided token instead of the token attached to the client.

                                                                                                                                                                                                                                                                    func (*TokenAuth) RevokeAccessor

                                                                                                                                                                                                                                                                    func (c *TokenAuth) RevokeAccessor(accessor string) error

                                                                                                                                                                                                                                                                      RevokeAccessor revokes a token associated with the given accessor along with all the child tokens.

                                                                                                                                                                                                                                                                      func (*TokenAuth) RevokeOrphan

                                                                                                                                                                                                                                                                      func (c *TokenAuth) RevokeOrphan(token string) error

                                                                                                                                                                                                                                                                        RevokeOrphan revokes a token without revoking the tree underneath it (so child tokens are orphaned rather than revoked)

                                                                                                                                                                                                                                                                        func (*TokenAuth) RevokeSelf

                                                                                                                                                                                                                                                                        func (c *TokenAuth) RevokeSelf(token string) error

                                                                                                                                                                                                                                                                          RevokeSelf revokes the token making the call. The `token` parameter is kept for backwards compatibility but is ignored; only the client's set token has an effect.

                                                                                                                                                                                                                                                                          func (*TokenAuth) RevokeTree

                                                                                                                                                                                                                                                                          func (c *TokenAuth) RevokeTree(token string) error

                                                                                                                                                                                                                                                                            RevokeTree is the "normal" revoke operation that revokes the given token and the entire tree underneath -- all of its child tokens, their child tokens, etc.

                                                                                                                                                                                                                                                                            type TokenCreateRequest

                                                                                                                                                                                                                                                                            type TokenCreateRequest struct {
                                                                                                                                                                                                                                                                            	ID              string            `json:"id,omitempty"`
                                                                                                                                                                                                                                                                            	Policies        []string          `json:"policies,omitempty"`
                                                                                                                                                                                                                                                                            	Metadata        map[string]string `json:"meta,omitempty"`
                                                                                                                                                                                                                                                                            	Lease           string            `json:"lease,omitempty"`
                                                                                                                                                                                                                                                                            	TTL             string            `json:"ttl,omitempty"`
                                                                                                                                                                                                                                                                            	ExplicitMaxTTL  string            `json:"explicit_max_ttl,omitempty"`
                                                                                                                                                                                                                                                                            	Period          string            `json:"period,omitempty"`
                                                                                                                                                                                                                                                                            	NoParent        bool              `json:"no_parent,omitempty"`
                                                                                                                                                                                                                                                                            	NoDefaultPolicy bool              `json:"no_default_policy,omitempty"`
                                                                                                                                                                                                                                                                            	DisplayName     string            `json:"display_name"`
                                                                                                                                                                                                                                                                            	NumUses         int               `json:"num_uses"`
                                                                                                                                                                                                                                                                            	Renewable       *bool             `json:"renewable,omitempty"`
                                                                                                                                                                                                                                                                            	Type            string            `json:"type"`
                                                                                                                                                                                                                                                                            	EntityAlias     string            `json:"entity_alias"`
                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                              TokenCreateRequest is the options structure for creating a token.

                                                                                                                                                                                                                                                                              type UnsealOpts

                                                                                                                                                                                                                                                                              type UnsealOpts struct {
                                                                                                                                                                                                                                                                              	Key     string `json:"key"`
                                                                                                                                                                                                                                                                              	Reset   bool   `json:"reset"`
                                                                                                                                                                                                                                                                              	Migrate bool   `json:"migrate"`
                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                              type WrappingLookupFunc

                                                                                                                                                                                                                                                                              type WrappingLookupFunc func(operation, path string) string

                                                                                                                                                                                                                                                                                WrappingLookupFunc is a function that, given an HTTP verb and a path, returns an optional string duration to be used for response wrapping (e.g. "15s", or simply "15"). The path will not begin with "/v1/" or "v1/" or "/", however, end-of-path forward slashes are not trimmed, so must match your called path precisely. Response wrapping will only be used when the return value is not the empty string.