jwtsecrets

package

v0.0.4 Latest Latest Go to latest Published: Nov 1, 2019 License: MPL-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ian-fox/vault-plugin-secrets-jwt

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwtsecrets implements the vault-plugin-jwt-secrets backend.

Index ¶

Constants
Variables
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)
type Config
- func DefaultConfig(backendUUID string) *Config

Constants ¶

View Source

const (
	DefaultKeyRotationPeriod = "15m0s"
	DefaultTokenTTL          = "5m0s"
	DefaultSetIAT            = true
	DefaultSetJTI            = true
	DefaultSetNBF            = true
	DefaultIssuer            = "vault-plugin-secrets-jwt:UUID"
	DefaultAudiencePattern   = ".*"
	DefaultSubjectPattern    = ".*"
	DefaultMaxAudiences      = -1
)

Default values for configuration options.

Variables ¶

View Source

var DefaultAllowedClaims = []string{"aud", "sub"}

DefaultAllowedClaims is the default value for the AllowedClaims config option. By default only the 'aud' and 'sub' claims can be set by the caller.

View Source

var ReservedClaims = []string{"iss", "exp", "nbf", "iat", "jti"}

Functions ¶

func Factory ¶

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

Factory returns a new backend as logical.Backend.

Types ¶

type Config ¶

type Config struct {
	// KeyRotationPeriod is how frequently a new key is created.
	KeyRotationPeriod time.Duration

	// TokenTTL defines how long a token is valid for after being signed.
	TokenTTL time.Duration

	// SetIat defines if the backend sets the 'iat' claim or not.
	SetIAT bool

	// SetJTI defines if the backend generates and sets the 'jti' claim or not.
	SetJTI bool

	// SetNBF defines if the backend sets the 'nbf' claim. If true, the claim will be set to the same as the 'iat' claim.
	SetNBF bool

	// Issuer defines the 'iss' claim for the jwt. If blank, it is omitted.
	Issuer string

	// AudiencePattern defines a regular expression (https://golang.org/pkg/regexp/) which must be matched by any incoming 'aud' claims.
	// If the audience claim is an array, each element in the array must match the pattern.
	AudiencePattern *regexp.Regexp

	// SubjectPattern defines a regular expression (https://golang.org/pkg/regexp/) which must be matched by any incoming 'sub' claims.
	SubjectPattern *regexp.Regexp

	// MaxAudiences defines the maximum number of strings in the 'aud' claim.
	MaxAudiences int

	// AllowedClaims defines which claims can be set on the JWT.
	AllowedClaims []string
	// contains filtered or unexported fields
}

Config holds all configuration for the backend.

func DefaultConfig ¶

func DefaultConfig(backendUUID string) *Config

DefaultConfig creates a new default configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL