Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Issuer ¶
type Issuer struct { // URL is the URL of the Vault instance. URL *url.URL // Token is the Vault secret token that should be used // when issuing certificates. Token string // Mount is the name under which the PKI secrets engine // is mounted. Defaults to `pki` Mount string // Role is the Vault Role that should be used // when issuing certificates. Role string // TLSConfig allows configuration of the TLS config // used when connecting to the Vault server. TLSConfig *tls.Config // TimeToLive configures the lifetime of certificates // requested from the Vault server. TimeToLive time.Duration // URISubjectAlternativeNames defines custom URI SANs. // The format is a URI and must match the value specified in allowed_uri_sans, eg spiffe://hostname/foobar // // Warning: By default Vault reads URI SANs directly from the // Certificate Signing Request (CSR), and ignores this field completely. // This field only takes effect when the Vault role has set use_csr_sans to false, // and using this setting will ignore any SANs in the CSR. // // To configure URI SANs directly in the CSR, set CertConfig.URISubjectAlternativeNames, URISubjectAlternativeNames []string // OtherSubjectAlternativeNames defines custom OID/UTF8-string SANs. // The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid <type> is UTF8. // // Warning: By default Vault reads SANs directly from the // Certificate Signing Request (CSR), and ignores this field completely. // This field only takes effect when the Vault role has set use_csr_sans to false, // and using this setting will ignore any SANs in the CSR. OtherSubjectAlternativeNames []string // contains filtered or unexported fields }
Issuer implements the Issuer interface with a Hashicorp Vault PKI Secrets Engine backend.
URL, Token and Role are required.
func FromClient ¶ added in v0.3.0
FromClient returns an Issuer using the provided Vault API client. Any changes to the issuers properties (such as setting the TTL or adding Other SANS) must be done before using it. The client must have its token configured.
Click to show internal directories.
Click to hide internal directories.