vault

package

v0.3.6 Latest Latest Go to latest Published: Oct 24, 2021 License: GPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kvdi/kvdi

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vault implements a SecretsProvider backend that uses the configured vault server for storing sensitive information.

Constants ¶

View Source

const DefaultTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"

DefaultTokenPath is where the k8s serviceaccount token is mounted inside the container.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthRequest ¶

type AuthRequest struct {
	JWT  string `json:"jwt"`
	Role string `json:"role"`
}

AuthRequest represents a request for a vault token using the k8s JWT. There is probably a struct defined in the libary for this somewhere.

type Provider ¶

type Provider struct {
	common.SecretsProvider
	// contains filtered or unexported fields
}

Provider implements a SecretsProvider that matches secret names to keys in vault.

func New ¶

func New() *Provider

New returns a new Provider.

func (*Provider) Close ¶

func (p *Provider) Close() error

Close signals the stop channel if it's been created, and revokes the token if there is a client configured.

func (*Provider) ReadSecret ¶

func (p *Provider) ReadSecret(name string) ([]byte, error)

ReadSecret implements SecretsProvider and will retrieve the requsted secret from vault. Since it is assume that all secrets are []byte, when reading the secret we have to decode the base64 that vault returns it as.

func (*Provider) ReadSecretMap ¶

func (p *Provider) ReadSecretMap(name string) (map[string][]byte, error)

ReadSecretMap returns a map from the vault server.

func (*Provider) Setup ¶

func (p *Provider) Setup(client client.Client, cluster *appv1.VDICluster) error

Setup will set configurations then make sure we are able to read a k8s token and gain vault access with it. If authentication succeeds, a loop is spawned to keep the token fresh.

func (*Provider) WriteSecret ¶

func (p *Provider) WriteSecret(name string, content []byte) error

WriteSecret implements SecretsProvider and will write the secret to the vault backend.

func (*Provider) WriteSecretMap ¶

func (p *Provider) WriteSecretMap(name string, content map[string][]byte) error

WriteSecretMap implements SecretsProvider and will write the key-value pair to the secrets backend. The secret can be read back in the same fashion. This will be the preferred function going forward.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL