Version: v2.6.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2023 License: MIT Imports: 10 Imported by: 0



Package vaku provides an API for interacting with the Vault Key/Value secrets engine. Vaku works indentically on V1 and V2 K/V mount versions except in cases where the command is only supported on the V2 engine. Vaku supports many useful commands like copy, move, and search on Vault paths and folders alike.



This section is empty.


View Source
var (
	// ErrNumWorkers when workers is not a supported number.
	ErrNumWorkers = errors.New("invalid workers")
	// ErrApplyOptions when options fails to apply.
	ErrApplyOptions = errors.New("applying options")
View Source
var (
	// ErrContext when ctx.Err() is not nil.
	ErrContext = errors.New("context")
	// ErrDecodeSecret when secret data cannot be extracted from a vault secret.
	ErrDecodeSecret = errors.New("decode secret")
	// ErrJSONMarshal when secret data cannot be marshaled into json.
	ErrJSONMarshal = errors.New("json marshal")
	// ErrNilData when passed data is nil.
	ErrNilData = errors.New("nil data")
	// ErrUnknownError when returning an error with no data.
	ErrUnknownError = errors.New("unknown error")

Errors that are not specific to one file/function.

View Source
var (
	// ErrFolderList when FolderList fails.
	ErrFolderList = errors.New("folder list")
	// ErrFolderListChan when FolderListChan fails.
	ErrFolderListChan = errors.New("folder list chan")
View Source
var (
	// ErrFolderRead when FolderRead fails.
	ErrFolderRead = errors.New("folder read")
	// ErrFolderReadChan when FolderReadChan fails.
	ErrFolderReadChan = errors.New("folder read chan")
View Source
var (
	// ErrMountInfo when failing to get mount information about a path.
	ErrMountInfo = errors.New("mount info")
	// ErrListMounts when failing to list vault mounts.
	ErrListMounts = errors.New("list mounts")
	// ErrNoMount when path cannot be matched to a mount.
	ErrNoMount = errors.New("no matching mount")
	// ErrRewritePath when failing to rewrite the path with mount data.
	ErrRewritePath = errors.New("rewriting path")
	// ErrMountVersion when an operation is not supported on the mount version.
	ErrMountVersion = errors.New("mount version does not support operation")
View Source
var (
	// ErrPathDelete when PathDelete fails.
	ErrPathDelete = errors.New("path delete")
	// ErrVaultDelete when the underlying Vault API delete fails.
	ErrVaultDelete = errors.New("vault delete")
View Source
var (
	// ErrPathList when PathList fails.
	ErrPathList = errors.New("path list")
	// ErrVaultList when the underlying Vault API list fails.
	ErrVaultList = errors.New("vault list")
View Source
var (
	// ErrPathRead when PathRead fails.
	ErrPathRead = errors.New("path read")
	// ErrVaultRead when the underlying Vault API read fails.
	ErrVaultRead = errors.New("vault read")
View Source
var (
	// ErrPathWrite when PathWrite errors.
	ErrPathWrite = errors.New("path write")
	// ErrVaultWrite when the underlying Vault API write fails.
	ErrVaultWrite = errors.New("vault write")
View Source
var (
	// ErrFolderCopy when FolderCopy fails.
	ErrFolderCopy = errors.New("folder copy")
View Source
var (
	// ErrFolderDelete when FolderDelete fails.
	ErrFolderDelete = errors.New("folder delete")
View Source
var (
	// ErrFolderDeleteMeta when FolderDeleteMeta fails.
	ErrFolderDeleteMeta = errors.New("folder delete meta")
View Source
var (
	// ErrFolderDestroy when FolderDestroy fails.
	ErrFolderDestroy = errors.New("folder destroy")
View Source
var (
	// ErrFolderMove when FolderMove fails.
	ErrFolderMove = errors.New("folder move")
View Source
var (
	// ErrFolderSearch when FolderSearch fails.
	ErrFolderSearch = errors.New("folder search")
View Source
var (
	// ErrFolderWrite when FolderWrite fails.
	ErrFolderWrite = errors.New("folder write")
View Source
var (
	// ErrPathCopy when PathCopy fails.
	ErrPathCopy = errors.New("path copy")
View Source
var (
	// ErrPathDeleteMeta when PathDeleteMeta fails.
	ErrPathDeleteMeta = errors.New("path delete meta")
View Source
var (
	// ErrPathDestroy when PathDestroy fails.
	ErrPathDestroy = errors.New("path destroy")
View Source
var (
	// ErrPathMove when PathMove fails.
	ErrPathMove = errors.New("path move")
View Source
var (
	// ErrPathSearch when PathSearch fails.
	ErrPathSearch = errors.New("path search")
View Source
var (
	// ErrPathUpdate when PathUpdate fails.
	ErrPathUpdate = errors.New("path update")


func AddPrefix added in v2.3.0

func AddPrefix(p, pfx string) string

AddPrefix adds a prefix to a path.

func AddPrefixList added in v2.3.0

func AddPrefixList(l []string, pfx string)

AddPrefixList adds a prefix to every item in a list.

func EnsureFolder

func EnsureFolder(p string) string

EnsureFolder ensures a path is a folder (adds a trailing "/").

func EnsurePrefix

func EnsurePrefix(p, pfx string) string

EnsurePrefix adds a prefix to a path if it doesn't already have it.

func EnsurePrefixList

func EnsurePrefixList(l []string, pfx string)

EnsurePrefixList adds a prefix to every item in a list if it doesn't already have it.

func EnsurePrefixMap

func EnsurePrefixMap(m map[string]map[string]any, pfx string)

EnsurePrefixMap ensures a prefix for every key in a map.

func InsertIntoPath

func InsertIntoPath(path, after, insert string) string

InsertIntoPath adds 'insert' into 'path' after 'after' and returns the new path.

func IsFolder

func IsFolder(p string) bool

IsFolder if path is a folder (ends in "/").

func PathJoin

func PathJoin(p ...string) string

PathJoin combines multiple paths into one.

func TrimPrefixList

func TrimPrefixList(l []string, pfx string)

TrimPrefixList removes a prefix from every item in a list.

func TrimPrefixMap

func TrimPrefixMap(m map[string]map[string]any, pfx string)

TrimPrefixMap removes a prefix from every key in a map.

func Version

func Version() string

Version gives the current Vaku API version.


type Client

type Client struct {
	// contains filtered or unexported fields

Client has all Vaku functions and wraps Vault API clients.

func NewClient

func NewClient(opts ...Option) (*Client, error)

NewClient returns a new Vaku Client based on the Vault API config.

func (*Client) FolderCopy

func (c *Client) FolderCopy(ctx context.Context, src, dst string) error

FolderCopy copies data at a source folder to a destination folder..

func (*Client) FolderDelete

func (c *Client) FolderDelete(ctx context.Context, p string) error

FolderDelete recursively deletes the provided path and all subpaths.

func (*Client) FolderDeleteMeta

func (c *Client) FolderDeleteMeta(ctx context.Context, p string) error

FolderDeleteMeta deletes all secret metadata and versions for all secrets in a folder. Only works on v2 kv engines.

func (*Client) FolderDestroy

func (c *Client) FolderDestroy(ctx context.Context, p string, versions []int) error

FolderDestroy destroys versions of all secrets in a folder. Only works on v2 kv engines.

func (*Client) FolderList

func (c *Client) FolderList(ctx context.Context, p string) ([]string, error)

FolderList recursively lists the provided path and all subpaths.

func (*Client) FolderListChan

func (c *Client) FolderListChan(ctx context.Context, p string) (<-chan string, <-chan error)

FolderListChan recursively lists the provided path and all subpaths. Returns an unbuffered channel that can be read until close and an error channel that sends either the first error or nil when the work is done.

func (*Client) FolderMove

func (c *Client) FolderMove(ctx context.Context, src, dst string) error

FolderMove moves data at a source folder to a destination folder. Source is deleted after copy.

func (*Client) FolderRead

func (c *Client) FolderRead(ctx context.Context, p string) (map[string]map[string]any, error)

FolderRead recursively reads the provided path and all subpaths.

func (*Client) FolderReadChan

func (c *Client) FolderReadChan(ctx context.Context, p string) (<-chan map[string]map[string]any, <-chan error)

FolderReadChan recursively reads the provided path and all subpaths. Returns an unbuffered channel that can be read until close and an error channel that sends either the first error or nil when the work is done.

func (*Client) FolderSearch

func (c *Client) FolderSearch(ctx context.Context, path, search string) ([]string, error)

FolderSearch searches the provided path and all subpaths. Returns a list of paths in which the string was found.

func (*Client) FolderWrite

func (c *Client) FolderWrite(ctx context.Context, d map[string]map[string]any) error

FolderWrite writes data to a path. Multiple paths can be written to at once.

func (*Client) PathCopy

func (c *Client) PathCopy(src, dst string) error

PathCopy copies data at a source path to a destination path.

func (*Client) PathDelete

func (c *Client) PathDelete(p string) error

PathDelete deletes data at a path.

func (*Client) PathDeleteMeta

func (c *Client) PathDeleteMeta(p string) error

PathDeleteMeta deletes all secret metadata and versions. Only works on v2 kv engines.

func (*Client) PathDestroy

func (c *Client) PathDestroy(p string, versions []int) error

PathDestroy destroys versions of a secret at a path. Only works on v2 kv engines.

func (*Client) PathList

func (c *Client) PathList(p string) ([]string, error)

PathList lists paths at a path.

func (*Client) PathMove

func (c *Client) PathMove(src, dst string) error

PathMove moves data at a source path to a destination path (copy + delete).

func (*Client) PathRead

func (c *Client) PathRead(p string) (map[string]any, error)

PathRead reads data at a path.

func (*Client) PathSearch

func (c *Client) PathSearch(p, s string) (bool, error)

PathSearch searches for a string at a path.

func (*Client) PathUpdate

func (c *Client) PathUpdate(p string, d map[string]any) error

PathUpdate updates a path with data. New data (precedence) is merged with existing data.

func (*Client) PathWrite

func (c *Client) PathWrite(p string, d map[string]any) error

PathWrite writes data to a path.

type ClientInterface

type ClientInterface interface {
	PathList(string) ([]string, error)
	PathRead(string) (map[string]any, error)
	PathWrite(string, map[string]any) error
	PathDelete(string) error
	PathDeleteMeta(string) error
	PathDestroy(string, []int) error
	PathUpdate(string, map[string]any) error
	PathSearch(string, string) (bool, error)
	PathCopy(string, string) error
	PathMove(string, string) error

	FolderList(context.Context, string) ([]string, error)
	FolderListChan(context.Context, string) (<-chan string, <-chan error)
	FolderRead(context.Context, string) (map[string]map[string]any, error)
	FolderReadChan(context.Context, string) (<-chan map[string]map[string]any, <-chan error)
	FolderWrite(context.Context, map[string]map[string]any) error
	FolderDelete(context.Context, string) error
	FolderDeleteMeta(context.Context, string) error
	FolderDestroy(context.Context, string, []int) error
	FolderSearch(context.Context, string, string) ([]string, error)
	FolderCopy(context.Context, string, string) error
	FolderMove(context.Context, string, string) error

ClientInterface exports the interface for the full Vaku client.

type Mount added in v2.6.0

type Mount struct {
	Path    string
	Type    string
	Version string

Mount is a high level representation of selected fields of a vault mount that are relevant to vaku.

type Option

type Option interface {
	// contains filtered or unexported methods

Option configures a Client.

func WithAbsolutePath

func WithAbsolutePath(b bool) Option

WithAbsolutePath sets the output format for all returned paths. Default path output is a relative path, trimmed up to the path input. Pass WithAbsolutePath(true) to set path output to the entire path. Example: List(secret/foo) -> "bar" OR "secret/foo/bar".

func WithMountProvider added in v2.6.0

func WithMountProvider(p mountProvider) Option

WithMountProvider makes it possible to inject a custom method for listing mounts. The default method uses the sys/mounts endpoint. This requires a level of privilege that not all users may have.

func WithVaultClient

func WithVaultClient(c *vault.Client) Option

WithVaultClient sets the Vault client to be used.

func WithVaultDstClient

func WithVaultDstClient(c *vault.Client) Option

WithVaultDstClient sets a separate Vault client to be used only on operations that have a source and destination (copy, move, etc...). If unset the source client will be used.

func WithVaultSrcClient

func WithVaultSrcClient(c *vault.Client) Option

WithVaultSrcClient is an alias for WithVaultClient.

func WithWorkers

func WithWorkers(n int) Option

WithWorkers sets the maximum number of goroutines that access Vault at any given time. Does not cap the number of goroutines overall. Default value is 10. A stable and well-operated Vault server should be able to handle 100 or more without issue. Use with caution and tune specifically to your environment and storage backend.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL