vault

package

v0.17.2 Latest Latest Go to latest Published: Oct 12, 2021 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/minio/kes

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vault implements a secret key store that stores secret keys as key-value entries on the Hashicorp Vault K/V secret backend.

Vault is a KMS implementation with many features. This packages only leverages the key-value store. For an introduction to Vault see: https://www.vaultproject.io/ For an K/V API overview see: https://www.vaultproject.io/api/secret/kv/kv-v1.html

Constants ¶

View Source

const (
	// EngineV1 is the Hashicorp Vault K/V secret engine version 1.
	// This K/V secret store is not versioned.
	EngineV1 = "v1"

	// EngineV2 is the Hashicorp Vault K/V secret engine version 2.
	// This K/V secret store is versioned.
	EngineV2 = "v2"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AppRole ¶

type AppRole struct {
	Engine string // The AppRole engine path
	ID     string // The AppRole ID
	Secret string // The Approle secret ID
	Retry  time.Duration
}

AppRole holds the Vault AppRole authentication credentials and a duration after which the authentication should be retried whenever it fails.

type Kubernetes ¶ added in v0.13.0

type Kubernetes struct {
	Engine string // The Kubernetes auth engine path
	Role   string // The Kubernetes JWT role
	JWT    string // The Kubernetes JWT
	Retry  time.Duration
}

type Store ¶ added in v0.7.0

type Store struct {
	// Addr is the HTTP address of the Vault server.
	Addr string

	// Engine is the path of the K/V engine to use.
	//
	// Vault allows multiple engines of the same type
	// mounted at the same time and/or engines mounted
	// at arbitrary paths.
	Engine string

	// EngineVersion is the API version of the K/V engine.
	//
	// It has to be set to "v1" for the K/V v1 engine (unversioned)
	// or to "v2" for the K/V v2 engine (versioned).
	//
	// For more information about the K/V engine differences, see:
	// https://www.vaultproject.io/docs/secrets/kv
	EngineVersion string

	// Location is the location on Vault's K/V store
	// where this KeyStore will save secret keys.
	//
	// It can be used to assign an unique or shared
	// prefix. For instance one or more KeyStore can
	// store secret keys under /keys/my-app/. In this
	// case you may set KeyStore.Location = "key/my-app".
	Location string

	// AppRole contains the Vault AppRole authentication
	// credentials.
	AppRole AppRole

	// K8S contains the Vault Kubernetes authentication
	// credentials.
	K8S Kubernetes

	// StatusPingAfter is the duration after which
	// the KeyStore will check the status of the Vault
	// server. Particularly, this status information
	// is used to determine whether the Vault server
	// has been sealed resp. unsealed again.
	StatusPingAfter time.Duration

	// ErrorLog specifies an optional logger for errors
	// when K/V pairs cannot be stored, fetched, deleted
	// or contain invalid content.
	// If nil, logging is done via the log package's
	// standard logger.
	ErrorLog *log.Logger

	// Path to the mTLS client private key to authenticate to
	// the Vault server.
	ClientKeyPath string

	// Path to the mTLS client certificate to authenticate to
	// the Vault server.
	ClientCertPath string

	// Path to the root CA certificate(s) used to verify the
	// TLS certificate of the Vault server. If empty, the
	// host's root CA set is used.
	CAPath string

	// The Vault namespace used to separate and isolate different
	// organizations / tenants at the same Vault instance. If
	// non-empty, the Vault client will send the
	//   X-Vault-Namespace: Namespace
	// HTTP header on each request. For more information see:
	// https://www.vaultproject.io/docs/enterprise/namespaces/index.html
	Namespace string
	// contains filtered or unexported fields
}

Store is a key-value store that saves key-value pairs as entries on Vault's K/V secret backend.

func (*Store) Authenticate ¶ added in v0.7.0

func (s *Store) Authenticate(context context.Context) error

Authenticate tries to establish a connection to a Vault server using the approle credentials. It returns an error if no connection could be established - for instance because of invalid authentication credentials.

func (*Store) Create ¶ added in v0.7.0

func (s *Store) Create(ctx context.Context, name string, key key.Key) error

Create creates the given key-value pair at Vault if and only if the given key does not exist. If such an entry already exists it returns kes.ErrKeyExists.

func (*Store) Delete ¶ added in v0.7.0

func (s *Store) Delete(ctx context.Context, name string) error

Delete removes a the value associated with the given key from Vault, if it exists.

func (*Store) Get ¶ added in v0.7.0

func (s *Store) Get(_ context.Context, name string) (key.Key, error)

Get returns the value associated with the given key. If no entry for the key exists it returns kes.ErrKeyNotFound.

func (*Store) List ¶ added in v0.13.0

func (s *Store) List(ctx context.Context) (key.Iterator, error)

List returns a new Iterator over the names of all stored keys.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL