vc

package module
Version: v0.0.0-...-c975236 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2020 License: MIT Imports: 28 Imported by: 0

README

vc

GoDoc Build Status GitHub downloads GitHub tag

Vault Command Line (CLI) Client for manipulating secrets inside Vault

Environment Variables

vc respects the following environment settings:

  • VAULT_ADDR Vault server address
  • VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
  • VAULT_CAPATH Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If VAULT_CACERT is specified, its value will take precedence.
  • VAULT_TOKEN Vault access token
  • VAULT_TOKEN_FILE Vault access token file

If no VAULT_TOKEN is set, VAULT_TOKEN_FILE will try:

$HOME/.vault-token
/etc/vault-client/token

Commands

Command cat

Show the contents of a secret.

Usage: vc cat [<options>] <secret path>

Options:
 -k string
    key (default __TYPE__)
 -m string
    output mode (default 0600)
 -o string
    output (default: stdout)

Command edit

Open an interactive editor for manipulating secrets or creating new secrets.

Usage: vc edit <secret path>

Command file

Store or retrieve files.

Usage: vc file <get|put> <secret path> <file path>

Options:
  -f	force overwrite
  -i	ignore missing key
  -m string
        output mode (for put) (default 0600)

In get mode, if the file at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

In put mode, if the secret at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

The actual secret is stored in base64 encoding, and it will have the magic type marker (__TYPE__) of "file".

Command ls

List secrets.

Usage: vc [<options>] ls [<secret path>]

Options:
  -1	list in compact format
  -R	recursively list subdirectories encountered
  -l	list in long format

Command mv

Move secrets.

Usage: vc [<options>] mv <source secret> <target secret>

Options:
  -f	force overwrite

If the secret at the destination path exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

Command rm

Remove secrets.

Usage: vc rm <secret path>

Options:
  -f	force removal

Command template

Render a template containing Vault secrets. The default render engine is text/template, see https://golang.org/pkg/text/template/

Usage: vc template [<options>] <file>

Options:
  -m string
        output mode (default 0600)
  -o string
        output (default: stdout)

The render engine will first evaluate the template file and retrieve all desired secret paths and keys. Next, it will contact Vault and fetch the requested secrets. The render engine will report a fatal error if any of the secrets are missing or if there is an error contacting Vault.

Function decode

Retrieves an encoded secret stored in Vault.

Example:

We can have any {{decode "secret/test.json"}} type.
Function secret

Allows for looking up secret values stored in Vault. The function expects a path to a generic secret and a key.

Example:

The value for key foo at secret/test is: {{secret "secret/test" "foo"}}

Type key

Only partial support is implemented for the magic __TYPE__ key which allows for typed values.

Builtin types:

  • file Base64 encoded file in key "contents"
  • json Substructure is a key-value dictionary with JSON encoding
  • yaml Substructure is a key-value dictionary with YaML encoding

Documentation

Index

Constants

View Source
const (
	Success int = iota
	SyntaxError
	ClientError
	ServerError
	SystemError
	CodecError
	Help = cli.RunResultHelp
)

Return code constants

View Source
const ShellHistoryFile = "$HOME/.vc_history"

ShellHistoryFile is the file where readline history is recorded

Variables

View Source
var (
	// CodecTypeKey is the key that marks a named Codec
	CodecTypeKey = "__TYPE__"

	// ErrMarshalingNotSupported returned by MarshalingNotSupported
	ErrMarshalingNotSupported = errors.New("vc: marshaling not supported by codec")

	// ErrUnmarshalingNotSupported returned by UnmarshalingNotSupported
	ErrUnmarshalingNotSupported = errors.New("vc: unmarshaling not supported by codec")
)
View Source
var DebugLogFunc func(string)

DebugLogFunc is our debug log function, defaults to nil (no debug logging)

Functions

func CatCommandFactory

func CatCommandFactory(ui cli.Ui) cli.CommandFactory

func CopyCommandFactory

func CopyCommandFactory(ui cli.Ui) cli.CommandFactory

func Debug

func Debug(message string)

Debug is a debug message

func Debugf

func Debugf(format string, v ...interface{})

Debugf is a debug message with variadic formatting

func DefaultApp

func DefaultApp(ui cli.Ui, args []string) *cli.CLI

DefaultApp sets up a default CLI application

func DefaultCommands

func DefaultCommands(ui cli.Ui) map[string]cli.CommandFactory

DefaultCommands returns a map of default commands

func DeleteCommandFactory

func DeleteCommandFactory(ui cli.Ui) cli.CommandFactory

func EditCommandFactory

func EditCommandFactory(ui cli.Ui) cli.CommandFactory

func FileCommandFactory

func FileCommandFactory(ui cli.Ui, sub string) cli.CommandFactory

func IsTerminal

func IsTerminal(fd uintptr) bool

IsTerminal return true if the file descriptor is terminal.

func ListCommandFactory

func ListCommandFactory(ui cli.Ui) cli.CommandFactory

func MoveCommandFactory

func MoveCommandFactory(ui cli.Ui) cli.CommandFactory

func RegisterCodec

func RegisterCodec(name string, c Codec)

RegisterCodec adds a new named codec

func ReplaceCodec

func ReplaceCodec(name string, c Codec) (exists bool)

ReplaceCodec replaces or adds a named codec

func SafeOutputWriter

func SafeOutputWriter(name string, mode os.FileMode) io.WriteCloser

SafeOutputWriter implements a io.WriteCloser that uses a temporary file in the same directory as the target file to write to, and then move the temporary file to the final name after closing. If name is "" or "-", it is assumed the output is stdout and no tempfile will be used.

The tempfile gets created on the first write to the returned Writer.

func ShellCommandFactory

func ShellCommandFactory(ui cli.Ui) cli.CommandFactory

func TemplateCommandFactory

func TemplateCommandFactory(ui cli.Ui) cli.CommandFactory

Types

type CatCommand

type CatCommand struct {
	// contains filtered or unexported fields
}

CatCommand can display (structured) secrets

func (*CatCommand) Client

func (cmd *CatCommand) Client() (*Client, error)

func (*CatCommand) Close

func (cmd *CatCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*CatCommand) Help

func (cmd *CatCommand) Help() string

func (*CatCommand) Run

func (cmd *CatCommand) Run(args []string) int

func (*CatCommand) Synopsis

func (cmd *CatCommand) Synopsis() string

func (*CatCommand) Write

func (cmd *CatCommand) Write(p []byte) (int, error)

type Client

type Client struct {
	*api.Client

	// Path we are operating on, defaults to the root
	Path string
	// contains filtered or unexported fields
}

Client for the Vault API

func NewClient

func NewClient(config *api.Config) (*Client, error)

NewClient builds a new Client

func (*Client) Complete

func (c *Client) Complete(filters ...completionFilter) readline.DynamicCompleteFunc

Complete returns completer suggestions

func (*Client) Glob

func (c *Client) Glob(pattern string) ([]os.FileInfo, error)

Glob is a shortcut to list generic secrets and mounts by glob pattern. The wildcards "*" and "?" are supported. Currently only globbing the base of the path is supported, globbing on directory names is not.

func (*Client) ReadDir

func (c *Client) ReadDir(path string) ([]os.FileInfo, error)

ReadDir mimicks an ioutil.ReadDir call on Vault; permission errors are muted

func (*Client) SetPath

func (c *Client) SetPath(path string)

SetPath updates our working path

func (*Client) Stat

func (c *Client) Stat(path string) (os.FileInfo, error)

Stat mimicks an os.Stat call on Vault

type Codec

type Codec interface {
	Marshaler
	Unmarshaler
}

Codec implements an Encoder and Decoder

func CodecFor

func CodecFor(name string) (Codec, error)

CodecFor returns a codec by name

type CopyCommand

type CopyCommand struct {
	// contains filtered or unexported fields
}

CopyCommand can display (structured) secrets

func (*CopyCommand) Client

func (cmd *CopyCommand) Client() (*Client, error)

func (*CopyCommand) Close

func (cmd *CopyCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*CopyCommand) Help

func (cmd *CopyCommand) Help() string

func (*CopyCommand) Run

func (cmd *CopyCommand) Run(args []string) int

func (*CopyCommand) Synopsis

func (cmd *CopyCommand) Synopsis() string

func (*CopyCommand) Write

func (cmd *CopyCommand) Write(p []byte) (int, error)

type DeleteCommand

type DeleteCommand struct {
	// contains filtered or unexported fields
}

DeleteCommand can display (structured) secrets

func (*DeleteCommand) Client

func (cmd *DeleteCommand) Client() (*Client, error)

func (*DeleteCommand) Close

func (cmd *DeleteCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*DeleteCommand) Help

func (cmd *DeleteCommand) Help() string

func (*DeleteCommand) Run

func (cmd *DeleteCommand) Run(args []string) int

func (*DeleteCommand) Synopsis

func (cmd *DeleteCommand) Synopsis() string

func (*DeleteCommand) Write

func (cmd *DeleteCommand) Write(p []byte) (int, error)

type EditCommand

type EditCommand struct {
	// contains filtered or unexported fields
}

EditCommand opens Vault secrets in an interactive editor ($EDITOR)

func (*EditCommand) Client

func (cmd *EditCommand) Client() (*Client, error)

func (*EditCommand) Close

func (cmd *EditCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*EditCommand) Help

func (cmd *EditCommand) Help() string

func (*EditCommand) Run

func (cmd *EditCommand) Run(args []string) int

func (*EditCommand) Synopsis

func (cmd *EditCommand) Synopsis() string

func (*EditCommand) Write

func (cmd *EditCommand) Write(p []byte) (int, error)

type FileCommand

type FileCommand struct {
	// contains filtered or unexported fields
}

FileCommand stores and retrieves raw files (blobs).

func (*FileCommand) Client

func (cmd *FileCommand) Client() (*Client, error)

func (*FileCommand) Close

func (cmd *FileCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*FileCommand) Help

func (cmd *FileCommand) Help() string

func (*FileCommand) Run

func (cmd *FileCommand) Run(args []string) int

func (*FileCommand) Synopsis

func (cmd *FileCommand) Synopsis() string

func (*FileCommand) Write

func (cmd *FileCommand) Write(p []byte) (int, error)

type ListCommand

type ListCommand struct {
	// contains filtered or unexported fields
}

ListCommand can display (structured) secrets

func (*ListCommand) Client

func (cmd *ListCommand) Client() (*Client, error)

func (*ListCommand) Close

func (cmd *ListCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*ListCommand) Help

func (cmd *ListCommand) Help() string

func (*ListCommand) Run

func (cmd *ListCommand) Run(args []string) int

func (*ListCommand) Synopsis

func (cmd *ListCommand) Synopsis() string

func (*ListCommand) Write

func (cmd *ListCommand) Write(p []byte) (int, error)

type Marshaler

type Marshaler interface {
	Marshal(path string, data map[string]interface{}) ([]byte, error)
}

Marshaler can marshal a api.Secret.Data into a byte slice

type MarshalingNotSupported

type MarshalingNotSupported struct{}

MarshalingNotSupported is a placeholder Marshaler that returns an error upon marshaling.

func (MarshalingNotSupported) Marshal

func (m MarshalingNotSupported) Marshal(_ map[string]interface{}) ([]byte, error)

Marshal always returns ErrMarshalingNotSupported

type MoveCommand

type MoveCommand struct {
	// contains filtered or unexported fields
}

MoveCommand can display (structured) secrets

func (*MoveCommand) Client

func (cmd *MoveCommand) Client() (*Client, error)

func (*MoveCommand) Close

func (cmd *MoveCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*MoveCommand) Help

func (cmd *MoveCommand) Help() string

func (*MoveCommand) Run

func (cmd *MoveCommand) Run(args []string) int

func (*MoveCommand) Synopsis

func (cmd *MoveCommand) Synopsis() string

func (*MoveCommand) Write

func (cmd *MoveCommand) Write(p []byte) (int, error)

type ShellCommand

type ShellCommand struct {
	// contains filtered or unexported fields
}

ShellCommand is an interactive command line shell

func (*ShellCommand) Client

func (cmd *ShellCommand) Client() (*Client, error)

func (*ShellCommand) Close

func (cmd *ShellCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*ShellCommand) Help

func (cmd *ShellCommand) Help() string

func (*ShellCommand) Run

func (cmd *ShellCommand) Run(args []string) int

func (*ShellCommand) Synopsis

func (cmd *ShellCommand) Synopsis() string

func (*ShellCommand) Write

func (cmd *ShellCommand) Write(p []byte) (int, error)

type TemplateCommand

type TemplateCommand struct {
	// contains filtered or unexported fields
}

TemplateCommand renders (multiple) secret(s) into a templated file.

func (*TemplateCommand) Client

func (cmd *TemplateCommand) Client() (*Client, error)

func (*TemplateCommand) Close

func (cmd *TemplateCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*TemplateCommand) Help

func (cmd *TemplateCommand) Help() string

func (*TemplateCommand) Run

func (cmd *TemplateCommand) Run(args []string) int

func (*TemplateCommand) Synopsis

func (cmd *TemplateCommand) Synopsis() string

func (*TemplateCommand) Write

func (cmd *TemplateCommand) Write(p []byte) (int, error)

type Unmarshaler

type Unmarshaler interface {
	Unmarshal(p []byte) (map[string]interface{}, error)
}

Unmarshaler can unmarshal a byte slice into api.Secret.Data

type UnmarshalingNotSupported

type UnmarshalingNotSupported struct{}

UnmarshalingNotSupported is a placeholder Unmarshaler that returns an error upon unmarshaling.

func (UnmarshalingNotSupported) Unmarshal

func (u UnmarshalingNotSupported) Unmarshal(_ []byte) (map[string]interface{}, error)

Unmarshal always returns ErrUnmarshalingNotSupported

Directories

Path Synopsis
builtin
cmd
vc
Command vc is a Vault Client for manipulating secrets inside Vault Environment Variables vc respects the following environment settings: VAULT_ADDR Vault server address VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
Command vc is a Vault Client for manipulating secrets inside Vault Environment Variables vc respects the following environment settings: VAULT_ADDR Vault server address VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL