vc

package module
v0.0.0-...-c975236 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2020 License: MIT Imports: 28 Imported by: 0

README

vc

GoDoc Build Status GitHub downloads GitHub tag

Vault Command Line (CLI) Client for manipulating secrets inside Vault

Environment Variables

vc respects the following environment settings:

  • VAULT_ADDR Vault server address
  • VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
  • VAULT_CAPATH Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If VAULT_CACERT is specified, its value will take precedence.
  • VAULT_TOKEN Vault access token
  • VAULT_TOKEN_FILE Vault access token file

If no VAULT_TOKEN is set, VAULT_TOKEN_FILE will try:

$HOME/.vault-token
/etc/vault-client/token

Commands

Command cat

Show the contents of a secret.

Usage: vc cat [<options>] <secret path>

Options:
 -k string
   	key (default __TYPE__)
 -m string
   	output mode (default 0600)
 -o string
   	output (default: stdout)

Command edit

Open an interactive editor for manipulating secrets or creating new secrets.

Usage: vc edit <secret path>

Command file

Store or retrieve files.

Usage: vc file <get|put> <secret path> <file path>

Options:
  -f	force overwrite
  -i	ignore missing key
  -m string
    	output mode (for put) (default 0600)

In get mode, if the file at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

In put mode, if the secret at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

The actual secret is stored in base64 encoding, and it will have the magic type marker (__TYPE__) of "file".

Command ls

List secrets.

Usage: vc [<options>] ls [<secret path>]

Options:
  -1	list in compact format
  -R	recursively list subdirectories encountered
  -l	list in long format

Command mv

Move secrets.

Usage: vc [<options>] mv <source secret> <target secret>

Options:
  -f	force overwrite

If the secret at the destination path exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

Command rm

Remove secrets.

Usage: vc rm <secret path>

Options:
  -f	force removal

Command template

Render a template containing Vault secrets. The default render engine is text/template, see https://golang.org/pkg/text/template/

Usage: vc template [<options>] <file>

Options:
  -m string
    	output mode (default 0600)
  -o string
    	output (default: stdout)

The render engine will first evaluate the template file and retrieve all desired secret paths and keys. Next, it will contact Vault and fetch the requested secrets. The render engine will report a fatal error if any of the secrets are missing or if there is an error contacting Vault.

Function decode

Retrieves an encoded secret stored in Vault.

Example:

We can have any {{decode "secret/test.json"}} type.
Function secret

Allows for looking up secret values stored in Vault. The function expects a path to a generic secret and a key.

Example:

The value for key foo at secret/test is: {{secret "secret/test" "foo"}}

Type key

Only partial support is implemented for the magic __TYPE__ key which allows for typed values.

Builtin types:

  • file Base64 encoded file in key "contents"
  • json Substructure is a key-value dictionary with JSON encoding
  • yaml Substructure is a key-value dictionary with YaML encoding

Documentation

Index

Constants

View Source 
const (
	Success int = iota
	SyntaxError
	ClientError
	ServerError
	SystemError
	CodecError
	Help = cli.RunResultHelp
)

Return code constants

View Source 
const ShellHistoryFile = "$HOME/.vc_history"

ShellHistoryFile is the file where readline history is recorded

Variables

View Source 
var (
	// CodecTypeKey is the key that marks a named Codec
	CodecTypeKey = "__TYPE__"

	// ErrMarshalingNotSupported returned by MarshalingNotSupported
	ErrMarshalingNotSupported = errors.New("vc: marshaling not supported by codec")

	// ErrUnmarshalingNotSupported returned by UnmarshalingNotSupported
	ErrUnmarshalingNotSupported = errors.New("vc: unmarshaling not supported by codec")
)
View Source 
var DebugLogFunc func(string)

DebugLogFunc is our debug log function, defaults to nil (no debug logging)

Functions

func CatCommandFactory 

func CatCommandFactory(ui cli.Ui) cli.CommandFactory

func CopyCommandFactory 

func CopyCommandFactory(ui cli.Ui) cli.CommandFactory

func Debug 

func Debug(message string)

Debug is a debug message

func Debugf 

func Debugf(format string, v ...interface{})

Debugf is a debug message with variadic formatting

func DefaultApp 

func DefaultApp(ui cli.Ui, args []string) *cli.CLI

DefaultApp sets up a default CLI application

func DefaultCommands 

func DefaultCommands(ui cli.Ui) map[string]cli.CommandFactory

DefaultCommands returns a map of default commands

func DeleteCommandFactory 

func DeleteCommandFactory(ui cli.Ui) cli.CommandFactory

func EditCommandFactory 

func EditCommandFactory(ui cli.Ui) cli.CommandFactory

func FileCommandFactory 

func FileCommandFactory(ui cli.Ui, sub string) cli.CommandFactory

func IsTerminal 

func IsTerminal(fd uintptr) bool

IsTerminal return true if the file descriptor is terminal.

func ListCommandFactory 

func ListCommandFactory(ui cli.Ui) cli.CommandFactory

func MoveCommandFactory 

func MoveCommandFactory(ui cli.Ui) cli.CommandFactory

func RegisterCodec 

func RegisterCodec(name string, c Codec)

RegisterCodec adds a new named codec

func ReplaceCodec 

func ReplaceCodec(name string, c Codec) (exists bool)

ReplaceCodec replaces or adds a named codec

func SafeOutputWriter 

func SafeOutputWriter(name string, mode os.FileMode) io.WriteCloser

SafeOutputWriter implements a io.WriteCloser that uses a temporary file in the same directory as the target file to write to, and then move the temporary file to the final name after closing. If name is "" or "-", it is assumed the output is stdout and no tempfile will be used.

The tempfile gets created on the first write to the returned Writer.

func ShellCommandFactory 

func ShellCommandFactory(ui cli.Ui) cli.CommandFactory

func TemplateCommandFactory 

func TemplateCommandFactory(ui cli.Ui) cli.CommandFactory

Types

type CatCommand 

type CatCommand struct {
	// contains filtered or unexported fields
}

CatCommand can display (structured) secrets

func (*CatCommand) Client 

func (cmd *CatCommand) Client() (*Client, error)

func (*CatCommand) Close 

func (cmd *CatCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*CatCommand) Help 

func (cmd *CatCommand) Help() string

func (*CatCommand) Run 

func (cmd *CatCommand) Run(args []string) int

func (*CatCommand) Synopsis 

func (cmd *CatCommand) Synopsis() string

func (*CatCommand) Write 

func (cmd *CatCommand) Write(p []byte) (int, error)

type Client 

type Client struct {
	*api.Client

	// Path we are operating on, defaults to the root
	Path string
	// contains filtered or unexported fields
}

Client for the Vault API

func NewClient 

func NewClient(config *api.Config) (*Client, error)

NewClient builds a new Client

func (*Client) Complete 

func (c *Client) Complete(filters ...completionFilter) readline.DynamicCompleteFunc

Complete returns completer suggestions

func (*Client) Glob 

func (c *Client) Glob(pattern string) ([]os.FileInfo, error)

Glob is a shortcut to list generic secrets and mounts by glob pattern. The wildcards "*" and "?" are supported. Currently only globbing the base of the path is supported, globbing on directory names is not.

func (*Client) ReadDir 

func (c *Client) ReadDir(path string) ([]os.FileInfo, error)

ReadDir mimicks an ioutil.ReadDir call on Vault; permission errors are muted

func (*Client) SetPath 

func (c *Client) SetPath(path string)

SetPath updates our working path

func (*Client) Stat 

func (c *Client) Stat(path string) (os.FileInfo, error)

Stat mimicks an os.Stat call on Vault

type Codec 

type Codec interface {
	Marshaler
	Unmarshaler
}

Codec implements an Encoder and Decoder

func CodecFor 

func CodecFor(name string) (Codec, error)

CodecFor returns a codec by name

type CopyCommand 

type CopyCommand struct {
	// contains filtered or unexported fields
}

CopyCommand can display (structured) secrets

func (*CopyCommand) Client 

func (cmd *CopyCommand) Client() (*Client, error)

func (*CopyCommand) Close 

func (cmd *CopyCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*CopyCommand) Help 

func (cmd *CopyCommand) Help() string

func (*CopyCommand) Run 

func (cmd *CopyCommand) Run(args []string) int

func (*CopyCommand) Synopsis 

func (cmd *CopyCommand) Synopsis() string

func (*CopyCommand) Write 

func (cmd *CopyCommand) Write(p []byte) (int, error)

type DeleteCommand 

type DeleteCommand struct {
	// contains filtered or unexported fields
}

DeleteCommand can display (structured) secrets

func (*DeleteCommand) Client 

func (cmd *DeleteCommand) Client() (*Client, error)

func (*DeleteCommand) Close 

func (cmd *DeleteCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*DeleteCommand) Help 

func (cmd *DeleteCommand) Help() string

func (*DeleteCommand) Run 

func (cmd *DeleteCommand) Run(args []string) int

func (*DeleteCommand) Synopsis 

func (cmd *DeleteCommand) Synopsis() string

func (*DeleteCommand) Write 

func (cmd *DeleteCommand) Write(p []byte) (int, error)

type EditCommand 

type EditCommand struct {
	// contains filtered or unexported fields
}

EditCommand opens Vault secrets in an interactive editor ($EDITOR)

func (*EditCommand) Client 

func (cmd *EditCommand) Client() (*Client, error)

func (*EditCommand) Close 

func (cmd *EditCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*EditCommand) Help 

func (cmd *EditCommand) Help() string

func (*EditCommand) Run 

func (cmd *EditCommand) Run(args []string) int

func (*EditCommand) Synopsis 

func (cmd *EditCommand) Synopsis() string

func (*EditCommand) Write 

func (cmd *EditCommand) Write(p []byte) (int, error)

type FileCommand 

type FileCommand struct {
	// contains filtered or unexported fields
}

FileCommand stores and retrieves raw files (blobs).

func (*FileCommand) Client 

func (cmd *FileCommand) Client() (*Client, error)

func (*FileCommand) Close 

func (cmd *FileCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*FileCommand) Help 

func (cmd *FileCommand) Help() string

func (*FileCommand) Run 

func (cmd *FileCommand) Run(args []string) int

func (*FileCommand) Synopsis 

func (cmd *FileCommand) Synopsis() string

func (*FileCommand) Write 

func (cmd *FileCommand) Write(p []byte) (int, error)

type ListCommand 

type ListCommand struct {
	// contains filtered or unexported fields
}

ListCommand can display (structured) secrets

func (*ListCommand) Client 

func (cmd *ListCommand) Client() (*Client, error)

func (*ListCommand) Close 

func (cmd *ListCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*ListCommand) Help 

func (cmd *ListCommand) Help() string

func (*ListCommand) Run 

func (cmd *ListCommand) Run(args []string) int

func (*ListCommand) Synopsis 

func (cmd *ListCommand) Synopsis() string

func (*ListCommand) Write 

func (cmd *ListCommand) Write(p []byte) (int, error)

type Marshaler 

type Marshaler interface {
	Marshal(path string, data map[string]interface{}) ([]byte, error)
}

Marshaler can marshal a api.Secret.Data into a byte slice

type MarshalingNotSupported 

type MarshalingNotSupported struct{}

MarshalingNotSupported is a placeholder Marshaler that returns an error upon marshaling.

func (MarshalingNotSupported) Marshal 

func (m MarshalingNotSupported) Marshal(_ map[string]interface{}) ([]byte, error)

Marshal always returns ErrMarshalingNotSupported

type MoveCommand 

type MoveCommand struct {
	// contains filtered or unexported fields
}

MoveCommand can display (structured) secrets

func (*MoveCommand) Client 

func (cmd *MoveCommand) Client() (*Client, error)

func (*MoveCommand) Close 

func (cmd *MoveCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*MoveCommand) Help 

func (cmd *MoveCommand) Help() string

func (*MoveCommand) Run 

func (cmd *MoveCommand) Run(args []string) int

func (*MoveCommand) Synopsis 

func (cmd *MoveCommand) Synopsis() string

func (*MoveCommand) Write 

func (cmd *MoveCommand) Write(p []byte) (int, error)

type ShellCommand 

type ShellCommand struct {
	// contains filtered or unexported fields
}

ShellCommand is an interactive command line shell

func (*ShellCommand) Client 

func (cmd *ShellCommand) Client() (*Client, error)

func (*ShellCommand) Close 

func (cmd *ShellCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*ShellCommand) Help 

func (cmd *ShellCommand) Help() string

func (*ShellCommand) Run 

func (cmd *ShellCommand) Run(args []string) int

func (*ShellCommand) Synopsis 

func (cmd *ShellCommand) Synopsis() string

func (*ShellCommand) Write 

func (cmd *ShellCommand) Write(p []byte) (int, error)

type TemplateCommand 

type TemplateCommand struct {
	// contains filtered or unexported fields
}

TemplateCommand renders (multiple) secret(s) into a templated file.

func (*TemplateCommand) Client 

func (cmd *TemplateCommand) Client() (*Client, error)

func (*TemplateCommand) Close 

func (cmd *TemplateCommand) Close() error

Close the output file (if any) and rename it to cmd.out

func (*TemplateCommand) Help 

func (cmd *TemplateCommand) Help() string

func (*TemplateCommand) Run 

func (cmd *TemplateCommand) Run(args []string) int

func (*TemplateCommand) Synopsis 

func (cmd *TemplateCommand) Synopsis() string

func (*TemplateCommand) Write 

func (cmd *TemplateCommand) Write(p []byte) (int, error)

type Unmarshaler 

type Unmarshaler interface {
	Unmarshal(p []byte) (map[string]interface{}, error)
}

Unmarshaler can unmarshal a byte slice into api.Secret.Data

type UnmarshalingNotSupported 

type UnmarshalingNotSupported struct{}

UnmarshalingNotSupported is a placeholder Unmarshaler that returns an error upon unmarshaling.

func (UnmarshalingNotSupported) Unmarshal 

func (u UnmarshalingNotSupported) Unmarshal(_ []byte) (map[string]interface{}, error)

Unmarshal always returns ErrUnmarshalingNotSupported

Source Files

View all Source files

Directories

Path Synopsis
builtin
codec
cmd
vc
Command vc is a Vault Client for manipulating secrets inside Vault Environment Variables vc respects the following environment settings: VAULT_ADDR Vault server address VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
 Command vc is a Vault Client for manipulating secrets inside Vault Environment Variables vc respects the following environment settings: VAULT_ADDR Vault server address VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.