vault

package

v4.0.0+incompatible Latest Latest Go to latest Published: Sep 2, 2017 License: MIT Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/steeef/aws-vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func FormatCredentialError(profileKey string, from Profiles, err error) string
type Config
- func NewConfigFromEnv() (Config, error)
type FileConfig
- func (c *FileConfig) Parse() (Profiles, error)
type KeyringProvider
- func (p *KeyringProvider) Delete() error
- func (p *KeyringProvider) IsExpired() bool
- func (p *KeyringProvider) Retrieve() (val credentials.Value, err error)
- func (p *KeyringProvider) Store(val credentials.Value) error
type KeyringSessions
- func NewKeyringSessions(k keyring.Keyring, p Profiles) (*KeyringSessions, error)
- func (s *KeyringSessions) Delete(profile string) (n int, err error)
- func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)
- func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error
type Profiles
- func (p Profiles) SourceProfile(profileKey string) string
type VaultCredentials
- func NewVaultCredentials(k keyring.Keyring, profile string, opts VaultOptions) (*VaultCredentials, error)
- func (v *VaultCredentials) Expires() time.Time
type VaultOptions
- func (o VaultOptions) ApplyDefaults() VaultOptions
- func (o VaultOptions) Validate() error
type VaultProvider
- func NewVaultProvider(k keyring.Keyring, profile string, opts VaultOptions) (*VaultProvider, error)
- func (p *VaultProvider) Retrieve() (credentials.Value, error)
- func (p *VaultProvider) RetrieveWithoutSessionToken() (credentials.Value, error)

Constants ¶

View Source

const (
	MaxSessionDuration    = time.Hour * 36
	MinSessionDuration    = time.Minute * 15
	MinAssumeRoleDuration = time.Minute * 15
	MaxAssumeRoleDuration = time.Hour

	DefaultSessionDuration    = time.Hour * 4
	DefaultAssumeRoleDuration = time.Minute * 15
)

Variables ¶

This section is empty.

Functions ¶

func FormatCredentialError ¶

func FormatCredentialError(profileKey string, from Profiles, err error) string

Types ¶

type Config ¶

type Config interface {
	Parse() (Profiles, error)
}

func NewConfigFromEnv ¶

func NewConfigFromEnv() (Config, error)

type FileConfig ¶

type FileConfig struct {
	// contains filtered or unexported fields
}

func (*FileConfig) Parse ¶

func (c *FileConfig) Parse() (Profiles, error)

type KeyringProvider ¶

type KeyringProvider struct {
	Keyring keyring.Keyring
	Profile string
}

func (*KeyringProvider) Delete ¶

func (p *KeyringProvider) Delete() error

func (*KeyringProvider) IsExpired ¶

func (p *KeyringProvider) IsExpired() bool

func (*KeyringProvider) Retrieve ¶

func (p *KeyringProvider) Retrieve() (val credentials.Value, err error)

func (*KeyringProvider) Store ¶

func (p *KeyringProvider) Store(val credentials.Value) error

type KeyringSessions ¶

type KeyringSessions struct {
	Keyring  keyring.Keyring
	Profiles Profiles
}

func NewKeyringSessions ¶

func NewKeyringSessions(k keyring.Keyring, p Profiles) (*KeyringSessions, error)

func (*KeyringSessions) Delete ¶

func (s *KeyringSessions) Delete(profile string) (n int, err error)

func (*KeyringSessions) Retrieve ¶

func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error)

func (*KeyringSessions) Store ¶

func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error

type Profiles ¶

type Profiles map[string]map[string]string

func (Profiles) SourceProfile ¶

func (p Profiles) SourceProfile(profileKey string) string

SourceProfile returns either the defined source_profile or profileKey if none exists

type VaultCredentials ¶

type VaultCredentials struct {
	*credentials.Credentials
	// contains filtered or unexported fields
}

func NewVaultCredentials ¶

func NewVaultCredentials(k keyring.Keyring, profile string, opts VaultOptions) (*VaultCredentials, error)

func (*VaultCredentials) Expires ¶

func (v *VaultCredentials) Expires() time.Time

type VaultOptions ¶

type VaultOptions struct {
	SessionDuration    time.Duration
	AssumeRoleDuration time.Duration
	ExpiryWindow       time.Duration
	MfaToken           string
	MfaPrompt          prompt.PromptFunc
	NoSession          bool
	Profiles           Profiles
	MasterCreds        *credentials.Value
}

func (VaultOptions) ApplyDefaults ¶

func (o VaultOptions) ApplyDefaults() VaultOptions

func (VaultOptions) Validate ¶

func (o VaultOptions) Validate() error

type VaultProvider ¶

type VaultProvider struct {
	credentials.Expiry
	VaultOptions
	// contains filtered or unexported fields
}

func NewVaultProvider ¶

func NewVaultProvider(k keyring.Keyring, profile string, opts VaultOptions) (*VaultProvider, error)

func (*VaultProvider) Retrieve ¶

func (p *VaultProvider) Retrieve() (credentials.Value, error)

Retrieve returns credentials protected by a GetSessionToken. If there is an associated role in the profile then AssumeRole is applied. The benefit of a session is that it doesn't require MFA or a user prompt to access the keychain item, much like sudo.

func (*VaultProvider) RetrieveWithoutSessionToken ¶

func (p *VaultProvider) RetrieveWithoutSessionToken() (credentials.Value, error)

RetrieveWithoutSessionToken returns credentials that are either the master credentials or a session created with AssumeRole. This allows for usecases where a token created with AssumeRole wouldn't work.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL