Documentation

Overview

Package hashivault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, hashivault registers for the scheme "hashivault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" and "VAULT_SERVER_TOKEN". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

hashivault does not support any types for As.

Example (OpenFromURL)
Output:

Index

Examples

Constants

View Source
const Scheme = "hashivault"

    Scheme is the URL scheme hashivault registers its URLOpener under on secrets.DefaultMux.

    Variables

    This section is empty.

    Functions

    func Dial

    func Dial(ctx context.Context, cfg *Config) (*api.Client, error)

      Dial gets a Vault client.

      func OpenKeeper

      func OpenKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper

        OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.

        Example
        Output:
        
        

        Types

        type Config

        type Config struct {
        	// Token is the access token the Vault client uses to talk to the server.
        	// See https://www.vaultproject.io/docs/concepts/tokens.html for more
        	// information.
        	Token string
        	// APIConfig is used to configure the creation of the client.
        	APIConfig api.Config
        }

          Config is the authentication configurations of the Vault server.

          type KeeperOptions

          type KeeperOptions struct{}

            KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

            type URLOpener

            type URLOpener struct {
            	// Client must be non-nil.
            	Client *api.Client
            
            	// Options specifies the options to pass to OpenKeeper.
            	Options KeeperOptions
            }

              URLOpener opens Vault URLs like "hashivault://mykey".

              The URL Host + Path are used as the keyID.

              No query parameters are supported.

              func (*URLOpener) OpenKeeperURL

              func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

                OpenKeeperURL opens the Keeper URL.

                Source Files