Documentation

Overview

Package hashivault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, hashivault registers for the scheme "hashivault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" and "VAULT_SERVER_TOKEN". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

hashivault does not support any types for As.

Example (OpenFromURL)

package main import ( "context" "log" "gocloud.dev/secrets" ) func main() { // PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored. // PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/secrets/hashivault" // PRAGMA: On gocloud.dev, hide lines until the next blank line. ctx := context.Background() keeper, err := secrets.OpenKeeper(ctx, "hashivault://mykey") if err != nil { log.Fatal(err) } defer keeper.Close() }

Index

• Constants
• func Dial(ctx context.Context, cfg *Config) (*api.Client, error)
• func OpenKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper
• type Config
• type KeeperOptions
• type URLOpener
  • func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

Examples

• Package (OpenFromURL)
• OpenKeeper

Constants

const Scheme = "hashivault"

Scheme is the URL scheme hashivault registers its URLOpener under on secrets.DefaultMux.

Variables

This section is empty.

Functions

func Dial

func Dial(ctx context.Context, cfg *Config) (*api.Client, error)

Dial gets a Vault client.

func OpenKeeper

func OpenKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.

Example

package main import ( "context" "log" "github.com/hashicorp/vault/api" "gocloud.dev/secrets/hashivault" ) func main() { // PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored. // PRAGMA: On gocloud.dev, hide lines until the next blank line. ctx := context.Background() // Get a client to use with the Vault API. client, err := hashivault.Dial(ctx, &hashivault.Config{ Token: "CLIENT_TOKEN", APIConfig: api.Config{ Address: "http://127.0.0.1:8200", }, }) if err != nil { log.Fatal(err) } // Construct a *secrets.Keeper. keeper := hashivault.OpenKeeper(client, "my-key", nil) defer keeper.Close() }

Types

type Config

type Config struct {
	// Token is the access token the Vault client uses to talk to the server.
	// See https://www.vaultproject.io/docs/concepts/tokens.html for more
	// information.
	Token string
	// APIConfig is used to configure the creation of the client.
	APIConfig api.Config
}

Config is the authentication configurations of the Vault server.

type KeeperOptions

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener

type URLOpener struct {
	// Client must be non-nil.
	Client *api.Client

	// Options specifies the options to pass to OpenKeeper.
	Options KeeperOptions
}

URLOpener opens Vault URLs like "hashivault://mykey".

The URL Host + Path are used as the keyID.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens the Keeper URL.