vault

package module
Version: v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package vault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, vault registers for the scheme "vault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" and "VAULT_SERVER_TOKEN". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

vault does not support any types for As.

Example (OpenFromURL)
package main

import (
	"context"
	"log"

	"gocloud.dev/secrets"
)

func main() {
	ctx := context.Background()

	// secrets.OpenKeeper creates a *secrets.Keeper from a URL.
	// The default opener dials a default Vault server based on the environment
	// variables VAULT_SERVER_URL and VAULT_SERVER_TOKEN.
	keeper, err := secrets.OpenKeeper(ctx, "vault://mykey")
	if err != nil {
		log.Fatal(err)
	}
	defer keeper.Close()
}
Output:

Index

Examples

Constants

View Source
const Scheme = "vault"

Scheme is the URL scheme vault registers its URLOpener under on secrets.DefaultMux.

Variables

This section is empty.

Functions

func Dial

func Dial(ctx context.Context, cfg *Config) (*api.Client, error)

Dial gets a Vault client.

func OpenKeeper

func OpenKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.

Example
package main

import (
	"context"
	"log"

	"github.com/hashicorp/vault/api"
	"gocloud.dev/secrets/vault"
)

func main() {

	// Get a client to use with the Vault API.
	ctx := context.Background()
	client, err := vault.Dial(ctx, &vault.Config{
		Token: "<Client (Root) Token>",
		APIConfig: api.Config{
			Address: "http://127.0.0.1:8200",
		},
	})
	if err != nil {
		log.Fatal(err)
	}

	// Construct a *secrets.Keeper.
	keeper := vault.OpenKeeper(client, "my-key", nil)
	defer keeper.Close()

	// Now we can use keeper to encrypt or decrypt.
	plaintext := []byte("Hello, Secrets!")
	ciphertext, err := keeper.Encrypt(ctx, plaintext)
	if err != nil {
		log.Fatal(err)
	}
	decrypted, err := keeper.Decrypt(ctx, ciphertext)
	if err != nil {
		log.Fatal(err)
	}
	_ = decrypted
}
Output:

Types

type Config

type Config struct {
	// Token is the access token the Vault client uses to talk to the server.
	// See https://www.vaultproject.io/docs/concepts/tokens.html for more
	// information.
	Token string
	// APIConfig is used to configure the creation of the client.
	APIConfig api.Config
}

Config is the authentication configurations of the Vault server.

type KeeperOptions

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener

type URLOpener struct {
	// Client must be non-nil.
	Client *api.Client

	// Options specifies the options to pass to OpenKeeper.
	Options KeeperOptions
}

URLOpener opens Vault URLs like "vault://mykey".

The URL Host + Path are used as the keyID.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens the Keeper URL.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL