Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KubernetesAuth ¶
type KubernetesAuth struct {
// contains filtered or unexported fields
}
func NewKubernetesAuth ¶
func NewKubernetesAuth(roleName string, opts ...LoginOption) (*KubernetesAuth, error)
NewKubernetesAuth creates a KubernetesAuth struct which can be passed to the client.Auth().Login method to authenticate to Vault. The roleName parameter should be the name of the role in Vault that was created with this app's Kubernetes service account bound to it.
The Kubernetes service account token JWT is retrieved from /var/run/secrets/kubernetes.io/serviceaccount/token by default. To change this path, pass the WithServiceAccountTokenPath option. To instead pass the JWT directly as a string, or to read the value from an environment variable, use WithServiceAccountToken and WithServiceAccountTokenEnv respectively.
Supported options: WithMountPath, WithServiceAccountTokenPath, WithServiceAccountTokenEnv, WithServiceAccountToken
type LoginOption ¶
type LoginOption func(a *KubernetesAuth) error
func WithMountPath ¶
func WithMountPath(mountPath string) LoginOption
func WithServiceAccountToken ¶
func WithServiceAccountToken(jwt string) LoginOption
func WithServiceAccountTokenEnv ¶
func WithServiceAccountTokenEnv(envVar string) LoginOption
func WithServiceAccountTokenPath ¶
func WithServiceAccountTokenPath(pathToToken string) LoginOption
WithServiceAccountTokenPath allows you to specify a different path to where your application's Kubernetes service account token is mounted, instead of the default of /var/run/secrets/kubernetes.io/serviceaccount/token