vault_plugin_secrets_backblazeb2

package module

v0.1.0 Latest Latest Go to latest Published: Mar 26, 2024 License: BSD-3-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Boostport/vault-plugin-secrets-backblazeb2

Links

Open Source Insights

README ¶

Vault Plugin: Backblaze B2 Secrets Backend

This is a HashiCorp Vault plugin that generates application keys for Backblaze B2 Cloud Storage.

Download

Binary releases are available at https://github.com/Boostport/vault-plugin-secrets-backblazeb2/releases.

Verify Binaries

The checksum for the binaries are signed with cosign. To verify the binaries, download the following files (where ${VERSION} is the version of the release):

vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt
vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.pem
vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.sig

Then download the release binaries you need. Here, we just download the linux amd64 binary:

vault-plugin-secrets-backblazeb2_${VERSION}_linux_amd64

Then run the following commands to verify the checksums and signature:

# Verify checksum signature
$ cosign verify-blob --signature vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.sig --certificate vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.pem vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt --certificate-identity "https://github.com/Boostport/vault-plugin-secrets-backblazeb2/.github/workflows/release.yml@refs/tags/v${VERSION}" --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

# Verify checksum with binaries
$ sha256sum -c vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt

Usage

Once the plugin is registered with your vault instance, you can enable it on a particular path:

$ vault secrets enable -path=backblazeb2 vault-plugin-secrets-backblazeb2

Configure the backend with your Backblaze B2 application key id and application key:

$ vault write backblazeb2/config application_key_id=<account id> application_key=<key id>

Create a role:

$ vault write backblazeb2/roles/example capabilities=listBuckets,listFiles,readFiles

Issue credentials:

$ vault read backblazeb2/creds/example

Backend Configuration

Parameter	Description	Required	Default
`application_key_id`	The Backblaze B2 application key id	`yes`	`none`
`application_key`	The Backblaze B2 application key	`yes`	`none`

Role Configuration

Parameter	Description	Required	Default
`capabilities`	Comma separated list of capabilities. See Backblaze B2 application key capabilities for a complete list.	`yes`	`none`
`key_name_prefix`	Prefix for key names generated by this role.	`no`	`vault-`
`bucket_name`	Optional bucket name on which to restrict this key. NOTE: This is the name of the bucket, not the id.	`no`	`none`
`name_prefix`	Prefix to further restrict access in a bucket to files whose names start with the prefix. The `bucket_name` parameter must also be set.	`no`	`none`

Documentation ¶

Index ¶

func Factory(version string) logical.Factory

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Factory ¶

func Factory(version string) logical.Factory

Factory returns a configured instance of the B2 backend

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
vault-plugin-secrets-backblazeb2

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL