bank-vaults: github.com/banzaicloud/bank-vaults/pkg/sdk/vault Index | Files

package vault

import "github.com/banzaicloud/bank-vaults/pkg/sdk/vault"

Index

Package Files

client.go operator_client.go transit.go

Constants

const DefaultConfigFile = "vault-config.yml"

DefaultConfigFile is the name of the default config file

func NewData Uses

func NewData(cas int, data map[string]interface{}) map[string]interface{}

NewData is a helper function for Vault KV Version two secret data creation

func NewRawClient Uses

func NewRawClient() (*api.Client, error)

NewRawClient creates a new raw Vault client.

type Client Uses

type Client struct {
    // Easy to use wrapper for transit secret engine calls
    Transit *Transit
    // contains filtered or unexported fields
}

Client is a Vault client with Kubernetes support, token automatic renewing and access to Transit Secret Engine wrapper

func NewClient Uses

func NewClient(role string) (*Client, error)

NewClient creates a new Vault client.

func NewClientFromConfig Uses

func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)

NewClientFromConfig creates a new Vault client from custom configuration.

func NewClientFromRawClient Uses

func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)

NewClientFromRawClient creates a new Vault client from custom raw client.

func NewClientWithConfig Uses

func NewClientWithConfig(config *vaultapi.Config, role, path string) (*Client, error)

NewClientWithConfig creates a new Vault client with custom configuration. Deprecated: use NewClientFromConfig instead.

func NewClientWithOptions Uses

func NewClientWithOptions(opts ...ClientOption) (*Client, error)

NewClientWithOptions creates a new Vault client with custom options.

func (*Client) Close Uses

func (client *Client) Close()

Close stops the token renewing process of this client

func (*Client) RawClient Uses

func (client *Client) RawClient() *vaultapi.Client

RawClient returns the underlying raw Vault client.

func (*Client) Vault Uses

func (client *Client) Vault() *vaultapi.Client

Vault returns the underlying hashicorp Vault client. Deprecated: use RawClient instead.

type ClientAuthPath Uses

type ClientAuthPath string

ClientAuthPath is the mount path where the auth method is enabled.

type ClientOption Uses

type ClientOption interface {
    // contains filtered or unexported methods
}

ClientOption configures a Vault client using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html and https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis.

type ClientRole Uses

type ClientRole string

ClientRole is the vault role which the client would like to receive

type ClientToken Uses

type ClientToken string

ClientToken is a Vault token.

type ClientTokenPath Uses

type ClientTokenPath string

ClientTokenPath file where the Vault token can be found.

type ClientURL Uses

type ClientURL string

ClientURL is the vault url EX: https://my-vault.vault.org

type Config Uses

type Config struct {
    // how many key parts exist
    SecretShares int
    // how many of these parts are needed to unseal Vault (secretThreshold <= secretShares)
    SecretThreshold int

    // if this root token is set, the dynamic generated will be invalidated and this created instead
    InitRootToken string
    // should the root token be stored in the keyStore
    StoreRootToken bool

    // should the KV backend be tested first to validate access rights
    PreFlightChecks bool
}

Config holds the configuration of the Vault initialization

type KVService Uses

type KVService interface {
    Set(key string, value []byte) error
    Get(key string) ([]byte, error)
}

type Transit Uses

type Transit struct {
    // contains filtered or unexported fields
}

Transit is a wrapper for Transit Secret Engine ref: https://www.vaultproject.io/docs/secrets/transit/index.html

func (*Transit) Decrypt Uses

func (t *Transit) Decrypt(transitPath, keyID string, ciphertext []byte) ([]byte, error)

Decrypt decrypts the ciphertext into a plaintext ref: https://www.vaultproject.io/api/secret/transit/index.html#decrypt-data

func (*Transit) IsEncrypted Uses

func (t *Transit) IsEncrypted(value string) bool

IsEncrypted check with regexp that value encrypter by Vault transit secret engine

type Vault Uses

type Vault interface {
    Init() error
    RaftJoin(string) error
    Sealed() (bool, error)
    Active() (bool, error)
    Unseal() error
    Leader() (bool, error)
    Configure(config *viper.Viper) error
    StepDownActive(string) error
}

Vault is an interface that can be used to attempt to perform actions against a Vault server.

func New Uses

func New(k KVService, cl *api.Client, config Config) (Vault, error)

New returns a new vault Vault, or an error.

Package vault imports 24 packages (graph) and is imported by 8 packages. Updated 2019-12-06. Refresh now. Tools for package owners.