bank-vaults: Index | Files

package vault

import ""


Package Files

client.go operator_client.go transit.go


const DefaultConfigFile = "vault-config.yml"

DefaultConfigFile is the name of the default config file

func NewData Uses

func NewData(cas int, data map[string]interface{}) map[string]interface{}

NewData is a helper function for Vault KV Version two secret data creation

func NewInsecureRawClient Uses

func NewInsecureRawClient() (*api.Client, error)

NewInsecureRawClient creates a new raw Vault client with insecure TLS.

func NewRawClient Uses

func NewRawClient() (*api.Client, error)

NewRawClient creates a new raw Vault client.

type Client Uses

type Client struct {
    // Easy to use wrapper for transit secret engine calls
    Transit *Transit
    // contains filtered or unexported fields

Client is a Vault client with Kubernetes support, token automatic renewing and access to Transit Secret Engine wrapper

func NewClient Uses

func NewClient(role string) (*Client, error)

NewClient creates a new Vault client.

func NewClientFromConfig Uses

func NewClientFromConfig(config *vaultapi.Config, opts ...ClientOption) (*Client, error)

NewClientFromConfig creates a new Vault client from custom configuration.

func NewClientFromRawClient Uses

func NewClientFromRawClient(rawClient *vaultapi.Client, opts ...ClientOption) (*Client, error)

NewClientFromRawClient creates a new Vault client from custom raw client.

func NewClientWithConfig Uses

func NewClientWithConfig(config *vaultapi.Config, role, path string) (*Client, error)

NewClientWithConfig creates a new Vault client with custom configuration. Deprecated: use NewClientFromConfig instead.

func NewClientWithOptions Uses

func NewClientWithOptions(opts ...ClientOption) (*Client, error)

NewClientWithOptions creates a new Vault client with custom options.

func (*Client) Close Uses

func (client *Client) Close()

Close stops the token renewing process of this client

func (*Client) RawClient Uses

func (client *Client) RawClient() *vaultapi.Client

RawClient returns the underlying raw Vault client.

func (*Client) Vault Uses

func (client *Client) Vault() *vaultapi.Client

Vault returns the underlying hashicorp Vault client. Deprecated: use RawClient instead.

type ClientAuthPath Uses

type ClientAuthPath string

ClientAuthPath is the mount path where the auth method is enabled.

type ClientOption Uses

type ClientOption interface {
    // contains filtered or unexported methods

ClientOption configures a Vault client using the functional options paradigm popularized by Rob Pike and Dave Cheney. If you're unfamiliar with this style, see and

type ClientRole Uses

type ClientRole string

ClientRole is the vault role which the client would like to receive

type ClientTimeout Uses

type ClientTimeout time.Duration

ClientTimeout after which the client fails.

type ClientToken Uses

type ClientToken string

ClientToken is a Vault token.

type ClientTokenPath Uses

type ClientTokenPath string

ClientTokenPath file where the Vault token can be found.

type ClientURL Uses

type ClientURL string

ClientURL is the vault url EX:

type Config Uses

type Config struct {
    // how many key parts exist
    SecretShares int
    // how many of these parts are needed to unseal Vault (secretThreshold <= secretShares)
    SecretThreshold int

    // if this root token is set, the dynamic generated will be invalidated and this created instead
    InitRootToken string
    // should the root token be stored in the keyStore
    StoreRootToken bool

    // should the KV backend be tested first to validate access rights
    PreFlightChecks bool

Config holds the configuration of the Vault initialization

type KVService Uses

type KVService interface {
    Set(key string, value []byte) error
    Get(key string) ([]byte, error)

type Transit Uses

type Transit struct {
    // contains filtered or unexported fields

Transit is a wrapper for Transit Secret Engine ref:

func (*Transit) Decrypt Uses

func (t *Transit) Decrypt(transitPath, keyID string, ciphertext []byte) ([]byte, error)

Decrypt decrypts the ciphertext into a plaintext ref:

func (*Transit) IsEncrypted Uses

func (t *Transit) IsEncrypted(value string) bool

IsEncrypted check with regexp that value encrypter by Vault transit secret engine

type Vault Uses

type Vault interface {
    Init() error
    RaftInitialized() (bool, error)
    RaftJoin(string) error
    Sealed() (bool, error)
    Active() (bool, error)
    Unseal() error
    Leader() (bool, error)
    Configure(config *viper.Viper) error
    StepDownActive(string) error

Vault is an interface that can be used to attempt to perform actions against a Vault server.

func New Uses

func New(k KVService, cl *api.Client, config Config) (Vault, error)

New returns a new vault Vault, or an error.

Package vault imports 29 packages (graph) and is imported by 11 packages. Updated 2020-07-10. Refresh now. Tools for package owners.