Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrValueInput indicates the provided value is not a struct pointer ErrValueInput = errors.New("the provided value must be a struct pointer") )
Functions ¶
This section is empty.
Types ¶
type Option ¶
type Option interface {
Apply(s *SecretUnmarshler)
}
Option defines how an option should be applied
func WithClient ¶
WithClient allows callers to provice a custom vault client
func WithTokenFile ¶
WithTokenFile allows callers to provide a path to a file where a vault token is stored
func WithTokenString ¶
WithTokenString allows callers to provide a token in the form of a string
type SecretUnmarshler ¶
type SecretUnmarshler struct {
// contains filtered or unexported fields
}
SecretUnmarshler reads data from Vault and stores the result(s) in the a provided struct. This can be useful to inject sensitive configuration items directly into config structs
func NewSecretUnmarshler ¶
func NewSecretUnmarshler(opts ...Option) (*SecretUnmarshler, error)
NewSecretUnmarshler returns a new SecretUnmarshler, applying any options that are supplied.
func (SecretUnmarshler) Unmarshal ¶
func (su SecretUnmarshler) Unmarshal(ctx context.Context, apex string, v interface{}) error
Unmarshal makes a read request to vault using the supplied vault apex path and stores the result(s) in the value pointed to by v. Unmarshal traverses the value v recursively looking for tagged fields that can be populated with secret data.
(DATA EXAMPLE #1) Consider the design of the following secret path: secret/application, that contains several sub-keys:
API_KEY - the data being stored in the data key 'value' DB_PASSWORD - the data being stored in the data key 'value'
(DATA EXAMPLE #2) Consider the design of the following secret path: secret/application/configs, that contains several data keys
api_key db_password
A field tagged with 'vault_path_key' implies that the apex is a top-level secret path, and the value provided by 'vault_path_key' is the suffix key in the path. The full final path will be a combination of the apex and the path key. e.g. Using the example #1 above, an apex of secret/application with a 'vault_path_key' of DB_PASSWORD, will attempt to read the data stored in secret/application/DB_PASSSWORD. By default a data key of 'value' is used. The data key can be customized via the tag `vault_path_data_key`
Field string `vault_path_key:"DB_PASSWORD"` Field string `vault_path_key:"DB_PASSWORD" vault_path_data_key:"password"` // data key override
A field tagged with 'vault_data_key' implies that the apex is a full, final secret path and the value provided by 'vault_data_key' is the name of the data key. e.g. an apex of secret/application/configs with a 'vault_data_key' of db_password, will attempt to read the data stored in secret/application/configs, referncing the db_password data key.
Field string `vault_data_key:"db_password"`