Documentation ¶
Index ¶
Constants ¶
const ( // The time to live configuration (aka, TTL) of the cache used by proxy // server. VaultCacheTTL = "VAULT_DEFAULT_CACHE_TTL" // When set to `true`, every request will be saved in the cache and returned // from cache, making caching "opt-out" instead of "opt-in". Caching may // still be disabled per-request with the "nocache" cache-control header. VaultCacheEnabled = "VAULT_DEFAULT_CACHE_ENABLED" )
const ( ExtensionName = "vault-lambda-extension" VaultLogLevel = "VAULT_LOG_LEVEL" // Optional, one of TRACE, DEBUG, INFO, WARN, ERROR, OFF VaultRunMode = "VAULT_RUN_MODE" )
const ( DefaultSecretDirectory = "/tmp/vault" DefaultSecretFile = "secret.json" )
Variables ¶
var (
// ExtensionVersion should be a var type, so the go build tool can override and inject a custom version.
ExtensionVersion = "0.0.0-dev"
)
Functions ¶
func GetUserAgentBase ¶ added in v0.10.0
GetUserAgentBase returns a base user agent string with the given user agent name and version in the form: vault-client-go/0.0.1 (Darwin arm64; Go go1.19.2)
Types ¶
type AuthConfig ¶
type AuthConfig struct { Role string Provider string AssumedRoleArn string IAMServerID string STSEndpointRegion string VaultAddress string }
AuthConfig holds config required for logging in to Vault.
func AuthConfigFromEnv ¶
func AuthConfigFromEnv() AuthConfig
AuthConfigFromEnv reads config from the environment for authenticating to Vault.
type CacheConfig ¶ added in v0.6.0
CacheConfig holds config for the request cache
func CacheConfigFromEnv ¶ added in v0.6.0
func CacheConfigFromEnv() CacheConfig
CacheConfigFromEnv reads config from the environment for caching
type ConfiguredSecret ¶
type ConfiguredSecret struct { VaultPath string // The path to read from in Vault FilePath string // The path to write to in the file system // contains filtered or unexported fields }
ConfiguredSecret represents a pair of environment variables of the form:
VAULT_SECRET_PATH_FOO=/kv/data/foo VAULT_SECRET_FILE_FOO=/tmp/vault/secret/foo
Where FOO is the name, and must match across both env vars to form a valid secret configuration. The name can also be empty.
func ParseConfiguredSecrets ¶
func ParseConfiguredSecrets() ([]ConfiguredSecret, error)
ParseConfiguredSecrets reads environment variables to determine which secrets to read from Vault, and where to write them on disk.
func (ConfiguredSecret) Name ¶
func (cs ConfiguredSecret) Name() string
Name is the name parsed from the environment variable name. This name is used as a key to match secrets with file paths.
func (ConfiguredSecret) Valid ¶
func (cs ConfiguredSecret) Valid() bool
Valid checks that both a secret path and a destination path are given.