Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrSpecificVersionPassedToKVv1 = errors.New("KVv1 does not accept versioning")
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Token is the Vault Auth Token.
Token string
// MountPath is the location where the target KV secrets engine resides in Vault.
MountPath string
// VaultConfig is the config for the Vault client.
// If the configuration is nil,
// Vault will use configuration from DefaultConfig(),
// which is the recommended starting configuration.
VaultConfig *vault.Config
SecretlyConfig secretly.Config
}
Config provides both Vault KV V1 and secretly wrapper configurations.
type KVv1Client ¶
type KVv1Client struct {
// contains filtered or unexported fields
}
Client is the Vault KVv1 Secrets Engine wrapper. Implements secretly.Client
Note: (*KVv1Client).GetSecretVersion does not accept versioning other than the default version. (This is a limitation of the secret engine, use KVv2 if you want secret versioning.)
func NewKVv1Client ¶
func NewKVv1Client(cfg Config) (*KVv1Client, error)
NewKVv1Client returns a Vault KVv1 Secrets Engine wrapper.
func WrapKVv1 ¶
func WrapKVv1(client *vault.KVv1, cfg Config) *KVv1Client
WrapKVv2 wraps the Vault KVv1 Secrets Engine client.
func (*KVv1Client) GetSecret ¶
GetSecret retrieves the latest secret for name from Vault KVv1 Secrets Engine.
func (*KVv1Client) GetSecretWithVersion ¶
func (c *KVv1Client) GetSecretWithVersion(ctx context.Context, name, version string) ([]byte, error)
GetSecretWithVersion behaves the same as GetSecret but has a side effect of returning ErrSpecificVersionPassedToKVv1 when a non default secret version is passed.
func (*KVv1Client) Process ¶
func (c *KVv1Client) Process(spec any, opts ...secretly.ProcessOption) error
Process resolves the provided specification using Vault KVv1 Secrets Engine. ProcessOptions can be provided to add additional processing for the fields, like reading version info from the env or a file.
(*Client).Process is a convenience for calling secretly.Process with the Client.
type KVv2Client ¶
type KVv2Client struct {
// contains filtered or unexported fields
}
KVv2Client is the Vault KVv2 Secrets Engine wrapper. Implements secretly.KVv2Client
func NewKVv2Client ¶
func NewKVv2Client(cfg Config) (*KVv2Client, error)
NewKVv2Client returns a Vault KVv2 Secrets Engine wrapper.
func WrapKVv2 ¶
func WrapKVv2(client *vault.KVv2, cfg Config) *KVv2Client
WrapKVv2 wraps the Vault KVv2 Secrets Engine client.
func (*KVv2Client) GetSecret ¶
GetSecret retrieves the latest secret for name from Vault KVv2 Secrets Engine.
func (*KVv2Client) GetSecretWithVersion ¶
func (c *KVv2Client) GetSecretWithVersion(ctx context.Context, name, version string) ([]byte, error)
GetSecretWithVersion retrieves the specific secret version for name from Vault KVv2 Secrets Engine.
func (*KVv2Client) Process ¶
func (c *KVv2Client) Process(spec any, opts ...secretly.ProcessOption) error
Process resolves the provided specification using Vault KVv2 Secrets Engine. ProcessOptions can be provided to add additional processing for the fields, like reading version info from the env or a file.
(*Client).Process is a convenience for calling secretly.Process with the Client.
Source Files