Documentation ¶
Overview ¶
Package vault implements a SecretsProvider backend that uses the configured vault server for storing sensitive information.
Index ¶
- Constants
- type AuthRequest
- type Provider
- func (p *Provider) Close() error
- func (p *Provider) ReadSecret(name string) ([]byte, error)
- func (p *Provider) ReadSecretMap(name string) (map[string][]byte, error)
- func (p *Provider) Setup(client client.Client, cluster *appv1.VDICluster) error
- func (p *Provider) WriteSecret(name string, content []byte) error
- func (p *Provider) WriteSecretMap(name string, content map[string][]byte) error
Constants ¶
const DefaultTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
DefaultTokenPath is where the k8s serviceaccount token is mounted inside the container.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthRequest ¶
AuthRequest represents a request for a vault token using the k8s JWT. There is probably a struct defined in the libary for this somewhere.
type Provider ¶
type Provider struct { common.SecretsProvider // contains filtered or unexported fields }
Provider implements a SecretsProvider that matches secret names to keys in vault.
func (*Provider) Close ¶
Close signals the stop channel if it's been created, and revokes the token if there is a client configured.
func (*Provider) ReadSecret ¶
ReadSecret implements SecretsProvider and will retrieve the requsted secret from vault. Since it is assume that all secrets are []byte, when reading the secret we have to decode the base64 that vault returns it as.
func (*Provider) ReadSecretMap ¶
ReadSecretMap returns a map from the vault server.
func (*Provider) Setup ¶
Setup will set configurations then make sure we are able to read a k8s token and gain vault access with it. If authentication succeeds, a loop is spawned to keep the token fresh.
func (*Provider) WriteSecret ¶
WriteSecret implements SecretsProvider and will write the secret to the vault backend.
func (*Provider) WriteSecretMap ¶
WriteSecretMap implements SecretsProvider and will write the key-value pair to the secrets backend. The secret can be read back in the same fashion. This will be the preferred function going forward.