Documentation ¶
Index ¶
- Constants
- type Vault
- func (v *Vault) BasicAuth(username, password, pathUserPass string) (bool, error)
- func (v *Vault) DecryptWithVault(ciphertext, key string) (string, error)
- func (v *Vault) EncryptWithVault(value, key string) (string, error)
- func (v *Vault) GetConfig(secretPath string, config interface{}) error
- func (v *Vault) GetKv2Secret(mountPath string, secretPath string) (map[string]interface{}, error)
Constants ¶
const (
VaultClientKey contextKey = "vaultClient"
)
VaultClientKey is a context key used to store and retrieve the Vault client from context.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Vault ¶
type Vault struct { // Client is the instance of the Vault client. Client *vault.Client // Address is the URL where the Vault server is accessible. Address string // CA path of vault CaCertPath string // Enable Insecure HTTPS communication Insecure bool // UserPassPath is the path to the userpass authentication backend in Vault. UserPassPath string // KvMountPath is the mount path for the configuration. KvMountPath string // TransitPath is the path for the transit secret engine. TransitPath string // Logger is the zap logger instance for logging Vault-related operations. Logger *zap.Logger }
Vault struct represents a Vault client and contains fields for configuration, paths, and a zap logger for logging activities related to Vault operations.
func (*Vault) BasicAuth ¶
BasicAuth authenticates a user against Vault using the userpass authentication backend. It takes in a username, password, and the path to the userpass backend in Vault. On successful authentication, the client token is set in the Vault client. The method returns true on successful authentication, and false otherwise.
func (*Vault) DecryptWithVault ¶
DecryptWithVault uses Vault's Transit secret engine to decrypt the given ciphertext. The function requires a key name to perform the decryption. It returns the decrypted plaintext or an error if unsuccessful.
func (*Vault) EncryptWithVault ¶
EncryptWithVault uses Vault's Transit secret engine to encrypt the given value. The function requires a key name to perform the encryption. It returns the encrypted ciphertext or an error if unsuccessful.
func (*Vault) GetConfig ¶
GetConfig maps configuration data from Vault into the provided 'config' structure. It dynamically reads the 'vault' and 'default' struct tags to know where to pull data from Vault and where to set default values if the data is missing in Vault. The function updates the fields in the 'config' structure in place.
func (*Vault) GetKv2Secret ¶
GetKv2Secret retrieves a KV version 2 secret stored in Vault. The function requires the mount path and the secret path in Vault. Returns a map containing the secret data or an error if unsuccessful.