Documentation ¶
Overview ¶
Package kv provides an API client for the Vault KVv2 secrets engine.
To use the default KV secrets engine mounted at "/secret", use the DefaultClient:
// List the KV secret keys at the path "/secret/some/nested/path". kv.DefaultClient.ReadSecret("some/nested/path") kv.ListSecrets("some/nested/path") // shorthand of the above line
To use a kv secrets engine mounted at a custom path, create a new Client:
// Create a secret at the KV path "/my-kv/some/path". c := kv.NewClient("/my-kv", nil) c.WriteSecret("some/path", map[string]interface{}{"foo": "bar"})
vailable
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2 for more information on the available endpoints.
Index ¶
- Variables
- func DeleteSecretLatest(path string) error
- func DeleteSecretMetadata(path string) error
- func DeleteSecretVersion(path string, version ...int) error
- func DestroySecretVersion(path string, version ...int) error
- func ListSecrets(path string) ([]string, error)
- func SetEngineConfig(cfg SecretConfig) error
- func UndeleteSecretVersion(path string, version ...int) error
- func WriteSecretMetadata(path string, cfg SecretConfig) error
- type Client
- func (c *Client) DeleteSecretLatest(path string) error
- func (c *Client) DeleteSecretMetadata(path string) error
- func (c *Client) DeleteSecretVersion(path string, version ...int) error
- func (c *Client) DestroySecretVersion(path string, version ...int) error
- func (c *Client) EngineConfig() (SecretConfig, error)
- func (c *Client) ListSecrets(path string) ([]string, error)
- func (c *Client) ReadSecretLatest(path string) (Secret, error)
- func (c *Client) ReadSecretMetadata(path string) (SecretMetadata, error)
- func (c *Client) ReadSecretVersion(path string, version int) (Secret, error)
- func (c *Client) SetEngineConfig(cfg SecretConfig) error
- func (c *Client) UndeleteSecretVersion(path string, version ...int) error
- func (c *Client) WriteSecretLatest(path string, data map[string]interface{}) (SecretVersion, error)
- func (c *Client) WriteSecretMetadata(path string, cfg SecretConfig) error
- func (c *Client) WriteSecretVersion(path string, version int, data map[string]interface{}) (SecretVersion, error)
- type Secret
- type SecretConfig
- type SecretMetadata
- type SecretVersion
Constants ¶
This section is empty.
Variables ¶
var DefaultClient = NewClient(defaultMountPath, nil)
DefaultClient is a KVv2 API client mounted at the default path in Vault.
Functions ¶
func DeleteSecretLatest ¶
DeleteSecretLatest soft deletes the latest secret version at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret.
func DeleteSecretMetadata ¶
DeleteSecretMetadata permanently deletes the secret metadata and all versions at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-metadata-and-all-versions.
func DeleteSecretVersion ¶
DeleteSecretVersion soft deletes the secret version(s) at the specified path using the DefaultClient. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-secret-versions.
func DestroySecretVersion ¶
DestroySecretVersion permanently deletes the secret version(s) at the specified path using the DefaultClient. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#destroy-secret-versions.
func ListSecrets ¶
ListSecrets lists the secret keys at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#list-secrets.
func SetEngineConfig ¶
func SetEngineConfig(cfg SecretConfig) error
SetEngineConfig updates the KVv2 secrets engine configuration using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#configure-the-kv-engine.
func UndeleteSecretVersion ¶
UndeleteSecretVersion restores the secret version(s) at the specified path using the DefaultClient. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#undelete-secret-versions.
func WriteSecretMetadata ¶
func WriteSecretMetadata(path string, cfg SecretConfig) error
WriteSecretMetadata updates the secret configuration at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#update-metadata.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an API client for the Vault KVv2 secrets engine.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#kv-secrets-engine-version-2-api.
func NewClient ¶
func NewClient(path string, client vault.LogicalClient) *Client
NewClient creates a new KVv2 API client for the secrets engine mounted at the given path in Vault.
func (*Client) DeleteSecretLatest ¶
DeleteSecretLatest soft deletes the latest secret version at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret.
func (*Client) DeleteSecretMetadata ¶
DeleteSecretMetadata permanently deletes the secret metadata and all versions at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-metadata-and-all-versions.
func (*Client) DeleteSecretVersion ¶
DeleteSecretVersion soft deletes the secret version(s) at the specified path. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#delete-secret-versions.
func (*Client) DestroySecretVersion ¶
DestroySecretVersion permanently deletes the secret version(s) at the specified path. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#destroy-secret-versions.
func (*Client) EngineConfig ¶
func (c *Client) EngineConfig() (SecretConfig, error)
EngineConfig returns the KVv2 secrets engine configuration.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-kv-engine-configuration.
func (*Client) ListSecrets ¶
ListSecrets lists the secret keys at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#list-secrets.
func (*Client) ReadSecretLatest ¶
ReadSecretLatest reads the latest secret version at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-version.
func (*Client) ReadSecretMetadata ¶
func (c *Client) ReadSecretMetadata(path string) (SecretMetadata, error)
ReadSecretMetadata returns the metadata of the secret at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-metadata.
func (*Client) ReadSecretVersion ¶
ReadSecretVersion reads the secret version at the specified path. If the version is negative, the latest secret version is read.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-version.
func (*Client) SetEngineConfig ¶
func (c *Client) SetEngineConfig(cfg SecretConfig) error
SetEngineConfig updates the KVv2 secrets engine configuration.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#configure-the-kv-engine.
func (*Client) UndeleteSecretVersion ¶
UndeleteSecretVersion restores the secret version(s) at the specified path. Must specify at least one version.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#undelete-secret-versions.
func (*Client) WriteSecretLatest ¶
func (c *Client) WriteSecretLatest(path string, data map[string]interface{}) (SecretVersion, error)
WriteSecretLatest creates or updates the latest secret version at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#create-update-secret.
func (*Client) WriteSecretMetadata ¶
func (c *Client) WriteSecretMetadata(path string, cfg SecretConfig) error
WriteSecretMetadata updates the secret configuration at the specified path.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#update-metadata.
func (*Client) WriteSecretVersion ¶
func (c *Client) WriteSecretVersion(path string, version int, data map[string]interface{}) (SecretVersion, error)
WriteSecretVersion creates or updates a secret version at the specified path.
If the version is less than zero, all writes are allowed. If the version is zero, writes are allowed only if the secret does not already exist. If the version is positive, writes are allowed only if the specified version matches the current version of the secret.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#create-update-secret.
type Secret ¶
type Secret struct { // The data stored at the secret path. Data map[string]interface{} `json:"data"` // The version metadata associated with the secret. Metadata SecretVersion `json:"metadata"` }
Secret represents a secret's data and its specific version metadata.
func ReadSecretLatest ¶
ReadSecretLatest reads the latest secret version at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-version.
func ReadSecretVersion ¶
ReadSecretVersion reads the secret version at the specified path using the DefaultClient. If the version is negative, the latest secret version is read.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-version.
type SecretConfig ¶
type SecretConfig struct { // The maximum allowed number of secret versions to keep. MaxVersions int `json:"max_versions,omitempty"` // Specifies if CAS is required for a secret. CASRequired bool `json:"cas_required,omitempty"` // Specified the duration after which to delete secret version(s). DeleteVersionAfter time.Duration `json:"delete_version_after,omitempty"` }
SecretConfig represents the configurable settings of a secret stored in the KVv2 secrets engine. Can be used for global or local secret configuration.
func EngineConfig ¶
func EngineConfig() (SecretConfig, error)
EngineConfig returns the KVv2 secrets engine configuration using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-kv-engine-configuration.
type SecretMetadata ¶
type SecretMetadata struct { // The time at which the secret was created. CreatedTime time.Time `json:"created_time"` // The latest version of the secret. CurrentVersion int `json:"current_version"` // The maximum allowed number of secret versions to store. MaxVersions int `json:"max_versions"` // The oldest available version of the secret. OldestVersion int `json:"oldest_version"` // The last time at which the secret was updated, or modified. UpdatedTime time.Time `json:"updated_time"` // The version metadata for all versions of the secret. Versions map[string]SecretVersion `json:"versions"` }
SecretMetadata represents a secret's data and all of its version metadata.
func ReadSecretMetadata ¶
func ReadSecretMetadata(path string) (SecretMetadata, error)
ReadSecretMetadata returns the metadata of the secret at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-metadata.
type SecretVersion ¶
type SecretVersion struct { // The time at which the secret version was created. CreatedTime time.Time `json:"created_time"` // The time at which the secret version was deleted (if deleted). DeletionTime time.Time `json:"deletion_time"` // Specifies if the secret version was destroyed. Destroyed bool `json:"destroyed"` // The specific version of the secret. Version int `json:"version"` }
SecretVersion represents metadata about a specific version of a secret.
func WriteSecretLatest ¶
func WriteSecretLatest(path string, data map[string]interface{}) (SecretVersion, error)
WriteSecretLatest creates or updates the latest secret version at the specified path using the DefaultClient.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#create-update-secret.
func WriteSecretVersion ¶
func WriteSecretVersion(path string, version int, data map[string]interface{}) (SecretVersion, error)
WriteSecretVersion creates or updates a secret version at the specified path using the DefaultClient.
If the version is less than zero, all writes are allowed. If the version is zero, writes are allowed only if the secret does not already exist. If the version is positive, writes are allowed only if the specified version matches the current version of the secret.
See https://www.vaultproject.io/api-docs/secret/kv/kv-v2#create-update-secret.