Documentation
¶
Overview ¶
Package vault implements envelop encryption provider based on Vault KMS
Package vault implements envelop encryption provider based on Vault KMS
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnvelopeConfig ¶
type EnvelopeConfig struct {
// The names of encryption key for Vault transit communication
KeyNames []string `json:"keyNames"`
// Vault listen address, for example https://localhost:8200
Address string `json:"addr"`
// Token authentication information
Token string `json:"token"`
// TLS certificate authentication information
ClientCert string `json:"clientCert"`
ClientKey string `json:"clientKey"`
// AppRole authentication information
RoleID string `json:"roleID"`
SecretID string `json:"secretID"`
// CACert is the path to a PEM-encoded CA cert file to use to verify the
// Vault server SSL certificate.
VaultCACert string `json:"vaultCACert"`
// TLSServerName, if set, is used to set the SNI host when connecting via TLS.
TLSServerName string `json:"tlsServerName"`
// The path for transit API, default is "transit"
TransitPath string `json:"transitPath"`
// The path for auth backend, default is "auth"
AuthPath string `json:"authPath"`
}
EnvelopeConfig contains connection information for Vault transformer
type VaultEnvelopeService ¶
type VaultEnvelopeService struct {
// contains filtered or unexported fields
}
func KMSFactory ¶
func KMSFactory(configFile io.Reader) (*VaultEnvelopeService, error)
KMSFactory function creates Vault KMS service
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.