Documentation ¶
Overview ¶
Package vault provides a Vault provider.
Setting up the environment to run the application. There are two methods to set up the environment to run the application.
Flags (not recommended)
Values are set by specifying flags. In the following example, values are set and then the env command is run.
configurer l v \ --address "{address}" \ --role-id "xyz" \ --app-role "{project_name}" \ --secret-id "xyz" \ --mount-path "kv" \ --namespace "{namespace}" \ --secret-path "/{project_name}/{environment}/{service_name}/main" -- env
Environment Variables (this is the recommended, and preferred way)
Setup values are set by specifying environment variables. In the following example, values are set and then the env command is run. It's cleaner and more secure.
export VAULT_ADDR="{address}" export VAULT_APP_ROLE_ID="xyz" export VAULT_APP_ROLE={project_name} export VAULT_APP_SECRET_ID="xyz" export VAULT_MOUNT_PATH="kv" export VAULT_NAMESPACE="{namespace}" export VAULT_SECRET_PATH="/{project_name}/{environment}/{service_name}/main" configurer l v -- env
Index ¶
Constants ¶
const Name = "vault"
Name of the provider.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New( override, rawValue bool, authInformation *Auth, secretInformation *SecretInformation, ) (provider.IProvider, error)
New sets up a new Vault provider. It'll pull secrets from Hashicorp Vault, and then exports to the environment.
It supports the following authentication methods:
- AppRole
- Token
The following environment variables can be used to configure the provider:
- VAULT_ADDR: The address of the Vault server.
- VAULT_APP_ROLE_ID: AppRole Role ID
- VAULT_APP_ROLE: The AppRole to use for authentication.
- VAULT_APP_SECRET_ID: AppRole Secret ID
- VAULT_NAMESPACE: The Vault namespace to use for authentication.
- VAULT_TOKEN: The token to use for authentication.
NOTE: If no app role is set, the provider will default to using token.
NOTE: Already exported environment variables have precedence over loaded ones. Set the overwrite flag to true to override them.
func NewWithConfig ¶
func NewWithConfig( override, rawValue bool, authInformation *Auth, secretInformation *SecretInformation, config Config, ) (provider.IProvider, error)
NewWithConfig is the same as New but allows to set/pass additional configuration to the Vault client. If `config` is set to `nil`, Vault will use configuration from `DefaultConfig()`, which is the recommended starting configuration.
Types ¶
type Auth ¶
type Auth struct { Address string `json:"address" validate:"required"` AppRole string `json:"-" validate:"omitempty,gte=1"` Namespace string `json:"-" validate:"omitempty,gte=1"` RoleID string `json:"role_id" validate:"omitempty,gte=1"` SecretID string `json:"secret_id" validate:"omitempty,gte=1"` Token string `json:"-" validate:"omitempty,gte=1"` }
Auth is Vault authentication information.
type SecretInformation ¶
type SecretInformation struct { MountPath string `json:"-" validate:"required"` SecretPath string `json:"-" validate:"required"` }
SecretInformation is the information about a secret, where to retrieve it.
type Vault ¶
type Vault struct { *provider.Provider `json:"-" validate:"required"` *Auth `json:"-" validate:"required"` *SecretInformation `json:"-" validate:"required"` // contains filtered or unexported fields }
Vault provider definition.