vault

package

v0.2.5 Latest Latest Go to latest Published: Feb 19, 2024 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/worldline-go/igconfig

Links

Open Source Insights

Documentation ¶

Index ¶

func Database(role string) string
func GetCredentials(path string) (*api.Secret, error)
func GetCredentialsWithClient(cl *api.Client, path string) (*api.Secret, error)
func GetCredentialsWithReader(reader LogicReader, path string) (*api.Secret, error)
func KeepRenewed(ctx context.Context, cl *api.Client, secret *api.Secret) error
type DatabaseCred
- func ForDatabase(data map[string]interface{}) DatabaseCred
type LogicReader

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Database ¶

func Database(role string) string

Database returns usable path to get database lease path for specified role.

func GetCredentials ¶

func GetCredentials(path string) (*api.Secret, error)

GetCredentials obtains(reads) secret from Vault.

This could be used to get normal credentials and also lease them. If secret should be renewed - please use KeepRenewed function.

'path' is Vaults path that should return secret when it is read. For example any secret engine.

Argument 'path' can be constructed with provided functions, for example Database.

Example:

s, err := GetCredentials(Database("test_app_recon"))

// Secret 's' is already usable, but
// if needs to be renewed(for example when it is leased database credentials) - use this.
// Cancel this context when renewal should be stopped.
ctx, cancel := context.WithCancel(context.Background())

// After renewal is stopped secret will be valid for no more than it's TTL time.
go KeepRenewed(ctx, cl, s) // 'cl' is *vault/api.Client

// Now secret 's' will be valid for as long as context is not canceled.

func GetCredentialsWithClient ¶

func GetCredentialsWithClient(cl *api.Client, path string) (*api.Secret, error)

GetCredentialsWithClient see GetCredentials for path description.

This function starts goroutine to renew secret. This is non-optional, but controlled by provided context. Renew will stop when context will be canceled. If context is canceled before renew would be started(for example canceled context was passed in this function) - renew will not kick in. Secret will be retrieved and returned without starting renewal process.

func GetCredentialsWithReader ¶

func GetCredentialsWithReader(reader LogicReader, path string) (*api.Secret, error)

GetCredentialsWithReader uses provided reader to retrieve leased secret from specified path.

In general case use GetCredentials.

func KeepRenewed ¶

func KeepRenewed(ctx context.Context, cl *api.Client, secret *api.Secret) error

KeepRenewed will keep secret valid until context will be canceled or error happens.

This is blocking function. But it does spawn goroutine that will keep secret updated. This means that developer needs only to handle error cases.

If secret is not renewable - it will immediately exit.

If function is stopped gracefully(eg context canceled) - no error is returned.

Types ¶

type DatabaseCred ¶

type DatabaseCred struct {
	Username string
	Password string
}

DatabaseCred is a credential for database

func ForDatabase ¶

func ForDatabase(data map[string]interface{}) DatabaseCred

ForDatabase map data to DatabaseCred.

type LogicReader ¶

type LogicReader func(string) (*api.Secret, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL