Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Vault is a vault client configured with SetToken (or defaulting to VAULT_TOKEN
// from the environment)
Vault *vaultapi.Client
// Path is the key in vault (in a KVv2 secrets engine), for example "kv/data/project/tokens"
Path string
// RefreshInterval is the interval a new token is written. Vault defaults to keeping
// 10 versions (so by default the validity period of the signatures is 10 * interval).
// Defaults to 16 hours, plus/minus 90 seconds to minimize race conditions (rotating
// the token twice).
// https://developer.hashicorp.com/vault/tutorials/secrets-management/versioned-kv#step-4-specify-the-number-of-versions-to-keep
RefreshInterval time.Duration
}
Config configures the token manager on initalization
type TokenManager ¶
type TokenManager struct {
// contains filtered or unexported fields
}
func New ¶
func New(ctx context.Context, cfg *Config) (*TokenManager, error)
New returns a TokenManager using specified Config. A goroutine will run to refresh the token until the context is cancelled.
func (*TokenManager) SignBytes ¶
func (tm *TokenManager) SignBytes(data ...[]byte) ([]byte, error)
SignBytes returns a base64 encoded hmac signature of the given data, using the most recent key. The signature is prefixed with the key version
func (*TokenManager) ValidateBytes ¶
func (tm *TokenManager) ValidateBytes(sig []byte, data ...[]byte) (bool, error)
ValidateBytes will validate the signature matches the specified data. The signature from SignBytes includes a key version. An error is returned if the key version isn't available anymore.
Source Files
Click to show internal directories.
Click to hide internal directories.