Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Vault is a vault client configured with SetToken (or defaulting to VAULT_TOKEN // from the environment) Vault *vaultapi.Client // Path is the key in vault (in a KVv2 secrets engine), for example "kv/data/project/tokens" Path string // RefreshInterval is the interval a new token is written. Vault defaults to keeping // 10 versions (so by default the validity period of the signatures is 10 * interval). // Defaults to 16 hours, plus/minus 90 seconds to minimize race conditions (rotating // the token twice). // https://developer.hashicorp.com/vault/tutorials/secrets-management/versioned-kv#step-4-specify-the-number-of-versions-to-keep RefreshInterval time.Duration }
Config configures the token manager on initalization
type TokenManager ¶
type TokenManager struct {
// contains filtered or unexported fields
}
func New ¶
func New(ctx context.Context, cfg *Config) (*TokenManager, error)
New returns a TokenManager using specified Config. A goroutine will run to refresh the token until the context is cancelled.
func (*TokenManager) SignBytes ¶
func (tm *TokenManager) SignBytes(data ...[]byte) ([]byte, error)
SignBytes returns a base64 encoded hmac signature of the given data, using the most recent key. The signature is prefixed with the key version
func (*TokenManager) ValidateBytes ¶
func (tm *TokenManager) ValidateBytes(sig []byte, data ...[]byte) (bool, error)
ValidateBytes will validate the signature matches the specified data. The signature from SignBytes includes a key version. An error is returned if the key version isn't available anymore.
Click to show internal directories.
Click to hide internal directories.