Skip to content

Latest commit

 

History

History
110 lines (73 loc) · 3.03 KB

DOCS.md

File metadata and controls

110 lines (73 loc) · 3.03 KB

Until I have a stable version with a published documentation, here are the docs of this library:

package libvault // import "github.com/canidam/libvault"


CONSTANTS

const (
	ApproleLoginPath = "/v1/auth/approle/login"
	AwsroleLoginPath = "/v1/auth/aws/login"
)
const (
	TokenLookupPath = "/v1/auth/token/lookup"
	DefaultTimeout  = 10

	ErrAddrMissing  = "vault address is missing"
	ErrTokenMissing = "vault token is missing"
	ErrEmptyToken   = "vault parsed token is empty"
	ErrSecretParse  = "failed to parse secret"
	Err403Auth      = "Authorization error. Check your clientToken."
	Err404NotFound  = "Secret not found"
	ErrUnknown      = "Unknown error"
)

TYPES

type Approle struct {
	// Has unexported fields.
}

func (a Approle) LoginEndpoint() string

func (a Approle) LoginPayload() io.Reader

type Awsrole struct {
	// Has unexported fields.
}

func (a Awsrole) LoginEndpoint() string

func (a Awsrole) LoginPayload() io.Reader

type Option func(vc *VaultClient) error

func ProvideApprole(a Approle) Option

ProvideApprole allows to inject Approle object to the client. Use this if
you want to provide the roleId and secretId from outside, and not getting
them from the environment vars.

func ProvideAwsrole(a Awsrole) Option

ProvideAwsrole allows to inject Awsrole object to the client. Use this if
you want to provide the struct fields from outside, and not getting them
from the environment vars.

func SetRootCA(cp *x509.CertPool) Option

SetRootCA configures the client with specific RootCAs to trust. Use this
when you work with a vault server that uses self-signed certificates.

func SetToken(token string) Option

SetToken configures the vault token to use when communicating with the
server

func SetVaultAddr(addr string) Option

SetVaultAddr configures the vault server address of the client

func UseApprole() Option

UseApprole configures the client with the Approle auth method. Enabling this
option will read the VAULT_ROLE_ID and VAULT_SECRET_ID from environment vars

func UseAwsrole() Option

UseAwsrole configures the client with the Awsrole auth method. It reads the
VAULT_ROLE, VAULT_PKCS7 and VAULT_NONCE from environment vars

type Secret interface {
	Secrets() map[string]string
}
Secret is the interface to fetch secrets from the secrets engine used

type VaultClient struct {
	// Has unexported fields.
}

func NewClient(opts ...func(v *VaultClient) error) (*VaultClient, error)

NewClient creates a new Vault client. The default client is a valid one. You
can configure it using functional options. Check the vault_test.go file for
examples.

func (c *VaultClient) LookupToken() error

LookupToken performs lookup on a token (mostly to validate it)

func (c *VaultClient) Read(secretPath string) (map[string]string, error)

Read reads a single secret path from the Vault

func (c *VaultClient) ReadMany(secretsPaths []string) (map[string]string, error)

ReadMany reads all the secretsPaths defined, returning a single map
containing all the secrets. If a secret key exists in more than a single
path, the secret return is from the last path specified.