Documentation
¶
Index ¶
- Variables
- func AreTokensReadOnly() bool
- func CanUseCICDTokens() bool
- func CanUseSSO() bool
- func CanUseVersioning() bool
- func CheckSecretLimit(ctx context.Context, repoID int64) error
- func CheckTokenLimit(ctx context.Context, repoID int64) error
- func DeleteSecret(ctx context.Context, repoID int64, name string, userID int64) error
- func GetAuditRetentionDays() int
- func GetLicenseInfo() *plugins.LicenseInfo
- func GetLimits() *plugins.LicenseLimits
- func GetMaxSecretsPerRepo() int
- func GetMaxTokenTTLHours() int
- func GetMaxTokens() int
- func GetMaxVersions() int
- func GetSecretValue(ctx context.Context, repoID int64, name string, version int) (string, error)
- func GetTier() string
- func HasUnlimitedTokens() bool
- func HasUnlimitedVersions() bool
- func IsAvailable() bool
- func IsLicensed() bool
- func RestoreSecret(ctx context.Context, repoID int64, name string) error
- func RevokeToken(ctx context.Context, repoID, tokenID int64) error
- func RollbackSecret(ctx context.Context, repoID int64, name string, version int, userID int64) error
- type AuditEntry
- type CreateSecretOptions
- type CreateTokenOptions
- type Plugin
- type Secret
- func CreateSecret(ctx context.Context, repoID int64, opts CreateSecretOptions) (*Secret, error)
- func GetSecret(ctx context.Context, repoID int64, name string) (*Secret, error)
- func ListSecrets(ctx context.Context, repoID int64, includeDeleted bool) ([]Secret, error)
- func UpdateSecret(ctx context.Context, repoID int64, name string, opts UpdateSecretOptions) (*Secret, error)
- type SecretVersion
- type Token
- type UpdateSecretOptions
Constants ¶
This section is empty.
Variables ¶
var ( ErrVaultNotAvailable = errors.New("vault plugin not available") ErrVaultNotLicensed = errors.New("vault plugin not licensed") ErrSecretNotFound = errors.New("secret not found") ErrSecretExists = errors.New("secret already exists") ErrSecretLimitReached = errors.New("secret limit reached for current license tier") ErrFeatureNotInTier = errors.New("feature not available in current license tier") ErrTokenNotFound = errors.New("token not found") ErrTokenExpired = errors.New("token expired") ErrTokenLimitReached = errors.New("token limit reached for current license tier") ErrTokenTTLExceeded = errors.New("token TTL exceeds maximum for current license tier") ErrInvalidToken = errors.New("invalid token") ErrInvalidScope = errors.New("invalid token scope") ErrAccessDenied = errors.New("access denied") )
Functions ¶
func AreTokensReadOnly ¶
func AreTokensReadOnly() bool
AreTokensReadOnly returns true if tokens are read-only (Solo tier restriction)
func CanUseCICDTokens ¶
func CanUseCICDTokens() bool
CanUseCICDTokens returns true if the current tier supports CI/CD tokens
func CanUseVersioning ¶
func CanUseVersioning() bool
CanUseVersioning returns true if the current tier supports versioning
func CheckSecretLimit ¶
CheckSecretLimit checks if adding a new secret would exceed the tier limit
func CheckTokenLimit ¶
CheckTokenLimit checks if adding a new token would exceed the tier limit
func DeleteSecret ¶
DeleteSecret soft-deletes a secret
func GetAuditRetentionDays ¶
func GetAuditRetentionDays() int
GetAuditRetentionDays returns the audit log retention days
func GetLicenseInfo ¶
func GetLicenseInfo() *plugins.LicenseInfo
GetLicenseInfo returns the license info for the vault plugin Returns default Solo license if no license file is present
func GetLimits ¶
func GetLimits() *plugins.LicenseLimits
GetLimits returns the license limits for the vault plugin
func GetMaxSecretsPerRepo ¶
func GetMaxSecretsPerRepo() int
GetMaxSecretsPerRepo returns the max secrets allowed per repo (-1 = unlimited)
func GetMaxTokenTTLHours ¶
func GetMaxTokenTTLHours() int
GetMaxTokenTTLHours returns the max token TTL in hours (-1 = unlimited)
func GetMaxTokens ¶
func GetMaxTokens() int
GetMaxTokens returns the max tokens allowed per repo (-1 = unlimited)
func GetMaxVersions ¶
func GetMaxVersions() int
GetMaxVersions returns the max versions to keep per secret (-1 = unlimited)
func GetSecretValue ¶
GetSecretValue gets the decrypted value of a secret
func HasUnlimitedTokens ¶
func HasUnlimitedTokens() bool
HasUnlimitedTokens returns true if the tier has unlimited tokens
func HasUnlimitedVersions ¶
func HasUnlimitedVersions() bool
HasUnlimitedVersions returns true if the tier has unlimited version history
func IsAvailable ¶
func IsAvailable() bool
IsAvailable returns true if the vault plugin is registered
func IsLicensed ¶
func IsLicensed() bool
IsLicensed returns true if the vault plugin is licensed Note: This always returns true if the plugin is available because we default to Solo tier (free) when no license is present
func RestoreSecret ¶
RestoreSecret restores a soft-deleted secret
func RevokeToken ¶
RevokeToken revokes a token
Types ¶
type AuditEntry ¶
type AuditEntry struct {
ID int64
RepoID int64
SecretName string
Action string
UserID int64
UserName string
IPAddress string
Success bool
FailReason string
Timestamp int64
}
AuditEntry represents an audit log entry
type CreateSecretOptions ¶
type CreateSecretOptions struct {
Name string
Description string
Type string
Value string
CreatorID int64
}
CreateSecretOptions contains options for creating a secret
type CreateTokenOptions ¶
type CreateTokenOptions struct {
Description string
Scope string
TTL string // e.g., "1h", "24h", "168h"
CreatorID int64
}
CreateTokenOptions contains options for creating a token
type Plugin ¶
type Plugin interface {
plugins.Plugin
plugins.LicensedPlugin
// Secret operations
ListSecrets(ctx context.Context, repoID int64, includeDeleted bool) ([]Secret, error)
GetSecret(ctx context.Context, repoID int64, name string) (*Secret, error)
GetSecretValue(ctx context.Context, repoID int64, name string, version int) (string, error)
CreateSecret(ctx context.Context, repoID int64, opts CreateSecretOptions) (*Secret, error)
UpdateSecret(ctx context.Context, repoID int64, name string, opts UpdateSecretOptions) (*Secret, error)
DeleteSecret(ctx context.Context, repoID int64, name string, userID int64) error
RestoreSecret(ctx context.Context, repoID int64, name string) error
RollbackSecret(ctx context.Context, repoID int64, name string, version int, userID int64) error
// Version operations
ListVersions(ctx context.Context, repoID int64, name string) ([]SecretVersion, error)
// Token operations
ListTokens(ctx context.Context, repoID int64) ([]Token, error)
CreateToken(ctx context.Context, repoID int64, opts CreateTokenOptions) (*Token, string, error) // returns token and raw value
RevokeToken(ctx context.Context, repoID, tokenID int64) error
ValidateToken(ctx context.Context, rawToken, action, secretName string) (*Token, error)
// Audit operations
ListAuditEntries(ctx context.Context, repoID int64, page, pageSize int) ([]AuditEntry, int64, error)
}
Plugin defines the interface that vault plugins must implement
type Secret ¶
type Secret struct {
ID int64
RepoID int64
Name string
Description string
Type string
CurrentVersion int
CreatedUnix int64
UpdatedUnix int64
DeletedUnix int64
}
Secret represents a vault secret
func CreateSecret ¶
CreateSecret creates a new secret
func GetSecret ¶
GetSecret gets a secret by name
func ListSecrets ¶
ListSecrets lists all secrets for a repository
type SecretVersion ¶
type SecretVersion struct {
ID int64
SecretID int64
Version int
CreatorID int64
CreatorName string
Comment string
CreatedUnix int64
}
SecretVersion represents a version of a secret
type Token ¶
type Token struct {
ID int64
RepoID int64
Description string
Scope string
ExpiresUnix int64
LastUsedUnix int64
IsRevoked bool
IsExpired bool
}
Token represents a CI/CD token
func CreateToken ¶
func CreateToken(ctx context.Context, repoID int64, opts CreateTokenOptions) (*Token, string, error)
CreateToken creates a new CI/CD token
func ListTokens ¶
ListTokens lists all tokens for a repository
Source Files
¶
- vault.go