Documentation
¶
Index ¶
- Variables
- func AreTokensReadOnly() bool
- func CanUseCICDTokens() bool
- func CanUseSSO() bool
- func CanUseVersioning() bool
- func CheckSecretLimit(ctx context.Context, repoID int64) error
- func CheckTokenLimit(ctx context.Context, repoID int64) error
- func DeleteSecret(ctx context.Context, repoID int64, name string, userID int64) error
- func GetAuditRetentionDays() int
- func GetConfigurationError() string
- func GetLicenseInfo() *plugins.LicenseInfo
- func GetLimits() *plugins.LicenseLimits
- func GetMaxSecretsPerRepo() int
- func GetMaxTokenTTLHours() int
- func GetMaxTokens() int
- func GetMaxVersions() int
- func GetSecretValue(ctx context.Context, repoID int64, name string, version int) (string, error)
- func GetTier() string
- func HasUnlimitedTokens() bool
- func HasUnlimitedVersions() bool
- func IsAvailable() bool
- func IsConfigured() bool
- func IsLicensed() bool
- func RestoreSecret(ctx context.Context, repoID int64, name string) error
- func RevokeToken(ctx context.Context, repoID, tokenID int64) error
- func RollbackSecret(ctx context.Context, repoID int64, name string, version int, userID int64) error
- type AuditEntry
- type ConfigurablePlugin
- type CreateSecretOptions
- type CreateTokenOptions
- type Plugin
- type Secret
- func CreateSecret(ctx context.Context, repoID int64, opts CreateSecretOptions) (*Secret, error)
- func GetSecret(ctx context.Context, repoID int64, name string) (*Secret, error)
- func ListSecrets(ctx context.Context, repoID int64, includeDeleted bool) ([]Secret, error)
- func UpdateSecret(ctx context.Context, repoID int64, name string, opts UpdateSecretOptions) (*Secret, error)
- type SecretVersion
- type Token
- type UpdateSecretOptions
Constants ¶
This section is empty.
Variables ¶
var ( ErrVaultNotAvailable = errors.New("vault plugin not available") ErrVaultNotLicensed = errors.New("vault plugin not licensed") ErrVaultNotConfigured = errors.New("vault master key not configured") ErrSecretNotFound = errors.New("secret not found") ErrSecretExists = errors.New("secret already exists") ErrSecretLimitReached = errors.New("secret limit reached for current license tier") ErrFeatureNotInTier = errors.New("feature not available in current license tier") ErrTokenNotFound = errors.New("token not found") ErrTokenExpired = errors.New("token expired") ErrTokenLimitReached = errors.New("token limit reached for current license tier") ErrTokenTTLExceeded = errors.New("token TTL exceeds maximum for current license tier") ErrInvalidToken = errors.New("invalid token") ErrInvalidScope = errors.New("invalid token scope") ErrAccessDenied = errors.New("access denied") )
Functions ¶
func AreTokensReadOnly ¶
func AreTokensReadOnly() bool
AreTokensReadOnly returns true if tokens are read-only (Solo tier restriction)
func CanUseCICDTokens ¶
func CanUseCICDTokens() bool
CanUseCICDTokens returns true if the current tier supports CI/CD tokens
func CanUseVersioning ¶
func CanUseVersioning() bool
CanUseVersioning returns true if the current tier supports versioning
func CheckSecretLimit ¶
CheckSecretLimit checks if adding a new secret would exceed the tier limit
func CheckTokenLimit ¶
CheckTokenLimit checks if adding a new token would exceed the tier limit
func DeleteSecret ¶
DeleteSecret soft-deletes a secret
func GetAuditRetentionDays ¶
func GetAuditRetentionDays() int
GetAuditRetentionDays returns the audit log retention days
func GetConfigurationError ¶ added in v3.1.8
func GetConfigurationError() string
GetConfigurationError returns the configuration error message if the vault plugin is not properly configured. Returns empty string if configured or if the plugin doesn't implement ConfigurablePlugin interface.
func GetLicenseInfo ¶
func GetLicenseInfo() *plugins.LicenseInfo
GetLicenseInfo returns the license info for the vault plugin Returns default Solo license if no license file is present
func GetLimits ¶
func GetLimits() *plugins.LicenseLimits
GetLimits returns the license limits for the vault plugin
func GetMaxSecretsPerRepo ¶
func GetMaxSecretsPerRepo() int
GetMaxSecretsPerRepo returns the max secrets allowed per repo (-1 = unlimited)
func GetMaxTokenTTLHours ¶
func GetMaxTokenTTLHours() int
GetMaxTokenTTLHours returns the max token TTL in hours (-1 = unlimited)
func GetMaxTokens ¶
func GetMaxTokens() int
GetMaxTokens returns the max tokens allowed per repo (-1 = unlimited)
func GetMaxVersions ¶
func GetMaxVersions() int
GetMaxVersions returns the max versions to keep per secret (-1 = unlimited)
func GetSecretValue ¶
GetSecretValue gets the decrypted value of a secret
func HasUnlimitedTokens ¶
func HasUnlimitedTokens() bool
HasUnlimitedTokens returns true if the tier has unlimited tokens
func HasUnlimitedVersions ¶
func HasUnlimitedVersions() bool
HasUnlimitedVersions returns true if the tier has unlimited version history
func IsAvailable ¶
func IsAvailable() bool
IsAvailable returns true if the vault plugin is registered
func IsConfigured ¶ added in v3.1.8
func IsConfigured() bool
IsConfigured returns true if the vault plugin is properly configured (e.g., has a master key set). Returns true if plugin doesn't implement ConfigurablePlugin interface (assumes configured).
func IsLicensed ¶
func IsLicensed() bool
IsLicensed returns true if the vault plugin is licensed Note: This always returns true if the plugin is available because we default to Solo tier (free) when no license is present
func RestoreSecret ¶
RestoreSecret restores a soft-deleted secret
func RevokeToken ¶
RevokeToken revokes a token
Types ¶
type AuditEntry ¶
type AuditEntry struct {
ID int64
RepoID int64
SecretName string
Action string
UserID int64
UserName string
IPAddress string
Success bool
FailReason string
Timestamp int64
}
AuditEntry represents an audit log entry
type ConfigurablePlugin ¶ added in v3.1.8
type ConfigurablePlugin interface {
// IsConfigured returns true if the plugin is properly configured (e.g., has master key)
IsConfigured() bool
// ConfigurationError returns the configuration error message, if any
ConfigurationError() string
}
ConfigurablePlugin is an optional interface that vault plugins can implement to report their configuration status
type CreateSecretOptions ¶
type CreateSecretOptions struct {
Name string
Description string
Type string
Value string
CreatorID int64
}
CreateSecretOptions contains options for creating a secret
type CreateTokenOptions ¶
type CreateTokenOptions struct {
Description string
Scope string
TTL string // e.g., "1h", "24h", "168h"
CreatorID int64
}
CreateTokenOptions contains options for creating a token
type Plugin ¶
type Plugin interface {
plugins.Plugin
plugins.LicensedPlugin
// Secret operations
ListSecrets(ctx context.Context, repoID int64, includeDeleted bool) ([]Secret, error)
GetSecret(ctx context.Context, repoID int64, name string) (*Secret, error)
GetSecretValue(ctx context.Context, repoID int64, name string, version int) (string, error)
CreateSecret(ctx context.Context, repoID int64, opts CreateSecretOptions) (*Secret, error)
UpdateSecret(ctx context.Context, repoID int64, name string, opts UpdateSecretOptions) (*Secret, error)
DeleteSecret(ctx context.Context, repoID int64, name string, userID int64) error
RestoreSecret(ctx context.Context, repoID int64, name string) error
RollbackSecret(ctx context.Context, repoID int64, name string, version int, userID int64) error
// Version operations
ListVersions(ctx context.Context, repoID int64, name string) ([]SecretVersion, error)
// Token operations
ListTokens(ctx context.Context, repoID int64) ([]Token, error)
CreateToken(ctx context.Context, repoID int64, opts CreateTokenOptions) (*Token, string, error) // returns token and raw value
RevokeToken(ctx context.Context, repoID, tokenID int64) error
ValidateToken(ctx context.Context, rawToken, action, secretName string) (*Token, error)
// Audit operations
ListAuditEntries(ctx context.Context, repoID int64, page, pageSize int) ([]AuditEntry, int64, error)
}
Plugin defines the interface that vault plugins must implement
type Secret ¶
type Secret struct {
ID int64
RepoID int64
Name string
Description string
Type string
CurrentVersion int
CreatedUnix int64
UpdatedUnix int64
DeletedUnix int64
}
Secret represents a vault secret
func CreateSecret ¶
CreateSecret creates a new secret
func GetSecret ¶
GetSecret gets a secret by name
func ListSecrets ¶
ListSecrets lists all secrets for a repository
type SecretVersion ¶
type SecretVersion struct {
ID int64
SecretID int64
Version int
CreatorID int64
CreatorName string
Comment string
CreatedUnix int64
}
SecretVersion represents a version of a secret
type Token ¶
type Token struct {
ID int64
RepoID int64
Description string
Scope string
CreatedUnix int64
ExpiresUnix int64
LastUsedUnix int64
UsedCount int64
IsRevoked bool
IsExpired bool
}
Token represents a CI/CD token
func CreateToken ¶
func CreateToken(ctx context.Context, repoID int64, opts CreateTokenOptions) (*Token, string, error)
CreateToken creates a new CI/CD token
func ListTokens ¶
ListTokens lists all tokens for a repository
Source Files
¶
- vault.go