Documentation
¶
Index ¶
- func DefaultMapper(s string) (*store.Credential, error)
- func GetFromVaultSecretsAPI(ctx context.Context, client *vault.Client, mountPath string, path string) (string, error)
- type APIDatabaseCredentials
- type AgentDatabaseCredentials
- type CredentialLocation
- type Credentials
- type KvCredentials
- type Mapper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultMapper ¶
func DefaultMapper(s string) (*store.Credential, error)
DefaultMapper maps the default username/password structure returned from the Vault API.
Types ¶
type APIDatabaseCredentials ¶
type APIDatabaseCredentials struct {
// contains filtered or unexported fields
}
APIDatabaseCredentials gets DB credentials from the Vault Database Secrets engine See: https://www.vaultproject.io/docs/secrets/databases/
func (*APIDatabaseCredentials) GetCredentials ¶
func (db *APIDatabaseCredentials) GetCredentials(ctx context.Context, client *vault.Client) (string, error)
GetCredentials implements the CredentialLocation interface.
func (*APIDatabaseCredentials) Map ¶
func (*APIDatabaseCredentials) Map(s string) (*store.Credential, error)
Map implements the CredentialLocation interface.
type AgentDatabaseCredentials ¶
type AgentDatabaseCredentials struct {
// contains filtered or unexported fields
}
AgentDatabaseCredentials gets DB credentials the Vault Agent creates on disk See: https://www.vaultproject.io/docs/agent/index.html One of the key features of the Vault agent is that it can spit out credentials using Consul template markup. See https://www.vaultproject.io/docs/agent/template for details.
func (*AgentDatabaseCredentials) GetCredentials ¶
func (adb *AgentDatabaseCredentials) GetCredentials(_ context.Context, _ *vault.Client) (string, error)
GetCredentials implements the CredentialLocation interface.
func (*AgentDatabaseCredentials) Map ¶
func (adb *AgentDatabaseCredentials) Map(s string) (*store.Credential, error)
Map implements the CredentialLocation interface.
type CredentialLocation ¶
type CredentialLocation interface {
GetCredentials(ctx context.Context, client *vault.Client) (string, error)
Map(s string) (*store.Credential, error)
}
CredentialLocation represents a location where credentials can be retrieved from.
func NewAPIDatabaseCredentials ¶
func NewAPIDatabaseCredentials(role, path string) CredentialLocation
NewAPIDatabaseCredentials creates a new credential location backed by Vault's DB Secrets engine.
The path argument will be mostly unused unless the user mounts the database backend in a different location.
func NewAgentDatabaseCredentials ¶
func NewAgentDatabaseCredentials(mapper Mapper, path string) CredentialLocation
NewAgentDatabaseCredentials creates a new AgentDatabaseCredentials instance.
func NewKvCredentials ¶
func NewKvCredentials(mountPath string, path string) CredentialLocation
NewKvCredentials retrieves credentials from Vault's K/V store.
type Credentials ¶
Credentials represents an abstraction over a username and password.
type KvCredentials ¶
type KvCredentials struct {
// contains filtered or unexported fields
}
KvCredentials implements the CredentialLocation interface.
func (*KvCredentials) GetCredentials ¶
func (kv *KvCredentials) GetCredentials(ctx context.Context, client *vault.Client) (string, error)
GetCredentials implements the CredentialLocation interface.
func (*KvCredentials) Map ¶
func (*KvCredentials) Map(s string) (*store.Credential, error)
Map implements the CredentialLocation interface.
Source Files