secrets

package

v1.16.0 Latest Latest Go to latest Published: Dec 15, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/device-management-toolkit/console

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Client
- func NewClient(cfg *config.Secrets, opts ...Option) (*Client, error)
type ObjectStorager
type Option
- func WithClient(client *api.Client) Option
- func WithPath(path string) Option

Constants ¶

View Source

const DefaultSecretPath = "secret/data/console"

Default path for secrets if not configured.

Variables ¶

View Source

var (
	ErrSecretNotFound       = errors.New("secret not found")
	ErrUnexpectedDataFormat = errors.New("unexpected secret data format")
	ErrKeyNotFound          = errors.New("key not found in secret")
	ErrValueNotString       = errors.New("value is not a string")
)

Sentinel errors for secret operations.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client implements the security.Storager interface for HashiCorp Vault.

func NewClient ¶

func NewClient(cfg *config.Secrets, opts ...Option) (*Client, error)

NewClient creates a new Vault Client instance. For production: pass config to create a new API client. For testing: use WithClient option to inject a mock client.

func (*Client) DeleteKeyValue ¶

func (c *Client) DeleteKeyValue(key string) error

DeleteKeyValue deletes a value from Vault. If the key contains "/", it deletes the entire secret at {basePath}/{key}. Otherwise, it removes the key from {basePath}/keys.

func (*Client) GetKeyValue ¶

func (c *Client) GetKeyValue(key string) (string, error)

GetKeyValue reads a value from Vault. If the key contains "/", it's treated as a separate path: {basePath}/{key} with data stored under "value". Otherwise, it's stored in {basePath}/keys with the key as a field name.

func (*Client) GetObject ¶

func (c *Client) GetObject(key string) (map[string]string, error)

GetObject retrieves a map of string values from a path-based secret. The key must contain "/" to specify the path: {basePath}/{key}.

func (*Client) SetKeyValue ¶

func (c *Client) SetKeyValue(key, value string) error

SetKeyValue writes a value to Vault. If the key contains "/", it's treated as a separate path: {basePath}/{key} with data stored under "value". Otherwise, it's stored in {basePath}/keys with the key as a field name.

func (*Client) SetObject ¶

func (c *Client) SetObject(key string, data map[string]string) error

SetObject stores a map of string values at a path-based secret. The key must contain "/" to specify the path: {basePath}/{key}.

type ObjectStorager ¶

type ObjectStorager interface {
	security.Storager
	GetObject(key string) (map[string]string, error)
	SetObject(key string, data map[string]string) error
}

ObjectStorager extends security.Storager with object storage capabilities. This allows storing structured data (like certificates) as proper JSON objects in Vault.

type Option ¶

type Option func(*Client)

Option is a functional option for configuring the Client.

func WithClient ¶

func WithClient(client *api.Client) Option

WithClient sets a pre-configured Vault API client (useful for testing).

func WithPath ¶

func WithPath(path string) Option

WithPath sets a custom path for secrets storage.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL