Affected by GO-2023-2063 and 20 other vulnerabilities

GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

GO-2025-3662: Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault

GO-2025-3663: Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault

GO-2025-3836: Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault

GO-2025-3837: Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2025-3838: Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault

GO-2025-3839: Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault

GO-2025-3840: Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault

GO-2025-3841: Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault

GO-2025-3842: Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault

GO-2025-3848: HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault

GO-2025-3924: HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault

GO-2025-4070: HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault

keymanager

package

v1.14.2 Latest Latest Go to latest Published: Aug 24, 2023 License: MPL-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type KeyManager
type PassthroughKeyManager
- func NewPassthroughKeyManager(ctx context.Context, key []byte) (*PassthroughKeyManager, error)
- func (w *PassthroughKeyManager) RetrievalToken(ctx context.Context) ([]byte, error)
- func (w *PassthroughKeyManager) Wrapper() wrapping.Wrapper

Constants ¶

View Source

const (
	KeyID = "root"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeyManager ¶

type KeyManager interface {
	// Returns a wrapping.Wrapper which can be used to perform key-related operations.
	Wrapper() wrapping.Wrapper
	// RetrievalToken is the material returned which can be used to source back the
	// encryption key. Depending on the implementation, the token can be the
	// encryption key itself or a token/identifier used to exchange the token.
	RetrievalToken(ctx context.Context) ([]byte, error)
}

type PassthroughKeyManager ¶

type PassthroughKeyManager struct {
	// contains filtered or unexported fields
}

func NewPassthroughKeyManager ¶

func NewPassthroughKeyManager(ctx context.Context, key []byte) (*PassthroughKeyManager, error)

NewPassthroughKeyManager returns a new instance of the Kube encryption key. If a key is provided, it will be used as the encryption key for the wrapper, otherwise one will be generated.

func (*PassthroughKeyManager) RetrievalToken ¶

func (w *PassthroughKeyManager) RetrievalToken(ctx context.Context) ([]byte, error)

RetrievalToken returns the key that was used on the wrapper since this key manager is simply a passthrough and does not provide a mechanism to abstract this key.

func (*PassthroughKeyManager) Wrapper ¶

func (w *PassthroughKeyManager) Wrapper() wrapping.Wrapper

Wrapper returns the manager's wrapper for key operations.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL