Documentation
¶
Overview ¶
Package auth contains all the functionality necessary for authenticating with Vault.
See https://www.vaultproject.io/api-docs/auth for more information.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultKubernetesJWTProvider ¶ added in v0.0.7
DefaultKubernetesJWTProvider reads the Kubernetes service account JWT token located at /var/run/secrets/kubernetes.io/serviceaccount/token and returns it.
Types ¶
type Client ¶
Client is the gateway into the auth functionality provided by Vault.
func (*Client) Automatic ¶
Automatic handles login and renewal automatically for you in the background using the configured auth method.
Tokens are renewed 5 seconds before expiration if eligible. If a lease is less than 5 seconds long, the token will be replaced instead of attempting renewal.
All login and renewal events and any associated errors are sent to the returned events channel. This channel haas a buffer of 1 to help the event receiver keep up with the events. If the channel is ignored or events are not received quickly enough, events will be dropped and not sent to the channel to avoid impeding the authentication process.
In the event that the context is canceled, login and renewals will be halted and the events channel will be closed.
func (*Client) GetToken ¶
GetToken returns the internal Vault auth token that the client uses to communicate with Vault.
func (*Client) Login ¶
Login authenticates against Vault using the configured auth method and sets the internal auth token that the client uses to communicate with Vault.
func (*Client) RenewSelf ¶
RenewSelf renews the internal Vault auth token that the client uses to communicate with Vault.
See https://www.vaultproject.io/api/auth/token#renew-a-token-self for more information.
type Event ¶
type Event struct {
// Type indicates the type of the authentication event, either "login" or "renew".
Type string
// Err indicates when there was a problem authenticating with Vault.
Err error
}
Event is used to communicate authentication happenings.
type KubernetesConfig ¶ added in v0.0.7
type KubernetesConfig struct {
// Role is the AuthMethod service account role that should be used to authenticate with Vault.
Role string
// JWTProvider is an optional field used to override how the Kubernetes service account JWT is retrieved for use
// when authenticating with Vault. If omitted, the client will read the JWT from the
// `/var/run/secrets/kubernetes.io/serviceaccount/token` file.
JWTProvider func() (string, error)
}
KubernetesConfig describes the configuration necessary for KubernetesMethod.
type KubernetesMethod ¶ added in v0.0.7
type KubernetesMethod struct {
Config KubernetesConfig
}
KubernetesMethod enables the Vault client to use authenticate itself with Vault by using the identity established by your Kubernetes cluster.
See https://www.vaultproject.io/api-docs/auth/kubernetes for more information on the Kubernetes auth method.
func NewKubernetesMethod ¶ added in v0.0.7
func NewKubernetesMethod(config KubernetesConfig) KubernetesMethod
NewKubernetesMethod creates a new Vault auth method for Kubernetes.
type Method ¶
Method represents a way of authenticating against Vault using one of the officially supported techniques.
For more information, see https://www.vaultproject.io/docs/auth
type Token ¶
type Token struct {
// Value is a string representation of the token, used when interacting with the Vault Client.
Value string
// Expiration indicates when the token expires and must be renewed or regenerated.
Expiration time.Duration
// Renewable indicates whether the token can be renewed or must be regenerated.
Renewable bool
}
Token represents a Vault authentication token.
This is used throughout vaultx to authenticate with Vault.
type TokenManager ¶
type TokenManager interface {
// SetToken sets the Vault auth token.
SetToken(token Token)
// GetToken returns the Vault auth token.
GetToken() Token
}
TokenManager manages Vault auth tokens.
Source Files