Documentation
¶
Index ¶
- type SecretData
- type VaultClient
- func (vc *VaultClient) Close() error
- func (vc *VaultClient) CreateToken(ctx context.Context, policies []string, ttl time.Duration) (*api.SecretAuth, error)
- func (vc *VaultClient) Decrypt(ctx context.Context, keyName string, ciphertext string) ([]byte, error)
- func (vc *VaultClient) DeleteSecret(ctx context.Context, path string) error
- func (vc *VaultClient) Encrypt(ctx context.Context, keyName string, plaintext []byte) (string, error)
- func (vc *VaultClient) GetClient() *api.Client
- func (vc *VaultClient) GetTransitKey(ctx context.Context, keyName string) error
- func (vc *VaultClient) HealthCheck(ctx context.Context) error
- func (vc *VaultClient) IsInitialized(ctx context.Context) (bool, error)
- func (vc *VaultClient) IsSealed(ctx context.Context) (bool, error)
- func (vc *VaultClient) ListSecrets(ctx context.Context, path string) ([]string, error)
- func (vc *VaultClient) ReadSecret(ctx context.Context, path string) (*SecretData, error)
- func (vc *VaultClient) RenewToken(ctx context.Context, token string, increment time.Duration) (*api.SecretAuth, error)
- func (vc *VaultClient) RevokeToken(ctx context.Context, token string) error
- func (vc *VaultClient) RotateSecret(ctx context.Context, path string, newData map[string]interface{}) error
- func (vc *VaultClient) WriteSecret(ctx context.Context, path string, data map[string]interface{}) error
- type VaultConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SecretData ¶
type SecretData struct {
Data map[string]interface{} `json:"data"`
Version int `json:"version"`
CreatedTime time.Time `json:"created_time"`
UpdatedTime time.Time `json:"updated_time"`
Metadata map[string]interface{} `json:"metadata"`
}
SecretData represents a secret with metadata
type VaultClient ¶
type VaultClient struct {
// contains filtered or unexported fields
}
VaultClient wraps HashiCorp Vault client with additional functionality
func NewVaultClient ¶
func NewVaultClient(config VaultConfig, logger *logrus.Logger) (*VaultClient, error)
NewVaultClient creates a new Vault client
func (*VaultClient) Close ¶
func (vc *VaultClient) Close() error
Close closes the Vault client connection
func (*VaultClient) CreateToken ¶
func (vc *VaultClient) CreateToken(ctx context.Context, policies []string, ttl time.Duration) (*api.SecretAuth, error)
CreateToken creates a new Vault token with specified policies
func (*VaultClient) Decrypt ¶
func (vc *VaultClient) Decrypt(ctx context.Context, keyName string, ciphertext string) ([]byte, error)
Decrypt decrypts data using Vault's transit engine
func (*VaultClient) DeleteSecret ¶
func (vc *VaultClient) DeleteSecret(ctx context.Context, path string) error
DeleteSecret removes a secret at the given path
func (*VaultClient) Encrypt ¶
func (vc *VaultClient) Encrypt(ctx context.Context, keyName string, plaintext []byte) (string, error)
Encrypt encrypts data using Vault's transit engine
func (*VaultClient) GetClient ¶
func (vc *VaultClient) GetClient() *api.Client
GetClient returns the underlying Vault API client
func (*VaultClient) GetTransitKey ¶
func (vc *VaultClient) GetTransitKey(ctx context.Context, keyName string) error
GetTransitKey creates or retrieves a transit encryption key
func (*VaultClient) HealthCheck ¶
func (vc *VaultClient) HealthCheck(ctx context.Context) error
HealthCheck verifies Vault connection and status
func (*VaultClient) IsInitialized ¶
func (vc *VaultClient) IsInitialized(ctx context.Context) (bool, error)
IsInitialized checks if Vault is initialized
func (*VaultClient) IsSealed ¶
func (vc *VaultClient) IsSealed(ctx context.Context) (bool, error)
IsSealed checks if Vault is sealed
func (*VaultClient) ListSecrets ¶
ListSecrets lists all secrets under a given path
func (*VaultClient) ReadSecret ¶
func (vc *VaultClient) ReadSecret(ctx context.Context, path string) (*SecretData, error)
ReadSecret retrieves a secret from the given path
func (*VaultClient) RenewToken ¶
func (vc *VaultClient) RenewToken(ctx context.Context, token string, increment time.Duration) (*api.SecretAuth, error)
RenewToken renews a Vault token
func (*VaultClient) RevokeToken ¶
func (vc *VaultClient) RevokeToken(ctx context.Context, token string) error
RevokeToken revokes a Vault token
func (*VaultClient) RotateSecret ¶
func (vc *VaultClient) RotateSecret(ctx context.Context, path string, newData map[string]interface{}) error
RotateSecret creates a new version of an existing secret
func (*VaultClient) WriteSecret ¶
func (vc *VaultClient) WriteSecret(ctx context.Context, path string, data map[string]interface{}) error
WriteSecret stores a secret at the given path
type VaultConfig ¶
type VaultConfig struct {
Address string `json:"address"`
Token string `json:"token"`
MountPath string `json:"mount_path"`
Timeout time.Duration `json:"timeout"`
MaxRetries int `json:"max_retries"`
EnableTLS bool `json:"enable_tls"`
TLSInsecure bool `json:"tls_insecure"`
}
VaultConfig holds Vault client configuration
Source Files