README
¶
Golang Library for HashiCorp vault
This is yet another golang vault client. It uses the official vault go client but adds some requests and responses types and some convenient methods for an improved Developing experience.
Typing every request and response is rather time consuming, only a few vault APIs are implemented at the moment. If there is demand for us to use other APIs, they will be added. We are also always open to Pull Requests :)
Supported APIs
Currently, these APIs are implemented:
Transit(mountPoint)
Authentication
Token-based and Kubernetes Auth are supported as of now.
Token-Based
Initialize a new Vault Client using your token and endpoint:
Kubernetes In-Cluster Example
Usage
Once the Vault Client is created, instanciate new clients for each engine:
Transit Encrypt/Decrypt Example
Run Tests
Tests require a running docker daemon. The test will automatically create a vault container.
> make test
Documentation
¶
Overview ¶
Example (EncryptDecryptType) ¶
const rsa4096 = "rsa-4096"
c, err := NewClient("https://vault:8200/", WithCaPath(""), WithAuthToken("test"))
if err != nil {
log.Fatal(err)
}
fmt.Println(c.Token())
transit := c.Transit()
key := "test123bacd"
err = transit.Create(key, &TransitCreateOptions{
Exportable: BoolPtr(true),
Type: rsa4096,
})
if err != nil {
log.Fatal(err)
}
res, err := transit.Read(key)
if err != nil {
log.Fatal(err)
} else {
log.Printf("%+v\n", res.Data)
}
exportRes, err := transit.Export(key, TransitExportOptions{
KeyType: "encryption-key",
})
if err != nil {
log.Fatal(err)
}
log.Printf("%v+", exportRes.Data.Keys[1])
encryptResponse, err := transit.Encrypt(key, &TransitEncryptOptions{
Plaintext: "plaintext",
})
if err != nil {
log.Fatalf("Error occurred during encryption: %v", err)
}
log.Println("Ciphertext: ", encryptResponse.Data.Ciphertext)
decryptResponse, err := transit.Decrypt(key, &TransitDecryptOptions{
Ciphertext: encryptResponse.Data.Ciphertext,
})
if err != nil {
log.Fatalf("Error occurred during decryption: %v", err)
}
log.Println("Plaintext: ", decryptResponse.Data.Plaintext)
Example (K8sInCluster) ¶
c, err := NewClient("https://vault:8200/", WithCaPath(""), WithKubernetesAuth("myrole"))
if err != nil {
log.Fatal(err)
}
log.Println(c.Address())
Example (TokenBased) ¶
c, err := NewClient("https://vault:8200/",
WithCaPath(""),
WithAuthToken("SECRET"),
)
if err != nil {
log.Fatal(err)
}
log.Println(c.Address())
Index ¶
- Variables
- func BoolPtr(input bool) *bool
- func DecodeCipherText(vaultCipherText string) (string, int, error)
- func EncodeCipherText(cipherText string, keyVersion int) string
- func IntPtr(input int) *int
- func StringPtr(input string) *string
- type AuthCreateTokenRequest
- type AuthCreateTokenResponse
- type AuthProvider
- type AuthResponse
- type Authentication
- type Client
- func (c *Client) Authentication() *Authentication
- func (c *Client) AuthenticationWithMountPoint(mountPoint string) *Authentication
- func (c *Client) Delete(path []string, body, response interface{}, opts *RequestOptions) error
- func (c *Client) KVv1() *KVv1
- func (c *Client) KVv1WithMountPoint(mountPoint string) *KVv1
- func (c *Client) List(path []string, body, response interface{}, opts *RequestOptions) error
- func (c *Client) PKI() *PKI
- func (c *Client) PKIWithMountPoint(mountPoint string) *PKI
- func (c *Client) Put(path []string, body, response interface{}, opts *RequestOptions) error
- func (c *Client) Read(path []string, response interface{}, opts *RequestOptions) error
- func (c *Client) Request(method string, path []string, body, response interface{}, opts *RequestOptions) error
- func (c *Client) SSH() *SSH
- func (c *Client) SSHWithMountPoint(mountPoint string) *SSH
- func (c *Client) Transit() *Transit
- func (c *Client) TransitWithMountPoint(mountPoint string) *Transit
- func (c *Client) Write(path []string, body, response interface{}, opts *RequestOptions) error
- type ClientOpts
- type KVv1
- type KVv1ListResponse
- type KVv1ReadResponse
- type KubernetesAuthOpt
- type PKI
- func (k *PKI) CreateOrUpdateRole(roleName string, pkiopts PKICreateRoleRequest) (*PKIRoleResponse, error)
- func (k *PKI) GenerateIntermediate(intermediateType string, pkiopts PKIGenerateIntermediateOptions) (*PKIGenerateIntermediateResponse, error)
- func (k *PKI) ImportCaOrPrivateKey(pkiopts PKIImportCABundleRequest) (*PKIImportCABundleResponse, error)
- func (k *PKI) Issue(role string, pkiopts PKIIssueOptions) (*PKIIssueResponse, error)
- func (k *PKI) ListIssuers() (*PKIListIssuersResponse, error)
- func (k *PKI) ReadIssuer(issuerName string) (*PKIReadIssuerResponse, error)
- func (k *PKI) ReadRole(roleName string) (*PKIRoleResponse, error)
- func (k *PKI) RevokeIssuer(issuerName string) (*PKIRevokeIssuerResponse, error)
- func (k *PKI) SignCSR(name string, issuerRef string, pkiopts PKISignCSROptions) (*PKISignResponse, error)
- func (k *PKI) SignIntermediate(issuerRef string, pkiopts PKISignIntermediateOptions) (*PKISignIntermediateResponse, error)
- func (k *PKI) UpdateIssuer(issuerName string, pkiopts PKIUpdateIssuerRequest) (*PKIUpdateIssuerResponse, error)
- type PKICreateRoleRequest
- type PKIGenerateIntermediateOptions
- type PKIGenerateIntermediateResponse
- type PKIImportCABundleRequest
- type PKIImportCABundleResponse
- type PKIIssueOptions
- type PKIIssueResponse
- type PKIListIssuersResponse
- type PKIReadIssuerResponse
- type PKIRevokeIssuerResponse
- type PKIRoleResponse
- type PKISignCSROptions
- type PKISignIntermediateOptions
- type PKISignIntermediateResponse
- type PKISignResponse
- type PKIUpdateIssuerRequest
- type PKIUpdateIssuerResponse
- type RequestOptions
- type SSH
- type SSHReadPubKeyResponse
- type SSHSignOptions
- type SSHSignResponse
- type Service
- type TLSConfig
- type Transit
- func (t *Transit) Create(key string, opts *TransitCreateOptions) error
- func (t *Transit) Decrypt(key string, opts *TransitDecryptOptions) (*TransitDecryptResponse, error)
- func (t *Transit) DecryptBatch(key string, opts TransitDecryptOptionsBatch) (*TransitDecryptResponseBatch, error)
- func (t *Transit) Delete(key string) error
- func (t *Transit) Encrypt(key string, opts *TransitEncryptOptions) (*TransitEncryptResponse, error)
- func (t *Transit) EncryptBatch(key string, opts *TransitEncryptOptionsBatch) (*TransitEncryptResponseBatch, error)
- func (t *Transit) Export(key string, opts TransitExportOptions) (*TransitExportResponse, error)
- func (t *Transit) ForceDelete(key string) error
- func (t *Transit) KeyExists(key string) (bool, error)
- func (t *Transit) List() (*TransitListResponse, error)
- func (t *Transit) Read(key string) (*TransitReadResponse, error)
- func (t *Transit) Rotate(key string) error
- func (t *Transit) Sign(key string, opts *TransitSignOptions) (*TransitSignResponse, error)
- func (t *Transit) SignBatch(key string, opts *TransitSignOptionsBatch) (*TransitSignResponseBatch, error)
- func (t *Transit) Update(key string, opts TransitUpdateOptions) error
- func (t *Transit) Verify(key string, opts *TransitVerifyOptions) (*TransitVerifyResponse, error)
- func (t *Transit) VerifyBatch(key string, opts *TransitVerifyOptionsBatch) (*TransitVerifyResponseBatch, error)
- type TransitBatchCiphertext
- type TransitBatchPlaintext
- type TransitBatchSignInput
- type TransitBatchSignature
- type TransitBatchVerifyData
- type TransitBatchVerifyInput
- type TransitCreateOptions
- type TransitDecryptOptions
- type TransitDecryptOptionsBatch
- type TransitDecryptResponse
- type TransitDecryptResponseBatch
- type TransitEncryptOptions
- type TransitEncryptOptionsBatch
- type TransitEncryptResponse
- type TransitEncryptResponseBatch
- type TransitExportOptions
- type TransitExportResponse
- type TransitListResponse
- type TransitReadResponse
- type TransitReadResponseData
- type TransitSignOptions
- type TransitSignOptionsBatch
- type TransitSignResponse
- type TransitSignResponseBatch
- type TransitUpdateOptions
- type TransitVerifyOptions
- type TransitVerifyOptionsBatch
- type TransitVerifyResponse
- type TransitVerifyResponseBatch
- type UserpassAuth
- type UserpassAuthOpt
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrEncKeyNotFound = errors.New("encryption key not found") ErrIssuerNotFound = errors.New("issuer not found") )
Functions ¶
func DecodeCipherText ¶ added in v0.1.3
DecodeCipherText gets payload from vault ciphertext format (removes "vault:v<ver>:" prefix)
func EncodeCipherText ¶ added in v0.1.3
EncodeCipherText encodes payload to vault ciphertext format (adda "vault:v<ver>:" prefix)
Types ¶
type AuthCreateTokenRequest ¶ added in v0.2.0
type AuthCreateTokenRequest struct {
RoleName string `json:"role_name,omitempty"`
ID string `json:"id,omitempty"`
Policies []string `json:"policies,omitempty"`
Meta map[string]interface{} `json:"meta,omitempty"`
NoParent bool `json:"no_parent,omitempty"`
NoDefaultPolicy bool `json:"no_default_policy,omitempty"`
Renewable bool `json:"renewable,omitempty"`
TTL string `json:"ttl,omitempty"`
Type string `json:"type,omitempty"`
EntityAlias string `json:"entity_alias,omitempty"`
}
type AuthCreateTokenResponse ¶ added in v0.2.0
type AuthCreateTokenResponse struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data interface{} `json:"data"`
WrapInfo interface{} `json:"wrap_info"`
Warnings []string `json:"warnings"`
Auth struct {
ClientToken string `json:"client_token"`
Accessor string `json:"accessor"`
Policies []string `json:"policies"`
TokenPolicies []string `json:"token_policies"`
Metadata interface{} `json:"metadata"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
EntityID string `json:"entity_id"`
TokenType string `json:"token_type"`
Orphan bool `json:"orphan"`
NumUses int `json:"num_uses"`
} `json:"auth"`
MountType string `json:"mount_type"`
}
type AuthProvider ¶
type AuthProvider interface {
Auth() (*AuthResponse, error)
}
func NewKubernetesAuth ¶
func NewKubernetesAuth(c *Client, role string, opts ...KubernetesAuthOpt) (AuthProvider, error)
func NewUserpassAuth ¶ added in v0.1.6
func NewUserpassAuth(c *Client, username string, password string, opts ...UserpassAuthOpt) (AuthProvider, error)
type AuthResponse ¶ added in v0.0.6
type AuthResponse struct {
Auth struct {
ClientToken string `json:"client_token"`
Accessor string `json:"accessor"`
Policies []string `json:"policies"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
Metadata struct {
Role string `json:"role"`
ServiceAccountName string `json:"service_account_name"`
ServiceAccountNamespace string `json:"service_account_namespace"`
ServiceAccountSecretName string `json:"service_account_secret_name"`
ServiceAccountUID string `json:"service_account_uid"`
} `json:"metadata"`
} `json:"auth"`
}
type Authentication ¶ added in v0.2.0
type Authentication struct {
Service
}
func (*Authentication) CreateOrphanToken ¶ added in v0.2.0
func (k *Authentication) CreateOrphanToken(pkiopts AuthCreateTokenRequest) (*AuthCreateTokenResponse, error)
type Client ¶
func NewClient ¶
func NewClient(addr string, tlsConf *TLSConfig, opts ...ClientOpts) (*Client, error)
func (*Client) Authentication ¶ added in v0.2.0
func (c *Client) Authentication() *Authentication
func (*Client) AuthenticationWithMountPoint ¶ added in v0.2.0
func (c *Client) AuthenticationWithMountPoint(mountPoint string) *Authentication
func (*Client) Delete ¶
func (c *Client) Delete(path []string, body, response interface{}, opts *RequestOptions) error
func (*Client) KVv1WithMountPoint ¶ added in v0.1.5
func (*Client) List ¶
func (c *Client) List(path []string, body, response interface{}, opts *RequestOptions) error
func (*Client) PKIWithMountPoint ¶ added in v0.1.10
func (*Client) Put ¶ added in v0.1.5
func (c *Client) Put(path []string, body, response interface{}, opts *RequestOptions) error
func (*Client) Read ¶
func (c *Client) Read(path []string, response interface{}, opts *RequestOptions) error
func (*Client) Request ¶
func (c *Client) Request(method string, path []string, body, response interface{}, opts *RequestOptions) error
func (*Client) SSHWithMountPoint ¶ added in v0.1.8
func (*Client) TransitWithMountPoint ¶
type ClientOpts ¶
func WithAuthToken ¶
func WithAuthToken(token string) ClientOpts
func WithKubernetesAuth ¶
func WithKubernetesAuth(role string, opts ...KubernetesAuthOpt) ClientOpts
func WithUserpassAuth ¶ added in v0.1.6
func WithUserpassAuth(username string, password string, opts ...UserpassAuthOpt) ClientOpts
type KVv1ListResponse ¶ added in v0.1.5
type KVv1ListResponse struct {
Data struct {
Keys []string `json:"keys"`
} `json:"data"`
}
type KVv1ReadResponse ¶ added in v0.1.5
type KubernetesAuthOpt ¶
type KubernetesAuthOpt func(k *kubernetesAuth) error
func WithJwt ¶
func WithJwt(jwt string) KubernetesAuthOpt
func WithJwtFromFile ¶
func WithJwtFromFile(path string) KubernetesAuthOpt
func WithMountPoint ¶
func WithMountPoint(mountPoint string) KubernetesAuthOpt
type PKI ¶ added in v0.1.10
type PKI struct {
Service
}
func (*PKI) CreateOrUpdateRole ¶ added in v0.2.4
func (k *PKI) CreateOrUpdateRole(roleName string, pkiopts PKICreateRoleRequest) (*PKIRoleResponse, error)
func (*PKI) GenerateIntermediate ¶ added in v0.2.0
func (k *PKI) GenerateIntermediate(intermediateType string, pkiopts PKIGenerateIntermediateOptions) (*PKIGenerateIntermediateResponse, error)
func (*PKI) ImportCaOrPrivateKey ¶ added in v0.2.0
func (k *PKI) ImportCaOrPrivateKey(pkiopts PKIImportCABundleRequest) (*PKIImportCABundleResponse, error)
func (*PKI) Issue ¶ added in v0.1.10
func (k *PKI) Issue(role string, pkiopts PKIIssueOptions) (*PKIIssueResponse, error)
func (*PKI) ListIssuers ¶ added in v0.2.0
func (k *PKI) ListIssuers() (*PKIListIssuersResponse, error)
func (*PKI) ReadIssuer ¶ added in v0.2.0
func (k *PKI) ReadIssuer(issuerName string) (*PKIReadIssuerResponse, error)
func (*PKI) ReadRole ¶ added in v0.2.4
func (k *PKI) ReadRole(roleName string) (*PKIRoleResponse, error)
func (*PKI) RevokeIssuer ¶ added in v0.2.0
func (k *PKI) RevokeIssuer(issuerName string) (*PKIRevokeIssuerResponse, error)
func (*PKI) SignCSR ¶ added in v0.2.5
func (k *PKI) SignCSR(name string, issuerRef string, pkiopts PKISignCSROptions) (*PKISignResponse, error)
func (*PKI) SignIntermediate ¶ added in v0.2.0
func (k *PKI) SignIntermediate(issuerRef string, pkiopts PKISignIntermediateOptions) (*PKISignIntermediateResponse, error)
func (*PKI) UpdateIssuer ¶ added in v0.2.0
func (k *PKI) UpdateIssuer(issuerName string, pkiopts PKIUpdateIssuerRequest) (*PKIUpdateIssuerResponse, error)
type PKICreateRoleRequest ¶ added in v0.2.4
type PKICreateRoleRequest struct {
IssuerRef string `json:"issuer_ref"`
TTL string `json:"ttl,omitempty"`
MaxTTL string `json:"max_ttl,omitempty"`
AllowedDomains []string `json:"allowed_domains,omitempty"`
AllowBareDomain bool `json:"allow_bare_domain,omitempty"`
AllowGlobDomains bool `json:"allow_glob_domains,omitempty"`
AllowWildcard bool `json:"allow_wildcard_certificates,omitempty"`
AllowSubdomains bool `json:"allow_subdomains,omitempty"`
ServerFlag bool `json:"server_flag,omitempty"`
}
type PKIGenerateIntermediateOptions ¶ added in v0.2.0
type PKIGenerateIntermediateOptions struct {
CommonName string `json:"common_name"`
KeyName string `json:"key_name,omitempty"`
AltNames string `json:"alt_names,omitempty"`
Format string `json:"format,omitempty"`
PrivateKeyFormat string `json:"private_key_format,omitempty"`
KeyType string `json:"key_type,omitempty"`
}
type PKIGenerateIntermediateResponse ¶ added in v0.2.0
type PKIImportCABundleRequest ¶ added in v0.2.0
type PKIImportCABundleRequest struct {
PemBundle string `json:"pem_bundle"`
}
type PKIImportCABundleResponse ¶ added in v0.2.0
type PKIImportCABundleResponse struct {
Data struct {
ImportedIssuers []string `json:"imported_issuers"`
ImportedKeys []string `json:"imported_keys"`
Mapping map[string]string `json:"mapping"`
ExistingIssuers []string `json:"existing_issuers"`
ExistingKeys []string `json:"existing_keys"`
} `json:"data"`
}
type PKIIssueOptions ¶ added in v0.1.10
type PKIIssueResponse ¶ added in v0.1.10
type PKIIssueResponse struct {
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data struct {
SerialNumber string `json:"serial_number"`
Expiration int `json:"expiration"`
PrivateKeyType string `json:"private_key_type"`
PrivateKey string `json:"private_key"`
IssuingCA string `json:"issuing_ca"`
CAChain []string `json:"ca_chain"`
Certificate string `json:"certificate"`
} `json:"data"`
}
type PKIListIssuersResponse ¶ added in v0.2.0
type PKIReadIssuerResponse ¶ added in v0.2.0
type PKIRevokeIssuerResponse ¶ added in v0.2.0
type PKIRevokeIssuerResponse struct {
CAChain []string `json:"ca_chain"`
Certificate string `json:"certificate"`
IssuerID string `json:"issuer_id"`
IssuerName string "json:\"issuer_name\""
KeyID string `json:"key_id"`
LeafNotAfterBehavior string `json:"leaf_not_after_behavior"`
ManualChain interface{} `json:"manual_chain"`
Usage string `json:"usage"`
RevocationTime int64 `json:"revocation_time"`
}
type PKIRoleResponse ¶ added in v0.2.4
type PKIRoleResponse struct {
AllowAnyName bool `json:"allow_any_name"`
AllowBareDomains bool `json:"allow_bare_domains"`
AllowGlobDomains bool `json:"allow_glob_domains"`
AllowIPSans bool `json:"allow_ip_sans"`
AllowLocalhost bool `json:"allow_localhost"`
AllowSubdomains bool `json:"allow_subdomains"`
AllowTokenDisplayname bool `json:"allow_token_displayname"`
AllowWildcardCertificates bool `json:"allow_wildcard_certificates"`
AllowedDomains []string `json:"allowed_domains"`
AllowedDomainsTemplate bool `json:"allowed_domains_template"`
AllowedOtherSans []string `json:"allowed_other_sans"`
AllowedSerialNumbers []string `json:"allowed_serial_numbers"`
AllowedURISans []string `json:"allowed_uri_sans"`
AllowedURISansTemplate bool `json:"allowed_uri_sans_template"`
AllowedUserIDs []string `json:"allowed_user_ids"`
EnforceHostnames bool `json:"enforce_hostnames"`
GenerateLease bool `json:"generate_lease"`
IssuerRef string `json:"issuer_ref"`
KeyUsage []string `json:"key_usage"`
MaxTTL string `json:"max_ttl"`
NoStore bool `json:"no_store"`
NotAfter string `json:"not_after"`
NotBeforeDuration string `json:"not_before_duration"`
ServerFlag bool `json:"server_flag"`
TTL string `json:"ttl"`
UseCSRCommonName bool `json:"use_csr_common_name"`
UseCSRSans bool `json:"use_csr_sans"`
}
type PKISignCSROptions ¶ added in v0.2.5
type PKISignIntermediateOptions ¶ added in v0.2.0
type PKISignIntermediateOptions struct {
CSR string `json:"csr"`
CommonName string `json:"common_name"`
AltNames string `json:"alt_names,omitempty"`
TTL string `json:"ttl,omitempty"`
Format string `json:"format,omitempty"`
KeyUsage string `json:"key_usage,omitempty"`
UseCSRValues bool `json:"use_csr_values,omitempty"`
NotAfter string `json:"not_after,omitempty"`
}
type PKISignIntermediateResponse ¶ added in v0.2.0
type PKISignIntermediateResponse struct {
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data struct {
Expiration int `json:"expiration"`
Certificate string `json:"certificate"`
IssuingCA string `json:"issuing_ca"`
CAChain []string `json:"ca_chain"`
SerialNumber string `json:"serial_number"`
} `json:"data"`
}
type PKISignResponse ¶ added in v0.2.5
type PKIUpdateIssuerRequest ¶ added in v0.2.0
type PKIUpdateIssuerResponse ¶ added in v0.2.0
type PKIUpdateIssuerResponse struct {
Data struct {
CACertificateChain []string `json:"ca_chain"`
Certificate string `json:"certificate"`
IssuerID string `json:"issuer_id"`
IssuerName string `json:"issuer_name"`
KeyID string `json:"key_id"`
LeafNotAfterBehavior string `json:"leaf_not_after_behavior"`
ManualChain interface{} `json:"manual_chain"`
Usage string `json:"usage"`
RevocationSignatureAlgorithm string `json:"revocation_signature_algorithm"`
IssuingCertificates []string `json:"issuing_certificates"`
CRLDistributionPoints []string `json:"crl_distribution_points"`
DeltaCRLDistributionPoints []string `json:"delta_crl_distribution_points"`
OCSPServers []string `json:"ocsp_servers"`
} `json:"data"`
}
type RequestOptions ¶ added in v0.0.6
type RequestOptions struct {
Parameters url.Values
// SkipRenewal defines if the client should retry this Request with a new Token if it fails because of
// 403 Permission Denied
// The default behavior of the client is to always Request a new Token on 403
// Only if this is explicitly set to true, the client will continue processing the first failed request
// and skip the renewal
// This should generally only be disabled for TokenAuth requests (a failed TokenAuth request can't be fixed by
// doing another TokenAuth request, this would lead to infinite recursion)
SkipRenewal bool
}
type SSH ¶ added in v0.1.8
type SSH struct {
Service
}
func (*SSH) GetVaultPubKey ¶ added in v0.1.9
func (*SSH) Sign ¶ added in v0.1.8
func (k *SSH) Sign(role string, sshopts SSHSignOptions) (*SSHSignResponse, error)
type SSHReadPubKeyResponse ¶ added in v0.1.9
type SSHSignOptions ¶ added in v0.1.8
type SSHSignResponse ¶ added in v0.1.8
type Service ¶ added in v0.0.6
type Service struct {
MountPoint string
// contains filtered or unexported fields
}
type Transit ¶
type Transit struct {
Service
}
func (*Transit) Decrypt ¶
func (t *Transit) Decrypt(key string, opts *TransitDecryptOptions) (*TransitDecryptResponse, error)
func (*Transit) DecryptBatch ¶
func (t *Transit) DecryptBatch(key string, opts TransitDecryptOptionsBatch) (*TransitDecryptResponseBatch, error)
func (*Transit) Encrypt ¶
func (t *Transit) Encrypt(key string, opts *TransitEncryptOptions) (*TransitEncryptResponse, error)
func (*Transit) EncryptBatch ¶
func (t *Transit) EncryptBatch(key string, opts *TransitEncryptOptionsBatch) (*TransitEncryptResponseBatch, error)
func (*Transit) Export ¶
func (t *Transit) Export(key string, opts TransitExportOptions) (*TransitExportResponse, error)
func (*Transit) ForceDelete ¶
func (*Transit) List ¶
func (t *Transit) List() (*TransitListResponse, error)
Example ¶
c, err := NewClient("https://vault:8200/",
WithCaPath(""),
WithAuthToken("SECRET"),
)
if err != nil {
log.Fatal(err)
}
l, err := c.TransitWithMountPoint("transit").List()
if err != nil {
log.Fatal()
}
log.Println(l)
func (*Transit) Sign ¶ added in v0.1.3
func (t *Transit) Sign(key string, opts *TransitSignOptions) (*TransitSignResponse, error)
func (*Transit) SignBatch ¶ added in v0.1.3
func (t *Transit) SignBatch(key string, opts *TransitSignOptionsBatch) (*TransitSignResponseBatch, error)
func (*Transit) Verify ¶ added in v0.1.3
func (t *Transit) Verify(key string, opts *TransitVerifyOptions) (*TransitVerifyResponse, error)
func (*Transit) VerifyBatch ¶ added in v0.1.3
func (t *Transit) VerifyBatch(key string, opts *TransitVerifyOptionsBatch) (*TransitVerifyResponseBatch, error)
type TransitBatchCiphertext ¶
type TransitBatchPlaintext ¶
type TransitBatchSignInput ¶ added in v0.1.3
type TransitBatchSignature ¶ added in v0.1.3
type TransitBatchVerifyData ¶ added in v0.1.3
type TransitBatchVerifyData struct {
Valid bool `json:"valid"`
}
type TransitBatchVerifyInput ¶ added in v0.1.3
type TransitCreateOptions ¶
type TransitDecryptOptions ¶
type TransitDecryptOptionsBatch ¶
type TransitDecryptOptionsBatch struct {
BatchInput []TransitBatchCiphertext `json:"batch_input"`
}
type TransitDecryptResponse ¶
type TransitDecryptResponse struct {
Data struct {
Plaintext string `json:"plaintext"`
} `json:"data"`
}
type TransitDecryptResponseBatch ¶
type TransitDecryptResponseBatch struct {
Data struct {
BatchResults []TransitBatchPlaintext `json:"batch_results"`
} `json:"data"`
}
type TransitEncryptOptions ¶
type TransitEncryptOptions struct {
Plaintext string `json:"plaintext"`
Context string `json:"context,omitempty"`
KeyVersion *int `json:"key_version,omitempty"`
Nonce string `json:"nonce,omitempty"`
Type string `json:"type,omitempty"`
ConvergentEncryption string `json:"convergent_encryption,omitempty"`
}
type TransitEncryptOptionsBatch ¶
type TransitEncryptOptionsBatch struct {
BatchInput []TransitBatchPlaintext `json:"batch_input"`
KeyVersion *int `json:"key_version,omitempty"`
Type string `json:"type,omitempty"`
ConvergentEncryption string `json:"convergent_encryption,omitempty"`
}
type TransitEncryptResponse ¶
type TransitEncryptResponse struct {
Data struct {
Ciphertext string `json:"ciphertext"`
} `json:"data"`
}
type TransitEncryptResponseBatch ¶
type TransitEncryptResponseBatch struct {
Data struct {
BatchResults []TransitBatchCiphertext `json:"batch_results"`
} `json:"data"`
}
type TransitExportOptions ¶
type TransitExportResponse ¶
type TransitListResponse ¶
type TransitListResponse struct {
Data struct {
Keys []string `json:"keys"`
} `json:"data"`
}
type TransitReadResponse ¶
type TransitReadResponse struct {
Data TransitReadResponseData `json:"data"`
}
type TransitReadResponseData ¶
type TransitReadResponseData struct {
Name string `json:"name"`
Type string `json:"type"`
Keys map[int]interface{} `json:"keys"`
MinDecryptionVersion int `json:"min_decrytion_version"`
MinEncryptionVersion int `json:"min_encryption_version"`
LatestVersion int `json:"latest_version"`
DeletionAllowed bool `json:"deletion_allowed"`
Derived bool `json:"derived"`
Exportable bool `json:"exportable"`
AllowPlaintextBackup bool `json:"allow_plaintext_backup"`
SupportsEncryption bool `json:"supports_encryption"`
SupportsDecryption bool `json:"supports_decryption"`
SupportsDerivation bool `json:"supports_derivation"`
SupportsSigning bool `json:"supports_signing"`
}
type TransitSignOptions ¶ added in v0.1.3
type TransitSignOptions struct {
Input string `json:"input"`
KeyVersion *int `json:"key_version,omitempty"`
HashAlgorithm string `json:"hash_algorithm,omitempty"`
Context string `json:"context,omitempty"`
Prehashed bool `json:"prehashed,omitempty"`
SignatureAlgorithm string `json:"signature_algorithm,omitempty"`
MarshalingAlgorithm string `json:"marshaling_algorithm,omitempty"`
SaltLength string `json:"salt_length,omitempty"`
}
type TransitSignOptionsBatch ¶ added in v0.1.3
type TransitSignOptionsBatch struct {
BatchInput []TransitBatchSignInput `json:"batch_input"`
KeyVersion *int `json:"key_version,omitempty"`
HashAlgorithm string `json:"hash_algorithm,omitempty"`
Prehashed bool `json:"prehashed,omitempty"`
SignatureAlgorithm string `json:"signature_algorithm,omitempty"`
MarshalingAlgorithm string `json:"marshaling_algorithm,omitempty"`
SaltLength string `json:"salt_length,omitempty"`
}
type TransitSignResponse ¶ added in v0.1.3
type TransitSignResponseBatch ¶ added in v0.1.3
type TransitSignResponseBatch struct {
Data struct {
BatchResults []TransitBatchSignature `json:"batch_results"`
} `json:"data"`
}
type TransitUpdateOptions ¶
type TransitUpdateOptions struct {
MinDecryptionVersion int `json:"min_decrytion_version,omitempty"`
MinEncryptionVersion int `json:"min_encryption_version,omitempty"`
DeletionAllowed *bool `json:"deletion_allowed,omitempty"`
Exportable *bool `json:"exportable,omitempty"`
AllowPlaintextBackup *bool `json:"allow_plaintext_backup,omitempty"`
}
type TransitVerifyOptions ¶ added in v0.1.3
type TransitVerifyOptions struct {
Input string `json:"input"`
Signature string `json:"signature"`
HashAlgorithm string `json:"hash_algorithm,omitempty"`
Context string `json:"context,omitempty"`
Prehashed bool `json:"prehashed,omitempty"`
SignatureAlgorithm string `json:"signature_algorithm,omitempty"`
MarshalingAlgorithm string `json:"marshaling_algorithm,omitempty"`
SaltLength string `json:"salt_length,omitempty"`
}
type TransitVerifyOptionsBatch ¶ added in v0.1.3
type TransitVerifyOptionsBatch struct {
BatchInput []TransitBatchVerifyInput `json:"batch_input"`
HashAlgorithm string `json:"hash_algorithm,omitempty"`
Context string `json:"context,omitempty"`
Prehashed bool `json:"prehashed,omitempty"`
SignatureAlgorithm string `json:"signature_algorithm,omitempty"`
MarshalingAlgorithm string `json:"marshaling_algorithm,omitempty"`
SaltLength string `json:"salt_length,omitempty"`
}
type TransitVerifyResponse ¶ added in v0.1.3
type TransitVerifyResponse struct {
Data struct {
Valid bool `json:"valid"`
} `json:"data"`
}
type TransitVerifyResponseBatch ¶ added in v0.1.3
type TransitVerifyResponseBatch struct {
Data struct {
BatchResults []TransitBatchVerifyData `json:"batch_results"`
} `json:"data"`
}
type UserpassAuth ¶ added in v0.1.6
type UserpassAuth struct {
Client *Client
// contains filtered or unexported fields
}
func (UserpassAuth) Auth ¶ added in v0.1.6
func (k UserpassAuth) Auth() (*AuthResponse, error)
type UserpassAuthOpt ¶ added in v0.1.6
type UserpassAuthOpt func(k *UserpassAuth) error
func WithUserpassMountPoint ¶ added in v0.1.6
func WithUserpassMountPoint(mountPoint string) UserpassAuthOpt
Source Files
Click to show internal directories.
Click to hide internal directories.