# README
vaultkv
How to Use
This is a GoDoc: https://godoc.org/github.com/cloudfoundry-community/vaultkv
If you want to do anything with this library, then you'll need to make a
Client object. The Client object will need, at the very least, its VaultURI
member populated. AuthToken should be set to your bearer token for Vault. If
you need a bearer token created from some other auth method, you can call one
of the AuthX functions (currently, we support Github, LDAP, Okta, and Userpass). An
http client can be optionally provided (if not, then http.DefaultClient
will be used). If you would like to see information about the requests and
responses, then you can optionally provide an io.Writer for trace logs to be
streamed to.
func main() {
vault := &vaultkv.Client{
AuthToken: "01234567-89ab-cdef-0123-456789abcdef",
VaultURL: vaultURI,
Client: &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
},
Trace: os.Stdout,
}
output := struct{
Bar string `json:"bar"`
}{}
err := vault.Get("secret/foo", &output)
if err != nil {
os.Exit(1)
}
fmt.Printf("output.Bar is `%s'\n", output.Bar)
}
Testing
Run ./test in the base directory to test all supported Vault versions. Run ./test latest to test only the latest supported version of Vault.
# Functions
IsAnyStandbyErr returns true if the error is that the node is a standby or aperformance standby.
IsBadRequest returns true if the error is an ErrBadRequest.
IsErrDRSecondary returns true if the error is an ErrDRSecondary.
IsErrKVUnsupported returns true if the error is an ErrKVUnsupported.
IsErrPerfStandby returns true if the error is an ErrPerfStandby.
IsErrStandby returns true if the error is an ErrStandby.
IsForbidden returns true if the error is an ErrForbidden.
IsInternalServer returns true if the error is an ErrInternalServer.
IsNotFound returns true if the error is an ErrNotFound.
IsSealed returns true if the error is an ErrSealed.
IsTransport returns true if the error is an ErrTransport.
IsUninitialized returns true if the error is an ErrUninitialized.
# Constants
MountTypeGeneric is what the key value backend was called prior to 0.8.0.
MountTypeKV is the type string to get a Key Value backend.
# Structs
AuthGithubMetadata is the metadata member set by AuthGithub.
AuthLDAPMetadata is the metadata member set by AuthLDAP.
AuthOIDCMetadata is the metadata member set by AuthOIDC.
AuthOktaMetadata is the metadata member set by AuthOkta.
AuthOutput is the general structure as returned by AuthX functions.
AuthUserpassMetadata is the metadata member set by AuthUserpass.
Client provides functions that access and abstract the Vault API.
ErrBadRequest represents 400 status codes that are returned from the API.See: your fault.
ErrDRSecondary is only returned from Health() if standbyok is set to falseand the node you're querying is a secondary disaster recovery node.
ErrForbidden represents 403 status codes returned from the API.
ErrInternalServer represents 500 status codes that are returned from the API.See: their fault.
ErrKVUnsupported is returned by the KV object when the user requests an operation that cannot be performed by the actual version of the KV backend that the KV object is abstracting.
ErrNotFound represents 404 status codes returned from the API.
ErrPerfStandby is only returned from Health() if standbyok is set to falseand the node you're querying is a performance standby node.
ErrSealed represents the 503 status code that is returned by Vault most commonly if the Vault is currently sealed, but could also represent the Vault being in a maintenance state.
ErrStandby is only returned from Health() if standbyok is set to false and the node you're querying is a standby.
ErrTransport is returned if an error was encountered trying to reach the API, as opposed to an error from the API, is returned.
ErrUninitialized represents a 503 status code being returned and the Vaultbeing uninitialized.
GenerateRoot has functions for generating a new root token.
GenerateRootState contains state information about the GenerateRoot operation.
InitConfig is the information passed to InitVault to configure the Vault.Shares and Threshold are required.
InitVaultOutput is the return value of InitVault, and contains the generatedKeys and RootToken.
KV provides an abstraction to the Vault tree which makes dealing with the potential of both KV v1 and KV v2 backends easier to work with.
KVDeleteOpts are options applicable to KV.Delete.
KVGetOpts are options applicable to KV.Get.
KVSetOpts are the options for a set call to the KV.Set() call.
KVVersion contains information about a version of a secret.
Mount represents a backend mounted at a point in Vault.
MountConfig specifies configuration options given when initializing a backend.
Rekey represents a rekey operation currently in progress in the Vault.
RekeyConfig is given to NewRekey to configure the parameters of the rekeyoperation to be started.
RekeyState gives the state of the rekey operation as of the last call toSubmit, NewRekey, or CurrentRekey.
SealState is the return value from Unseal and SealStatus.
TokenInfo contains metadata about a token.
TuneMountOptions are parameters to be sent to the Vault when editing the configuration of a mount.
V2DeleteOpts are options that can be provided to a V2Delete call.
V2GetOpts are options to specify in a V2Get request.
V2Metadata is the metadata associated with a secret.
V2SetOpts are options that can be specified to a V2Set call.
V2Version is information about a version of a secret.
# Type aliases
KVMountOptions is a map[string]interface{} that can be given as the optionswhen mounting a backend.