NewClientCertificate creates a new in memory ClientCertificate.

NewCredentialLibrary creates a new in memory CredentialLibrary for a Vault backend at vaultPath assigned to storeId.

NewCredentialStore creates a new in memory CredentialStore for a Vault server at vaultAddress assigned to projectId.

NewRepository creates a new Repository.

NewSSHCertificateCredentialLibrary creates a new in memory SSHCertificateCredentialLibrary for a Vault backend at vaultPath assigned to storeId.

NewSshPrivateKeyOverride creates a new in memory SshPrivateKeyOverride.

NewTestVaultServer creates and returns a TestVaultServer.

NewUsernamePasswordOverride creates a new in memory UsernamePasswordOverride.

TestClientConfig returns a client config, using the provided Vault Server and token.

TestCredentialLibraries creates count number of vault credential libraries in the provided DB with the provided store id.

TestCredentials creates count number of vault credentials in the provided DB with the provided library id and session id.

TestCredentialStore creates a vault credential store in the provided DB with the provided project, vault address, token, and accessor and any values passed in through the Options vargs.

TestCredentialStores creates count number of vault credential stores in the provided DB with the provided project id.

TestOrphanToken sets the token orphan option to b.

TestPeriodicToken sets the token periodic option to b.

TestRenewableToken sets the token renewable option to b.

TestSSHCertificateCredentialLibraries creates count number of vault ssh certificate credential libraries in the provided DB with the provided store id.

WithAdditionalValidPrincipals adds principals to be signed for as "valid_principles" in addition to username.

WithAllowedExtension tells vault to allow a specific SSH extension to be used by vault's ssh secrets engine.

WithCACert provides an optional PEM-encoded certificate to verify the Vault server's SSL certificate.

WithClientCert provides an optional ClientCertificate to use for TLS authentication to a Vault server.

WithClientKey sets the private key that will be used to generate the client certificate.

WithCredentialType provides an optional credential type to associate with a credential library.

WithCriticalOptions provides an optional map of the critical options that the certificate should be signed for.

WithDescription provides an optional description.

WithDockerNetwork sets the option to create docker network when creating a Vault test server.

WithDontCleanUp causes the resource created to not be automaticaly cleaned up at the end of the test run.

WithExtensions provides a optional map of the extensions that the certificate should be signed for.

WithKeyBits provides an optional number of bits used to generate an ssh private key.

WithKeyId provides an optional key id for a created certificate.

WithKeyType provides an optional ssh private key type to use with a ssh certificate credential library.

WithLimit provides an option to provide a limit.

WithMappingOverride provides an optional mapping override to use for mapping the Data fields of a Vault api.Secret to a credential.

WithMethod provides an optional Method to use for communicating with Vault.

WithName provides an optional name.

WithNamespace provides an optional Vault namespace.

WithOverridePasswordAttribute provides the name of an attribute in the Data field of a Vault api.Secret that maps to a password value.

WithOverridePrivateKeyAttribute provides the name of an attribute in the Data field of a Vault api.Secret that maps to a private key value.

WithOverridePrivateKeyPassphraseAttribute provides the name of an attribute in the Data field of a Vault api.Secret that maps to a passphrase value.

WithOverrideUsernameAttribute provides the name of an attribute in the Data field of a Vault api.Secret that maps to a username value.

WithPolicies sets the polices to attach to a token.

WithRequestBody provides an optional request body for sending to Vault when requesting credentials using HTTP Post.

WithServerCertHostNames sets the host names or IP address to attach to the test server's TLS certificate.

WithTestMountPath sets the mount path option to p.

WithTestRoleName sets the roleName name to n.

WithTestVaultTLS sets the Vault TLS option.

WithTlsServerName provides an optional name to use as the SNI host when connecting to Vault via TLS.

WithTlsSkipVerify provides an option to disable verification of TLS certificates when connection to Vault.

WithTokenPeriod sets the period value in a vault.TokenCreateRequest when the token being requested is a periodic token.

WithTtl provides an optional requested time to live for a generated ssh certificate.

WithVaultVersion sets the version of vault that will be started.

WithWorkerFilter provides an optional worker filter.

ActiveCredential represents a vault credential that is being used in an active session.

AdditionalValidPrincipalsField represents the field mask indicating a valid principal update has been requested.

CriticalOptionsField represents the field mask indicating a critical option update has been requested.

CurrentToken represents a vault token for a credential store that is used for retrieving credentials.

ExpiredCredential represents a credential that expired.

ExpiredToken represents a token that expired.

ExtensionsField represents the field mask indicating an extension update has been requested.

PublicId prefixes for the resources in the vault package.

MaintainingToken represents a vault token that is no longer being used for retrieving credentials but is being renewed because it was used to retrieve credentials which are still being used in a session.

MappingOverrideField represents the field mask indicating a mapping override update has been requested.

HTTP methods use for communicating with Vault.

HTTP methods use for communicating with Vault.

RevokeCredential represents a vault credential that needs to be revoked.

RevokedCredential represents a credential that has been revoked.

RevokedToken represents a token that has been revoked.

RevokeToken represents a token that should be revoked.

PublicId prefixes for the resources in the vault package.

PublicId prefixes for the resources in the vault package.

TestClientTLS configures the Vault test server listener to require a client certificate for mTLS and includes all of the settings from TestServerTLS.

no TLS.

TestServerTLS configures the Vault test server listener to use TLS.

UnknownCredentialStatus represents a credential that has an unknown status.

ClientCertificate contains a client certificate and a private key for the certificate.

A Credential contains the data for a Vault lease.

CredentialCleanupJob is the recurring job that deletes Vault credentials that are no longer attached to a session (have a null session_id) and are not active.

A CredentialLibrary contains a Vault path and is owned by a credential store.

CredentialRenewalJob is the recurring job that renews Vault credentials issued to a session.

CredentialRevocationJob is the recurring job that revokes Vault credentials that are no longer being used by an active or pending session.

A CredentialStore contains credential libraries.

CredentialStoreCleanupJob is the recurring job that deletes Vault credential stores that have been soft deleted and tokens have been revoked or expired.

A Repository stores and retrieves the persistent types in the vault package.

SSHCertificateCredentialLibrary is a credential library that issues ssh certificate using the vault ssh secret engine.

A SshPrivateKeyOverride contains optional values for overriding the default mappings used to map a Vault secret to a SshPrivateKey credential type for the credential library that owns it.

TestDatabase is returned from MountDatabase and can be used to test database credentials returned by Vault for that mount.

TestVaultServer is a vault server running in a docker container suitable for testing.

Token contains a vault token.

TokenRenewalJob is the recurring job that renews credential store Vault tokens that are in the `current` and `maintaining` state.

TokenRevocationJob is the recurring job that revokes credential store Vault tokens that are in the `maintaining` state and have no credentials being used by an active or pending session.

A UsernamePasswordOverride contains optional values for overriding the default mappings used to map a Vault secret to a UsernamePassword credential type for the credential library that owns it.

A MappingOverride is an interface holding one of the mapping override types: UsernamePasswordOverride.

A CredentialStatus represents the status of a vault credential.

KeySecret equals a Vault client certificate private key.

A Method represents an HTTP method used for communicating with Vault.

Option - how Options are passed as arguments.

TestDatabaseURL is a connection string with place holders for username and password to the database started by MountDatabase.

TestOption - how Options are passed as arguments.

TestVaultTLS represents the TLS configuration level of a TestVaultServer.

TokenSecret equals a Vault token.

A TokenStatus represents the status of a vault token.