# README
Vault API
This provides the github.com/hashicorp/vault/api package which contains code useful for interacting with a Vault server.
For examples of how to use this module, see the vault-examples repo. For a step-by-step walkthrough on using these client libraries, see the developer quickstart.
# Functions
No description provided by the author
DefaultConfig returns a default configuration for the client.
DefaultRetryPolicy is the default retry policy used by new Client objects.
ForwardAlways returns a request callback which adds a header telling any performance standbys handling the request to forward it to the active node.
ForwardInconsistent returns a request callback that will add a request header which says: if the state required isn't present on the node receiving this request, forward it to the active node.
Determine whether the given path requires the sudo capability.
LoadSSHHelperConfig loads ssh-helper's configuration from the file and populates the corresponding in-memory structure.
MergeReplicationStates returns a merged array of replication states by iterating through all states in `old`.
NewClient returns a new client for the given configuration.
ParsePluginRuntimeType is a wrapper around PluginRuntimeTypeString kept for backwards compatibility.
No description provided by the author
No description provided by the author
ParseSecret is used to parse a secret value from JSON from an io.Reader.
ParseSSHHelperConfig parses the given contents as a string for the SSHHelper configuration.
PluginRuntimeTypeString retrieves an enum value from the enum constants string name.
PluginRuntimeTypeValues returns all values of the enum.
RecordState returns a response callback that will record the state returned by Vault in a response header.
RenewBehaviorString retrieves an enum value from the enum constants string name.
RenewBehaviorValues returns all values of the enum.
RequireState returns a request callback that will add a request header to specify the state we require of Vault.
No description provided by the author
VaultPluginTLSProvider wraps VaultPluginTLSProviderContext using context.Background.
VaultPluginTLSProviderContext is run inside a plugin and retrieves the response wrapped TLS certificate from vault.
WithCheckAndSet can optionally be passed to perform a check-and-set operation on a KV request.
WithMergeMethod can optionally be passed to dictate which type of patch to perform in a Patch request.
WithOption can optionally be passed to provide generic options for a KV request.
# Constants
AuthHeaderName is the name of the header containing the token.
CubbyHoleJWTSignatureAlgorithm is the signature algorithm used for the unwrap token that Vault passes to a plugin when auto-mTLS is not enabled.
Deprecated values.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Deprecated values.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Deprecated values.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NamespaceHeaderName is the header set to specify which namespace the request is indented for.
PluginAutoMTLSEnv is used to ensure AutoMTLS is used.
PluginMetadataModeEnv is an ENV name used to disable TLS communication to bootstrap mounting plugins.
This is a list of PluginRuntimeTypes used by Vault.
This is a list of PluginRuntimeTypes used by Vault.
This is a list of PluginTypes used by Vault.
This is a list of PluginTypes used by Vault.
This is a list of PluginTypes used by Vault.
This is a list of PluginTypes used by Vault.
PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the plugin.
RenewBehaviorErrorOnErrors is the "legacy" behavior which always exits on some kind of error.
RenewBehaviorIgnoreErrors means we will attempt to keep renewing until we hit the lifetime threshold.
RenewBehaviorRenewDisabled turns off renewal attempts entirely.
RequestHeaderName is the name of the header used by the Agent for SSRF protection.
SSHHelperDefaultMountPoint is the default path at which SSH backend will be mounted in the Vault server.
No description provided by the author
VerifyEchoRequest is the echo request message sent as OTP by the helper.
VerifyEchoResponse is the echo response message sent as a response to OTP matching echo request.
# Variables
DefaultLifetimeWatcherRenewBuffer is the default size of the buffer for renew messages on the channel.
Deprecated: kept for backwards compatibility.
The default function used if no other function is set.
The default TTL that will be used with `sys/wrapping/wrap`, can be changed.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Deprecated; kept for compatibility.
No description provided by the author
No description provided by the author
No description provided by the author
ErrSecretNotFound is returned by KVv1 and KVv2 wrappers to indicate that the secret is missing at the given location.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Structs
No description provided by the author
Auth is used to perform credential backend related operations.
AutopilotConfig is used for querying/setting the Autopilot configuration.
AutopilotServer represents the server blocks in the response of the raft autopilot state API.
AutopilotState represents the response of the raft autopilot state API.
No description provided by the author
No description provided by the author
No description provided by the author
Client is the client to the Vault API.
No description provided by the author
Config is used to configure the creation of the client.
No description provided by the author
No description provided by the author
DeregisterPluginInput is used as input to the DeregisterPlugin function.
DeregisterPluginRuntimeInput is used as input to the DeregisterPluginRuntime function.
No description provided by the author
ErrorResponse is the raw structure of errors when they're returned by the HTTP API.
No description provided by the author
GetPluginInput is used as input to the GetPlugin function.
GetPluginResponse is the response from the GetPlugin call.
GetPluginRuntimeInput is used as input to the GetPluginRuntime function.
GetPluginRuntimeResponse is the response from the GetPluginRuntime call.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
KVMetadata is the full metadata for a given KV v2 secret.
KVMetadataPatchInput is the subset of metadata that can be manually modified for a KV v2 secret using the PatchMetadata method.
KVMetadataPutInput is the subset of metadata that can be replaced for a KV v2 secret using the PutMetadata method.
A KVSecret is a key-value secret returned by Vault's KV secrets engine, and is the most basic type of secret stored in Vault.
No description provided by the author
No description provided by the author
KVVersionMetadata is a subset of metadata for a given version of a KV v2 secret.
No description provided by the author
LifetimeWatcher is a process for watching lifetime of a secret.
LifetimeWatcherInput is used as input to the renew function.
ListPluginRuntimesInput is used as input to the ListPluginRuntimes function.
ListPluginRuntimesResponse is the response from the ListPluginRuntimes call.
ListPluginsInput is used as input to the ListPlugins function.
ListPluginsResponse is the response from the ListPlugins call.
Logical is used to perform logical backend operations on Vault.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
PluginAPIClientMeta is a helper that plugins can use to configure TLS connections back to Vault.
No description provided by the author
No description provided by the author
RaftJoinRequest represents the parameters consumed by the raft join API.
RaftJoinResponse represents the response of the raft join API.
RegisterPluginInput is used as input to the RegisterPlugin function.
RegisterPluginRuntimeInput is used as input to the RegisterPluginRuntime function.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
ReloadPluginInput is used as input to the ReloadPlugin function.
ReloadPluginStatusInput is used as input to the ReloadStatusPlugin function.
ReloadStatus is the status of an individual node's plugin reload.
ReloadStatusResponse is the combined response of all known completed plugin reloads.
RenewOutput is the metadata returned to the client (if it's listening) to renew messages.
No description provided by the author
No description provided by the author
Request is a raw request configuration structure used to initiate API requests to the Vault server.
Response is a raw response that wraps an HTTP response.
ResponseError is the error returned when Vault responds with an error or non-success HTTP status code.
No description provided by the author
RootReloadPluginInput is used as input to the RootReloadPlugin function.
No description provided by the author
Secret is the structure returned for every secret within Vault.
SecretAuth is the structure containing auth information if we have it.
SecretWrapInfo contains wrapping information if we have it.
SSH is used to return a client to invoke operations on SSH backend.
SSHHelper is a structure representing a vault-ssh-helper which can talk to vault server in order to verify the OTP entered by the user.
SSHHelperConfig is a structure which represents the entries from the vault-ssh-helper's configuration file.
SSHVerifyResponse is a structure representing the fields in Vault server's response.
Sys is used to perform system-related operations on Vault.
TLSConfig contains the parameters needed to configure TLS on the HTTP client used to communicate with Vault.
TokenAuth is used to perform token backend operations on Vault.
TokenCreateRequest is the options structure for creating a token.
UICustomMessageListRequest is a struct used to contain inputs for the List custom messages request.
UICustomMessageRequest is a struct containing the properties of a custom message.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Interfaces
No description provided by the author
# Type aliases
Rather than duplicate, we can use modern Go's type aliasing.
Rather than duplicate, we can use modern Go's type aliasing.
Rather than duplicate, we can use modern Go's type aliasing.
Rather than duplicate, we can use modern Go's type aliasing.
Currently supported options: WithOption, WithCheckAndSet, WithMethod.
go:generate enumer -type=PluginRuntimeType -trimprefix=PluginRuntimeType -transform=snake.
No description provided by the author
go:generate enumer -type=RenewBehavior -trimprefix=RenewBehavior.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
WrappingLookupFunc is a function that, given an HTTP verb and a path, returns an optional string duration to be used for response wrapping (e.g.