Categorygithub.com/lalamove/konfigloaderklvault
package
0.8.3
Repository: https://github.com/lalamove/konfig.git
Documentation: pkg.go.dev
Versions
1
Dependencies
13
Dependents
2
Files
219 SLOC

# README

Vault Loader

Loads config values from a vault secrets engine

Usage

Basic usage with Kubernetes auth provider and renewal

vaultLoader := klvault.New(&klvault.Config{
	Secrets: []klvault.Secret{
		{
			Key: "/database/creds/db"
		},
	},
	Client: vaultClient, // from github.com/hashicorp/vault/api
	AuthProvider: k8s.New(&k8s.Config{
		Client: vaultClient,
		K8sTokenPath: "/var/run/secrets/kubernetes.io/serviceaccount/token",
	}),
	Renew: true,
})

It is possible to pass additional params to the vault secrets engine in the following manner:

Key: "/aws/creds/example-role?ttl=20m"

KV Secrets Engine - Version 2 (Versioned KV Store) is also supported by the loader, key from the versioned KV store can be accessed as follows:

Key: "/secret/data/my-versioned-key"

This will return the latest version of the key, a particular version of the secret can be accessed as follows:

Key: "/secret/data/my-versioned-key?version=1"

# Packages

# Functions

New creates a new Loader with the given config.

# Variables

ErrNoAuthProvider is the error thrown when trying to create a Loader without an AuthProvider.
ErrNoClient is the error thrown when trying to create a Loader without vault.Client.
ErrNoSecretKey is the error thrown when trying to create a Loader without a SecretKey.

# Structs

Config is the config for the Loader.
Loader is the structure representing a Loader.
Secret is a secret to load.

# Interfaces

AuthProvider is the interface for a Vault authentication provider.
LogicalClient is a interface for the vault logical client.