Documentation
¶
Index ¶
- Constants
- Variables
- type Audit
- type Auth
- type AuthConfigInput
- type AuthConfigOutput
- type AuthMount
- type CORSRequest
- type CORSResponse
- type Client
- func (c *Client) Address() string
- func (c *Client) Auth() *Auth
- func (c *Client) ClearToken()
- func (c *Client) Clone() (*Client, error)
- func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc
- func (c *Client) Help(path string) (*Help, error)
- func (c *Client) Logical() *Logical
- func (c *Client) NewRenewer(i *RenewerInput) (*Renewer, error)
- func (c *Client) NewRequest(method, requestPath string) *Request
- func (c *Client) RawRequest(r *Request) (*Response, error)
- func (c *Client) SSH() *SSH
- func (c *Client) SSHHelper() *SSHHelper
- func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper
- func (c *Client) SSHWithMountPoint(mountPoint string) *SSH
- func (c *Client) SetAddress(addr string) error
- func (c *Client) SetBackoff(backoff retryablehttp.Backoff)
- func (c *Client) SetClientTimeout(timeout time.Duration)
- func (c *Client) SetHeaders(headers http.Header)
- func (c *Client) SetLimiter(rateLimit float64, burst int)
- func (c *Client) SetMFACreds(creds []string)
- func (c *Client) SetMaxRetries(retries int)
- func (c *Client) SetPolicyOverride(override bool)
- func (c *Client) SetToken(v string)
- func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc)
- func (c *Client) Sys() *Sys
- func (c *Client) Token() string
- type Config
- type DeregisterPluginInput
- type EnableAuditOptions
- type EnableAuthOptions
- type ErrorResponse
- type GenerateRootStatusResponse
- type GetPluginInput
- type GetPluginResponse
- type HealthResponse
- type Help
- type InitRequest
- type InitResponse
- type InitStatusResponse
- type KeyStatus
- type LeaderResponse
- type ListPluginsInput
- type ListPluginsResponse
- type Logical
- func (c *Logical) Delete(path string) (*Secret, error)
- func (c *Logical) List(path string) (*Secret, error)
- func (c *Logical) Read(path string) (*Secret, error)
- func (c *Logical) Unwrap(wrappingToken string) (*Secret, error)
- func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error)
- type MountConfigInput
- type MountConfigOutput
- type MountInput
- type MountOutput
- type RegisterPluginInput
- type RekeyInitRequest
- type RekeyRetrieveResponse
- type RekeyStatusResponse
- type RekeyUpdateResponse
- type RekeyVerificationStatusResponse
- type RekeyVerificationUpdateResponse
- type RenewOutput
- type Renewer
- type RenewerInput
- type Request
- type Response
- type SSH
- type SSHHelper
- type SSHHelperConfig
- type SSHVerifyResponse
- type SealStatusResponse
- type Secret
- func (s *Secret) TokenAccessor() (string, error)
- func (s *Secret) TokenID() (string, error)
- func (s *Secret) TokenIsRenewable() (bool, error)
- func (s *Secret) TokenMetadata() (map[string]string, error)
- func (s *Secret) TokenPolicies() ([]string, error)
- func (s *Secret) TokenRemainingUses() (int, error)
- func (s *Secret) TokenTTL() (time.Duration, error)
- type SecretAuth
- type SecretWrapInfo
- type Sys
- func (c *Sys) AuditHash(path string, input string) (string, error)
- func (c *Sys) CORSStatus() (*CORSResponse, error)
- func (c *Sys) Capabilities(token, path string) ([]string, error)
- func (c *Sys) CapabilitiesSelf(path string) ([]string, error)
- func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error)
- func (c *Sys) DeletePolicy(name string) error
- func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error
- func (c *Sys) DisableAudit(path string) error
- func (c *Sys) DisableAuth(path string) error
- func (c *Sys) DisableCORS() (*CORSResponse, error)
- func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error
- func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error
- func (c *Sys) EnableAuth(path, authType, desc string) error
- func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error
- func (c *Sys) GenerateDROperationTokenCancel() error
- func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)
- func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error)
- func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)
- func (c *Sys) GenerateRootCancel() error
- func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)
- func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error)
- func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)
- func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error)
- func (c *Sys) GetPolicy(name string) (string, error)
- func (c *Sys) Health() (*HealthResponse, error)
- func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)
- func (c *Sys) InitStatus() (bool, error)
- func (c *Sys) KeyStatus() (*KeyStatus, error)
- func (c *Sys) Leader() (*LeaderResponse, error)
- func (c *Sys) ListAudit() (map[string]*Audit, error)
- func (c *Sys) ListAuth() (map[string]*AuthMount, error)
- func (c *Sys) ListMounts() (map[string]*MountOutput, error)
- func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error)
- func (c *Sys) ListPolicies() ([]string, error)
- func (c *Sys) Mount(path string, mountInfo *MountInput) error
- func (c *Sys) MountConfig(path string) (*MountConfigOutput, error)
- func (c *Sys) PutPolicy(name, rules string) error
- func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error
- func (c *Sys) RekeyCancel() error
- func (c *Sys) RekeyDeleteBackup() error
- func (c *Sys) RekeyDeleteRecoveryBackup() error
- func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)
- func (c *Sys) RekeyRecoveryKeyCancel() error
- func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)
- func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error)
- func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error)
- func (c *Sys) RekeyRecoveryKeyVerificationCancel() error
- func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error)
- func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)
- func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error)
- func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error)
- func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)
- func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error)
- func (c *Sys) RekeyVerificationCancel() error
- func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error)
- func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)
- func (c *Sys) Remount(from, to string) error
- func (c *Sys) Renew(id string, increment int) (*Secret, error)
- func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error)
- func (c *Sys) Revoke(id string) error
- func (c *Sys) RevokeForce(id string) error
- func (c *Sys) RevokePrefix(id string) error
- func (c *Sys) Rotate() error
- func (c *Sys) Seal() error
- func (c *Sys) SealStatus() (*SealStatusResponse, error)
- func (c *Sys) StepDown() error
- func (c *Sys) TuneMount(path string, config MountConfigInput) error
- func (c *Sys) Unmount(path string) error
- func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)
- type TLSConfig
- type TokenAuth
- func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error)
- func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error)
- func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error)
- func (c *TokenAuth) Lookup(token string) (*Secret, error)
- func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error)
- func (c *TokenAuth) LookupSelf() (*Secret, error)
- func (c *TokenAuth) Renew(token string, increment int) (*Secret, error)
- func (c *TokenAuth) RenewSelf(increment int) (*Secret, error)
- func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error)
- func (c *TokenAuth) RevokeAccessor(accessor string) error
- func (c *TokenAuth) RevokeOrphan(token string) error
- func (c *TokenAuth) RevokeSelf(token string) error
- func (c *TokenAuth) RevokeTree(token string) error
- type TokenCreateRequest
- type WrappingLookupFunc
Constants ¶
const ( // SSHHelperDefaultMountPoint is the default path at which SSH backend will be // mounted in the Vault server. SSHHelperDefaultMountPoint = "ssh" // VerifyEchoRequest is the echo request message sent as OTP by the helper. VerifyEchoRequest = "verify-echo-request" // VerifyEchoResponse is the echo response message sent as a response to OTP // matching echo request. VerifyEchoResponse = "verify-echo-response" )
const EnvRateLimit = "VAULT_RATE_LIMIT"
const EnvVaultAddress = "VAULT_ADDR"
const EnvVaultCACert = "VAULT_CACERT"
const EnvVaultCAPath = "VAULT_CAPATH"
const EnvVaultClientCert = "VAULT_CLIENT_CERT"
const EnvVaultClientKey = "VAULT_CLIENT_KEY"
const EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
const EnvVaultInsecure = "VAULT_SKIP_VERIFY"
const EnvVaultMFA = "VAULT_MFA"
const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
const EnvVaultToken = "VAULT_TOKEN"
const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
Variables ¶
var ( // The default TTL that will be used with `sys/wrapping/wrap`, can be // changed DefaultWrappingTTL = "5m" // The default function used if no other function is set, which honors the // env var and wraps `sys/wrapping/wrap` DefaultWrappingLookupFunc = func(operation, path string) string { if os.Getenv(EnvVaultWrapTTL) != "" { return os.Getenv(EnvVaultWrapTTL) } if (operation == "PUT" || operation == "POST") && path == "sys/wrapping/wrap" { return DefaultWrappingTTL } return "" } )
var ( ErrRenewerMissingInput = errors.New("missing input to renewer") ErrRenewerMissingSecret = errors.New("missing secret to renew") ErrRenewerNotRenewable = errors.New("secret is not renewable") ErrRenewerNoSecretData = errors.New("returned empty secret data") // DefaultRenewerRenewBuffer is the default size of the buffer for renew // messages on the channel. DefaultRenewerRenewBuffer = 5 )
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is used to perform credential backend related operations.
type AuthConfigInput ¶ added in v0.8.2
type AuthConfigInput struct {
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
}
type AuthConfigOutput ¶ added in v0.6.1
type AuthConfigOutput struct {
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
}
type AuthMount ¶
type AuthMount struct {
Type string `json:"type" mapstructure:"type"`
Description string `json:"description" mapstructure:"description"`
Accessor string `json:"accessor" mapstructure:"accessor"`
Config AuthConfigOutput `json:"config" mapstructure:"config"`
Local bool `json:"local" mapstructure:"local"`
SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"`
Options map[string]string `json:"options" mapstructure:"options"`
}
type CORSRequest ¶ added in v0.8.0
type CORSResponse ¶ added in v0.8.0
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the client to the Vault API. Create a client with NewClient.
func NewClient ¶
NewClient returns a new client for the given configuration.
If the configuration is nil, Vault will use configuration from DefaultConfig(), which is the recommended starting configuration.
If the environment variable `VAULT_TOKEN` is present, the token will be automatically added to the client. Otherwise, you must manually call `SetToken()`.
func (*Client) Address ¶ added in v0.6.3
Address returns the Vault URL the client is configured to connect to
func (*Client) ClearToken ¶
func (c *Client) ClearToken()
ClearToken deletes the token if it is set or does nothing otherwise.
func (*Client) Clone ¶ added in v0.8.0
Clone creates a new client with the same configuration. Note that the same underlying http.Client is used; modifying the client from more than one goroutine at once may not be safe, so modify the client as needed and then clone.
func (*Client) CurrentWrappingLookupFunc ¶ added in v0.10.2
func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc
CurrentWrappingLookupFunc sets a lookup function that returns desired wrap TTLs for a given operation and path
func (*Client) NewRenewer ¶ added in v0.8.0
func (c *Client) NewRenewer(i *RenewerInput) (*Renewer, error)
NewRenewer creates a new renewer from the given input.
func (*Client) NewRequest ¶
NewRequest creates a new raw request object to query the Vault server configured for this client. This is an advanced method and generally doesn't need to be called externally.
func (*Client) RawRequest ¶
RawRequest performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.
func (*Client) SSHHelper ¶ added in v0.5.1
SSHHelper creates an SSHHelper object which can talk to Vault server with SSH backend mounted at default path ("ssh").
func (*Client) SSHHelperWithMountPoint ¶ added in v0.5.1
SSHHelperWithMountPoint creates an SSHHelper object which can talk to Vault server with SSH backend mounted at a specific mount point.
func (*Client) SSHWithMountPoint ¶ added in v0.3.0
SSHWithMountPoint returns the client with specific SSH mount point.
func (*Client) SetAddress ¶ added in v0.6.1
Sets the address of Vault in the client. The format of address should be "<Scheme>://<Host>:<Port>". Setting this on a client will override the value of VAULT_ADDR environment variable.
func (*Client) SetBackoff ¶ added in v0.10.2
func (c *Client) SetBackoff(backoff retryablehttp.Backoff)
SetBackoff sets the backoff function to be used for future requests.
func (*Client) SetClientTimeout ¶ added in v0.8.0
SetClientTimeout sets the client request timeout
func (*Client) SetHeaders ¶ added in v0.9.0
SetHeaders sets the headers to be used for future requests.
func (*Client) SetLimiter ¶ added in v0.10.2
SetLimiter will set the rate limiter for this client. This method is thread-safe. rateLimit and burst are specified according to https://godoc.org/golang.org/x/time/rate#NewLimiter
func (*Client) SetMFACreds ¶ added in v0.9.0
SetMFACreds sets the MFA credentials supplied either via the environment variable or via the command line.
func (*Client) SetMaxRetries ¶ added in v0.7.0
SetMaxRetries sets the number of retries that will be used in the case of certain errors
func (*Client) SetPolicyOverride ¶ added in v0.9.0
SetPolicyOverride sets whether requests should be sent with the policy override flag to request overriding soft-mandatory Sentinel policies (both RGPs and EGPs)
func (*Client) SetToken ¶
SetToken sets the token directly. This won't perform any auth verification, it simply sets the token properly for future requests.
func (*Client) SetWrappingLookupFunc ¶ added in v0.6.0
func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc)
SetWrappingLookupFunc sets a lookup function that returns desired wrap TTLs for a given operation and path
type Config ¶
type Config struct {
// Address is the address of the Vault server. This should be a complete
// URL such as "http://vault.example.com". If you need a custom SSL
// cert or want to enable insecure mode, you need to specify a custom
// HttpClient.
Address string
// HttpClient is the HTTP client to use. Vault sets sane defaults for the
// http.Client and its associated http.Transport created in DefaultConfig.
// If you must modify Vault's defaults, it is suggested that you start with
// that client and modify as needed rather than start with an empty client
// (or http.DefaultClient).
HttpClient *http.Client
// MaxRetries controls the maximum number of times to retry when a 5xx
// error occurs. Set to 0 to disable retrying. Defaults to 2 (for a total
// of three tries).
MaxRetries int
// Timeout is for setting custom timeout parameter in the HttpClient
Timeout time.Duration
// If there is an error when creating the configuration, this will be the
// error
Error error
// The Backoff function to use; a default is used if not provided
Backoff retryablehttp.Backoff
// Limiter is the rate limiter used by the client.
// If this pointer is nil, then there will be no limit set.
// In contrast, if this pointer is set, even to an empty struct,
// then that limiter will be used. Note that an empty Limiter
// is equivalent blocking all events.
Limiter *rate.Limiter
// contains filtered or unexported fields
}
Config is used to configure the creation of the client.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a default configuration for the client. It is safe to modify the return value of this function.
The default Address is https://127.0.0.1:8200, but this can be overridden by setting the `VAULT_ADDR` environment variable.
If an error is encountered, this will return nil.
func (*Config) ConfigureTLS ¶ added in v0.6.1
ConfigureTLS takes a set of TLS configurations and applies those to the the HTTP client.
func (*Config) ReadEnvironment ¶ added in v0.4.0
ReadEnvironment reads configuration information from the environment. If there is an error, no configuration value is updated.
type DeregisterPluginInput ¶ added in v0.10.0
type DeregisterPluginInput struct {
// Name is the name of the plugin. Required.
Name string `json:"-"`
}
DeregisterPluginInput is used as input to the DeregisterPlugin function.
type EnableAuditOptions ¶ added in v0.7.0
type EnableAuthOptions ¶ added in v0.7.0
type EnableAuthOptions struct {
Type string `json:"type"`
Description string `json:"description"`
Config AuthConfigInput `json:"config"`
Local bool `json:"local"`
PluginName string `json:"plugin_name,omitempty"`
SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"`
Options map[string]string `json:"options" mapstructure:"options"`
}
type ErrorResponse ¶
type ErrorResponse struct {
Errors []string
}
ErrorResponse is the raw structure of errors when they're returned by the HTTP API.
type GenerateRootStatusResponse ¶ added in v0.5.0
type GenerateRootStatusResponse struct {
Nonce string `json:"nonce"`
Started bool `json:"started"`
Progress int `json:"progress"`
Required int `json:"required"`
Complete bool `json:"complete"`
EncodedToken string `json:"encoded_token"`
EncodedRootToken string `json:"encoded_root_token"`
PGPFingerprint string `json:"pgp_fingerprint"`
}
type GetPluginInput ¶ added in v0.10.0
type GetPluginInput struct {
Name string `json:"-"`
}
GetPluginInput is used as input to the GetPlugin function.
type GetPluginResponse ¶ added in v0.10.0
type GetPluginResponse struct {
Args []string `json:"args"`
Builtin bool `json:"builtin"`
Command string `json:"command"`
Name string `json:"name"`
SHA256 string `json:"sha256"`
}
GetPluginResponse is the response from the GetPlugin call.
type HealthResponse ¶ added in v0.7.3
type HealthResponse struct {
Initialized bool `json:"initialized"`
Sealed bool `json:"sealed"`
Standby bool `json:"standby"`
ReplicationPerformanceMode string `json:"replication_performance_mode"`
ReplicationDRMode string `json:"replication_dr_mode"`
ServerTimeUTC int64 `json:"server_time_utc"`
Version string `json:"version"`
ClusterName string `json:"cluster_name,omitempty"`
ClusterID string `json:"cluster_id,omitempty"`
}
type InitRequest ¶
type InitResponse ¶
type InitStatusResponse ¶
type InitStatusResponse struct {
Initialized bool
}
type LeaderResponse ¶
type ListPluginsInput ¶ added in v0.10.0
type ListPluginsInput struct{}
ListPluginsInput is used as input to the ListPlugins function.
type ListPluginsResponse ¶ added in v0.10.0
type ListPluginsResponse struct {
// Names is the list of names of the plugins.
Names []string
}
ListPluginsResponse is the response from the ListPlugins call.
type Logical ¶
type Logical struct {
// contains filtered or unexported fields
}
Logical is used to perform logical backend operations on Vault.
type MountConfigInput ¶ added in v0.3.0
type MountConfigInput struct {
Options map[string]string `json:"options" mapstructure:"options"`
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
}
type MountConfigOutput ¶ added in v0.3.0
type MountConfigOutput struct {
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
}
type MountInput ¶ added in v0.3.0
type MountInput struct {
Type string `json:"type"`
Description string `json:"description"`
Config MountConfigInput `json:"config"`
Options map[string]string `json:"options"`
Local bool `json:"local"`
PluginName string `json:"plugin_name,omitempty"`
SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"`
}
type MountOutput ¶ added in v0.3.0
type RegisterPluginInput ¶ added in v0.10.0
type RegisterPluginInput struct {
// Name is the name of the plugin. Required.
Name string `json:"-"`
// Args is the list of args to spawn the process with.
Args []string `json:"args,omitempty"`
// Command is the command to run.
Command string `json:"command,omitempty"`
// SHA256 is the shasum of the plugin.
SHA256 string `json:"sha256,omitempty"`
}
RegisterPluginInput is used as input to the RegisterPlugin function.
type RekeyInitRequest ¶ added in v0.2.0
type RekeyRetrieveResponse ¶ added in v0.5.0
type RekeyStatusResponse ¶ added in v0.2.0
type RekeyStatusResponse struct {
Nonce string `json:"nonce"`
Started bool `json:"started"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
Required int `json:"required"`
PGPFingerprints []string `json:"pgp_fingerprints"`
Backup bool `json:"backup"`
VerificationRequired bool `json:"verification_required"`
VerificationNonce string `json:"verification_nonce"`
}
type RekeyUpdateResponse ¶ added in v0.2.0
type RekeyUpdateResponse struct {
Nonce string `json:"nonce"`
Complete bool `json:"complete"`
Keys []string `json:"keys"`
KeysB64 []string `json:"keys_base64"`
PGPFingerprints []string `json:"pgp_fingerprints"`
Backup bool `json:"backup"`
VerificationRequired bool `json:"verification_required"`
VerificationNonce string `json:"verification_nonce,omitempty"`
}
type RekeyVerificationStatusResponse ¶ added in v0.10.2
type RekeyVerificationUpdateResponse ¶ added in v0.10.2
type RenewOutput ¶ added in v0.8.0
type RenewOutput struct {
// RenewedAt is the timestamp when the renewal took place (UTC).
RenewedAt