64448b62a4
* Add Read methods for KVClient * KV write helper * Add changelog * Add Delete method * Use extractVersionMetadata inside extractDataAndVersionMetadata * Return nil, nil for v1 writes * Add test for extracting version metadata * Split kv client into v1 and v2-specific clients * Add ability to set options on Put * Add test for KV helpers * Add custom metadata to top level and allow for getting versions as sorted slice * Update tests * Separate KV v1 and v2 into different files * Add test for GetVersionsAsList, rename Metadata key to VersionMetadata for clarity * Move structs and godoc comments to more appropriate files * Add more tests for extract methods * Rework custom metadata helper to be more consistent with other helpers * Remove KVSecret from custom metadata test now that we don't append to it as part of helper method * Return early for readability and make test value name less confusing
51 lines
1.8 KiB
Go
51 lines
1.8 KiB
Go
package api
|
|
|
|
// A KVSecret is a key-value secret returned by Vault's KV secrets engine,
|
|
// and is the most basic type of secret stored in Vault.
|
|
//
|
|
// Data contains the key-value pairs of the secret itself,
|
|
// while Metadata contains a subset of metadata describing
|
|
// this particular version of the secret.
|
|
// The Metadata field for a KV v1 secret will always be nil, as
|
|
// metadata is only supported starting in KV v2.
|
|
//
|
|
// The Raw field can be inspected for information about the lease,
|
|
// and passed to a LifetimeWatcher object for periodic renewal.
|
|
type KVSecret struct {
|
|
Data map[string]interface{}
|
|
VersionMetadata *KVVersionMetadata
|
|
CustomMetadata map[string]interface{}
|
|
Raw *Secret
|
|
}
|
|
|
|
// KVv1 is used to return a client for reads and writes against
|
|
// a KV v1 secrets engine in Vault.
|
|
//
|
|
// The mount path is the location where the target KV secrets engine resides
|
|
// in Vault.
|
|
//
|
|
// While v1 is not necessarily deprecated, Vault development servers tend to
|
|
// use v2 as the version of the KV secrets engine, as this is what's mounted
|
|
// by default when a server is started in -dev mode. See the kvv2 struct.
|
|
//
|
|
// Learn more about the KV secrets engine here:
|
|
// https://www.vaultproject.io/docs/secrets/kv
|
|
func (c *Client) KVv1(mountPath string) *kvv1 {
|
|
return &kvv1{c: c, mountPath: mountPath}
|
|
}
|
|
|
|
// KVv2 is used to return a client for reads and writes against
|
|
// a KV v2 secrets engine in Vault.
|
|
//
|
|
// The mount path is the location where the target KV secrets engine resides
|
|
// in Vault.
|
|
//
|
|
// Vault development servers tend to have "secret" as the mount path,
|
|
// as these are the default settings when a server is started in -dev mode.
|
|
//
|
|
// Learn more about the KV secrets engine here:
|
|
// https://www.vaultproject.io/docs/secrets/kv
|
|
func (c *Client) KVv2(mountPath string) *kvv2 {
|
|
return &kvv2{c: c, mountPath: mountPath}
|
|
}
|