Documentation
¶
Index ¶
- type AWSAuth
- type LoginOption
- func WithEC2Auth() LoginOption
- func WithIAMAuth() LoginOption
- func WithIAMServerIDHeader(headerValue string) LoginOption
- func WithIdentitySignature() LoginOption
- func WithMountPath(mountPath string) LoginOption
- func WithNonce(nonce string) LoginOption
- func WithPKCS7Signature() LoginOption
- func WithRSA2048Signature() LoginOption
- func WithRegion(region string) LoginOption
- func WithRole(roleName string) LoginOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSAuth ¶
type AWSAuth struct {
// contains filtered or unexported fields
}
func NewAWSAuth ¶
func NewAWSAuth(opts ...LoginOption) (*AWSAuth, error)
NewAWSAuth initializes a new AWS auth method interface to be passed as a parameter to the client.Auth().Login method.
Supported options: WithRole, WithMountPath, WithIAMAuth, WithEC2Auth, WithPKCS7Signature, WithIdentitySignature, WithRSA2048Signature, WithIAMServerIDHeader, WithNonce, WithRegion
func (*AWSAuth) Login ¶
Login sets up the required request body for the AWS auth method's /login endpoint, and performs a write to it. This method defaults to the "iam" auth type unless NewAWSAuth is called with WithEC2Auth().
The Vault client will set its credentials to the values of the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION environment variables. To specify a path to a credentials file on disk instead, set the environment variable AWS_SHARED_CREDENTIALS_FILE.
type LoginOption ¶
func WithEC2Auth ¶
func WithEC2Auth() LoginOption
func WithIAMAuth ¶
func WithIAMAuth() LoginOption
func WithIAMServerIDHeader ¶
func WithIAMServerIDHeader(headerValue string) LoginOption
func WithIdentitySignature ¶
func WithIdentitySignature() LoginOption
WithIdentitySignature will have the client send the cryptographic identity document signature to verify EC2 auth logins. Only used by EC2 auth type. If this option is not provided, will default to using the PKCS #7 signature. The signature type used should match the type of the public AWS cert Vault has been configured with to verify EC2 instance identity. https://developer.hashicorp.com/vault/api-docs/auth/aws#create-certificate-configuration
func WithMountPath ¶
func WithMountPath(mountPath string) LoginOption
func WithNonce ¶
func WithNonce(nonce string) LoginOption
WithNonce can be used to specify a named nonce for the ec2 auth login method. If not provided, an automatically-generated uuid will be used instead.
func WithPKCS7Signature ¶
func WithPKCS7Signature() LoginOption
WithPKCS7Signature will explicitly tell the client to send the PKCS #7 signature to verify EC2 auth logins. Only used by EC2 auth type. PKCS #7 is the default, but this method is provided for additional clarity. The signature type used should match the type of the public AWS cert Vault has been configured with to verify EC2 instance identity. https://developer.hashicorp.com/vault/api-docs/auth/aws#create-certificate-configuration
func WithRSA2048Signature ¶ added in v0.9.0
func WithRSA2048Signature() LoginOption
WithRSA2048Signature will explicitly tell the client to send the RSA2048 signature to verify EC2 auth logins. Only used by EC2 auth type. If this option is not provided, will default to using the PKCS #7 signature. The signature type used should match the type of the public AWS cert Vault has been configured with to verify EC2 instance identity. https://www.vaultproject.io/api/auth/aws#create-certificate-configuration
func WithRegion ¶
func WithRegion(region string) LoginOption
func WithRole ¶
func WithRole(roleName string) LoginOption
Source Files