github.com/hashicorp/vault/sdk@v0.13.0/framework/secret.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package framework 5 6 import ( 7 "context" 8 "time" 9 10 "github.com/hashicorp/vault/sdk/logical" 11 ) 12 13 // Secret is a type of secret that can be returned from a backend. 14 type Secret struct { 15 // Type is the name of this secret type. This is used to setup the 16 // vault ID and to look up the proper secret structure when revocation/ 17 // renewal happens. Once this is set this should not be changed. 18 // 19 // The format of this must match (case insensitive): ^a-Z0-9_$ 20 Type string 21 22 // Fields is the mapping of data fields and schema that comprise 23 // the structure of this secret. 24 Fields map[string]*FieldSchema 25 26 // DefaultDuration is the default value for the duration of the lease for 27 // this secret. This can be manually overwritten with the result of 28 // Response(). 29 // 30 // If these aren't set, Vault core will set a default lease period which 31 // may come from a mount tuning. 32 DefaultDuration time.Duration 33 34 // Renew is the callback called to renew this secret. If Renew is 35 // not specified then renewable is set to false in the secret. 36 // See lease.go for helpers for this value. 37 Renew OperationFunc 38 39 // Revoke is the callback called to revoke this secret. This is required. 40 Revoke OperationFunc 41 } 42 43 func (s *Secret) Renewable() bool { 44 return s.Renew != nil 45 } 46 47 func (s *Secret) Response( 48 data, internal map[string]interface{}, 49 ) *logical.Response { 50 internalData := make(map[string]interface{}) 51 for k, v := range internal { 52 internalData[k] = v 53 } 54 internalData["secret_type"] = s.Type 55 56 return &logical.Response{ 57 Secret: &logical.Secret{ 58 LeaseOptions: logical.LeaseOptions{ 59 TTL: s.DefaultDuration, 60 Renewable: s.Renewable(), 61 }, 62 InternalData: internalData, 63 }, 64 65 Data: data, 66 } 67 } 68 69 // HandleRenew is the request handler for renewing this secret. 70 func (s *Secret) HandleRenew(ctx context.Context, req *logical.Request) (*logical.Response, error) { 71 if !s.Renewable() { 72 return nil, logical.ErrUnsupportedOperation 73 } 74 75 data := &FieldData{ 76 Raw: req.Data, 77 Schema: s.Fields, 78 } 79 80 return s.Renew(ctx, req, data) 81 } 82 83 // HandleRevoke is the request handler for revoking this secret. 84 func (s *Secret) HandleRevoke(ctx context.Context, req *logical.Request) (*logical.Response, error) { 85 data := &FieldData{ 86 Raw: req.Data, 87 Schema: s.Fields, 88 } 89 90 if s.Revoke != nil { 91 return s.Revoke(ctx, req, data) 92 } 93 94 return nil, logical.ErrUnsupportedOperation 95 }