MCPcopy
hub / github.com/getsops/sops / vaultClient

Function vaultClient

hcvault/keysource.go:397–432  ·  view source on GitHub ↗

vaultClient returns a new Vault client, configured with the given address and token.

(address, token string, hc *http.Client)

Source from the content-addressed store, hash-verified

395// vaultClient returns a new Vault client, configured with the given address
396// and token.
397func vaultClient(address, token string, hc *http.Client) (*api.Client, error) {
398 cfg := api.DefaultConfig()
399 cfg.Address = address
400
401 allowlist, err := getAllowlist()
402 if err != nil {
403 return nil, err
404 }
405 if !allowlist.Allows(address) {
406 return nil, fmt.Errorf("Allowlist does not allow %s", address)
407 }
408
409 if hc != nil {
410 cfg.HttpClient = hc
411 }
412
413 client, err := api.NewClient(cfg)
414 if err != nil {
415 return nil, fmt.Errorf("cannot create Vault client: %w", err)
416 }
417
418 if token != "" {
419 client.SetToken(token)
420 }
421 // Provided token takes precedence over the user's token.
422 if client.Token() == "" {
423 if token, err = userVaultToken(); err != nil {
424 return nil, fmt.Errorf("cannot get Vault token: %w", err)
425 }
426 if token != "" {
427 client.SetToken(token)
428 }
429 }
430
431 return client, nil
432}
433
434// userVaultToken returns the token from `$HOME/.vault-token` if the file
435// exists. It returns an error if the file exists but cannot be read from.

Callers 7

EncryptContextMethod · 0.85
DecryptContextMethod · 0.85
TestMasterKey_EncryptFunction · 0.85
TestMasterKey_DecryptFunction · 0.85
Test_vaultClientFunction · 0.85
enableVaultTransitFunction · 0.85
createVaultKeyFunction · 0.85

Calls 3

getAllowlistFunction · 0.85
userVaultTokenFunction · 0.85
AllowsMethod · 0.80

Tested by 5

TestMasterKey_EncryptFunction · 0.68
TestMasterKey_DecryptFunction · 0.68
Test_vaultClientFunction · 0.68
enableVaultTransitFunction · 0.68
createVaultKeyFunction · 0.68