/
aws.go
39 lines (32 loc) · 913 Bytes
/
aws.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package vault
import (
"errors"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/hashicorp/vault/api"
)
type AwsDynamicCredentials struct {
AccessKeyId string
SecretAccessKey string
Expiry time.Time
}
func mapVaultAwsCredentialResponse(secret *api.Secret) (aws.Credentials, error) {
if secret == nil || secret.Data == nil {
return aws.Credentials{}, errors.New("empty secret / payload")
}
accessKey, ok := secret.Data["access_key"].(string)
if !ok {
return aws.Credentials{}, errors.New("empty 'access_key'")
}
secretKey, ok := secret.Data["secret_key"].(string)
if !ok {
return aws.Credentials{}, errors.New("empty 'secret_key'")
}
return aws.Credentials{
AccessKeyID: accessKey,
SecretAccessKey: secretKey,
CanExpire: true,
Expires: time.Now().Add(time.Duration(secret.LeaseDuration) * time.Second),
Source: "vault",
}, nil
}