Add trace option for Vault

docs/ddayconfig.yml

@@ -29,6 +29,10 @@ backends:
     # (string) This is the path to begin looking for Vault secrets. Everything under this
     # path will be searched. Defaults to "secret/" if not present.
     base_path: "secret/"
+    # (boolean) If set to true, requests to and responses from the Vault will
+    # be logged to stdout. You probably only want this if you're debugging.
+    #trace: true
+    #
     # (hash) Options for authorizing to Vault
     # Must either provide "token" for Token auth or "role_id" and "secret_id" for AppRole
     # If a token is given, it should either have no expiry or be renewable.

storage/vault.go

@@ -3,8 +3,10 @@ package storage
 import (
 	"crypto/tls"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"runtime"
 	"strings"
@@ -27,6 +29,7 @@ type VaultConfig struct {
 	Address            string `yaml:"address"`
 	InsecureSkipVerify bool   `yaml:"insecure_skip_verify"`
 	BasePath           string `yaml:"base_path"`
+	Trace              bool   `yaml:"trace"`
 	Auth               struct {
 		Token    string `yaml:"token"`
 		RoleID   string `yaml:"role_id"`
@@ -52,6 +55,12 @@ func newVaultAccessor(conf VaultConfig) (*VaultAccessor, error) {
 		conf.BasePath = "secret/"
 	}
 
+	var tracer io.Writer
+	if conf.Trace {
+		//I'm already tracer
+		tracer = os.Stdout
+	}
+
 	client := &vaultkv.Client{
 		VaultURL:  u,
 		AuthToken: conf.Auth.Token,
@@ -63,7 +72,7 @@ func newVaultAccessor(conf VaultConfig) (*VaultAccessor, error) {
 				MaxIdleConnsPerHost: runtime.NumCPU(),
 			},
 		},
-		//Trace: os.Stdout,
+		Trace: tracer,
 	}
 
 	var shouldRenew bool