Skip to content
This repository has been archived by the owner on Nov 11, 2024. It is now read-only.
/ vault-go-client Public archive

This is a Golang library for interacting with Vault programmatically.

License

Notifications You must be signed in to change notification settings

RiotGames/vault-go-client

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

vault-go-client

Under Development

This is a Golang client for Vault which was primarily used for Riot's AWS temporary key generation utility, KeyConjurer. It is no longer under development. You are suggested to use the official Hashicorp Vault SDK instead, or consider factoring your programs such that they are unaware of Vault entirely.

Supported Auth Methods

  • ✔️ IAM
  • ✔️ AppRole
  • ✔️ LDAP
  • ✔️ Token
  • k8s (coming soon)

Supported Secret Stores

  • ✔️ KV2

Usage

To retrieve this package run:

go get github.com/riotgames/vault-go-client

Creating a Client

The following will create a client with default configuration:

import vault "github.com/riotgames/vault-go-client"
...

// Uses VAULT_ADDR env var to set the clients URL
client, err := vault.NewClient(vault.DefaultConfig())

if err != nil {
    log.Fatal(err.Error())
}
...

Putting a Secret into Vault

The following will put a secret into Vault:

secretMap := map[string]interface{}{
    "hello": "world",
}

if _, err = client.KV2.Put(vault.KV2PutOptions{
	MountPath:  secretMountPath,
	SecretPath: secretPath,
	Secrets:    secretMap,
}); err != nil {
	log.Fatal(err.Error())
}

Retrieving a Secret from Vault

Unmarshaling Approach

This approach unmarshals the secret from Vault into the provided struct. The embedded struct vault.SecretMetadata is optional.

type Secret struct {
	Hello string `json:"hello"`
	vault.SecretMetadata
}
...
secret := &Secret{}

if _, err = client.KV2.Get(vault.KV2GetOptions{
	MountPath:     secretMountPath,
	SecretPath:    secretPath,
	UnmarshalInto: secret,
}); err != nil {
	log.Fatal(err.Error())
}
fmt.Printf("%v\n", secret)

Raw Secret Approach

This approach returns a Secret defined in github.com/hashicorp/vault/api.

secret, err := client.KV2.Get(vault.KV2GetOptions{
	MountPath:  secretMountPath,
	SecretPath: secretPath,
})

if err != nil {
	log.Fatal(err.Error())
}

About

This is a Golang library for interacting with Vault programmatically.

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages