Skip to content
/ go-db-credential-refresh Public

Reconnecting, credential refreshing SQL DB driver adapter in Go

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

davepgreene/go-db-credential-refresh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
.github
.github
 
 
driver
driver
 
 
examples
examples
 
 
store
store
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
codecov.yml
codecov.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Go DB Credential Refresh

Godoc Reference Test Lint codecov

Go DB Credential Refresh is a driver to handle seamlessly reconnecting database/sql connections on credential rotation. This driver will work fine with static credentials but is designed for systems like Hashicorp Vault's Database Secrets Engines or AWS RDS IAM Authentication where the credentials are retrieved from the identity manager before connecting.

Go DB Credential Refresh acts as a wrapper over existing DB drivers. It supports the following community DB drivers by default:

but users can register anything that implements database/sql/driver.Driver.

Installation

go get -u github.com/davepgreene/go-db-credential-refresh

Connector

The mechanism to interact with the driver is handled through a Connector which is a tight coupling between a database/sql/driver.Driver, a Formatter, and an AuthError. The latter two types handle formatting the components of a connection string for the specific DB implementation and an evaluation function that determines if an error coming from the driver.Driver is an authentication-related error.

Formatters

Formatters assemble db- or driver-specific connection strings so the Connector can retry a connection with new credentials. This library ships with formatter implementations for MySQL and PostgreSQL both as a connection URI and a K/V connection string (see the PostgreSQL docs for more info) in the driver package.

AuthErrors

An AuthError is an evaluative function which determines if an error represents a failed connection due to authentication. This tells the Connector to use its store to attempt to retrieve new credentials.AuthErrors for MySQL and PostgreSQL are included in the driver package.

Stores

A store is a mechanism to retrieve credentials. When you use the DB driver, you associate a Store with the Connector. Every time Connector.Connect is called, the store is queried for credentials. Stores must implement the Store interface (see driver/store.go).

Go DB Credential Refresh currently ships with store implementations for Vault and RDS IAM Authentication. The Vault store includes both Token Auth and Kubernetes Auth authentication methods. See the vault package for the Vault implementation and awsrds package for RDS IAM Authentication. Both included store implementations are available as independent modules.

Examples

See the examples directory for sample usage and the Vault example directory for how to use that module.

About

Reconnecting, credential refreshing SQL DB driver adapter in Go

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v2.0.1 Latest
Mar 15, 2024
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages