Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.
/ vaultlib Public archive
forked from mch1307/vaultlib

Lightweight Go client library for reading Vault kv secrets

travis-ci.org/github/truetickets/vaultlib

License

MIT license
0 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TrueTickets/vaultlib

BranchesTags
 
 

Repository files navigation

vaultlib

Build Status Coverage Status GoDoc Go Report Card

This work forks Michael Champagne's vaultlib at https://github.com/mch1307/vaultlib

Lightweight, simple Go library for Vault secret reading (http API).

Connect to Vault through app role or token.

Reads kv secret values

Features

  • Connect to Vault through app role
  • Read Vault secret, kv type (v1 or v2 "versioned")
  • Automatically renew token
  • Execute any HTTP request on Vault (RawRequest)

Config

Configuration can be done through env variables or programmatically through the Config object The following env variables are supported:

VAULT_ADDR            # Vault server URL (default "http://localhost:8200")
VAULT_CACERT          # Path to CA file
VAULT_TOKEN           # Vault Token
VAULT_ROLEID          # Vault app role id
VAULT_SECRETID        # Vault app role secret id
VAULT_MOUNTPOINT      # Vault app role mountpoint (default "approle")
VAULT_CLIENT_TIMEOUT  # Client timeout
VAULT_SKIP_VERIFY     # Do not check SSL

If not set, vaultlib will fallback to safe default values.

vautlib will automatically use the http_proxy environment variable to connect to Vault

Tests

To test this library, run go1.11.13 test -vaultVersion 1.4.1 in the root of the repo.

Getting Started

For a simple, working example, check the sample folder.

package main

import (
    "fmt"
    "log"
    "os"

    vault "github.com/TrueTickets/vaultlib"
)

func main() {
    // Config can be set through ENV before invoking NewConfig
    os.Setenv("VAULT_ADDR", "http://localhost:8200")

    // Create a new config. Reads env variables, fallback to default value if needed
    vcConf := vault.NewConfig()

    // Config can also be done programmtically
    vcConf.Address = "http://localhost:8200"

    // set app role credentials (ie after reading from docker secret)
    // vcConf.AppRoleCredentials.RoleID = "myRoleID"
    // vcConf.AppRoleCredentials.SecretID = "mySecretID"
    // if you have set a different mountpoint from "approle" :
    // vcConf.AppRoleCredentials.MountPoint = "myCustomMountPoint"

    // Create new client
    vaultCli, err := vault.NewClient(vcConf)
    if err != nil {
        log.Fatal(err)
    }

    // Get the Vault secret data
    kv, err := vaultCli.GetSecret("my_kv/my_org/my_secret")
    if err != nil {
        fmt.Println(err)
    }
    for k, v := range kv {
        fmt.Printf("secret %v: %v\n", k, v)
    }
}

About

Lightweight Go client library for reading Vault kv secrets

travis-ci.org/github/TrueTickets/vaultlib

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • Go 88.2%
  • Shell 7.1%
  • HCL 4.7%