vault

package module

v1.0.0 Latest Latest Go to latest Published: Feb 2, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/djdhm/vault-go-client

Links

Open Source Insights

README ¶

vault-go-client

Under Development

This is a Golang client for Vault. It is currently under development. v1.0.0 will be the first official release.

Supported Auth Methods

✔ IAM
✔ AppRole
✔ LDAP
✔ Token
k8s (coming soon)

Supported Secret Stores

✔ KV2

Usage

To retrieve this package run:

go get github.com/djdhm/vault-go-client

Creating a Client

The following will create a client with default configuration:

import vault "github.com/djdhm/vault-go-client"
...

// Uses VAULT_ADDR env var to set the clients URL
client, err := vault.NewClient(vault.DefaultConfig())

if err != nil {
    log.Fatal(err.Error())
}
...

Putting a Secret into Vault

The following will put a secret into Vault:

secretMap := map[string]interface{}{
    "hello": "world",
}

if _, err = client.KV2.Put(vault.KV2PutOptions{
	MountPath:  secretMountPath,
	SecretPath: secretPath,
	Secrets:    secretMap,
}); err != nil {
	log.Fatal(err.Error())
}

Retrieving a Secret from Vault

Unmarshaling Approach

This approach unmarshals the secret from Vault into the provided struct. The embedded struct vault.SecretMetadata is optional.

type Secret struct {
	Hello string `json:"hello"`
	vault.SecretMetadata
}
...
secret := &Secret{}

if _, err = client.KV2.Get(vault.KV2GetOptions{
	MountPath:     secretMountPath,
	SecretPath:    secretPath,
	UnmarshalInto: secret,
}); err != nil {
	log.Fatal(err.Error())
}
fmt.Printf("%v\n", secret)

Raw Secret Approach

This approach returns a Secret defined in github.com/hashicorp/vault/api.

secret, err := client.KV2.Get(vault.KV2GetOptions{
	MountPath:  secretMountPath,
	SecretPath: secretPath,
})

if err != nil {
	log.Fatal(err.Error())
}

Documentation ¶

Index ¶

func DefaultConfig() *hashivault.Config
type AppRole
- func (a *AppRole) Login(options AppRoleLoginOptions) (*hashivault.Secret, error)
type AppRoleLoginOptions
type Auth
- func NewAuth(client *hashivault.Client) *Auth
type Client
- func NewClient(config *hashivault.Config) (*Client, error)
type IAM
- func (i *IAM) Login(options IAMLoginOptions) (*hashivault.Secret, error)
type IAMLoginOptions
type KV2
- func (k *KV2) Get(options KV2GetOptions) (*hashivault.Secret, error)
- func (k *KV2) Put(options KV2PutOptions) (*hashivault.Secret, error)
type KV2GetOptions
type KV2PutOptions
type LDAP
- func (l *LDAP) Login(options LDAPLoginOptions) (*hashivault.Secret, error)
type LDAPLoginOptions
type SecretMetadata
type Token
- func (a *Token) Login(options TokenOptions) (*hashivault.Secret, error)
type TokenOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DefaultConfig ¶

func DefaultConfig() *hashivault.Config

Types ¶

type AppRole ¶

type AppRole struct {
	// contains filtered or unexported fields
}

func (a *AppRole) Login(options AppRoleLoginOptions) (*hashivault.Secret, error)

type AppRoleLoginOptions ¶

type AppRoleLoginOptions struct {
	RoleID    string
	SecretID  string
	MountPath string
}

type Auth ¶

type Auth struct {
	LDAP    *LDAP
	IAM     *IAM
	Token   *Token
	AppRole *AppRole
}

func NewAuth ¶

func NewAuth(client *hashivault.Client) *Auth

type Client ¶

type Client struct {
	Auth *Auth
	KV2  *KV2
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(config *hashivault.Config) (*Client, error)

type IAM ¶

type IAM struct {
	// contains filtered or unexported fields
}

func (i *IAM) Login(options IAMLoginOptions) (*hashivault.Secret, error)

type IAMLoginOptions ¶

type IAMLoginOptions struct {
	Role      string
	MountPath string
}

type KV2 ¶

type KV2 struct {
	// contains filtered or unexported fields
}

func (*KV2) Get ¶

func (k *KV2) Get(options KV2GetOptions) (*hashivault.Secret, error)

func (*KV2) Put ¶

func (k *KV2) Put(options KV2PutOptions) (*hashivault.Secret, error)

type KV2GetOptions ¶

type KV2GetOptions struct {
	MountPath     string
	SecretPath    string
	UnmarshalInto interface{}
}

type KV2PutOptions ¶

type KV2PutOptions struct {
	MountPath  string
	SecretPath string
	Secrets    map[string]interface{}
}

type LDAP ¶

type LDAP struct {
	// contains filtered or unexported fields
}

func (l *LDAP) Login(options LDAPLoginOptions) (*hashivault.Secret, error)

type LDAPLoginOptions ¶

type LDAPLoginOptions struct {
	Username  string
	Password  string
	MountPath string
}

type SecretMetadata ¶

type SecretMetadata struct {
	CreatedTime  string `json:"created_time"`
	DeletionTime string `json:"deletion_time"`
	Version      int
	Destroyed    bool
}

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

func (a *Token) Login(options TokenOptions) (*hashivault.Secret, error)

type TokenOptions ¶

type TokenOptions struct {
	Token string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL