kvcert

package module
v2.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2020 License: BSD-3-Clause Imports: 14 Imported by: 0

README

GO-KEYVAULT-CERT

GoDoc Go Report

go-keyvault-cert is an easy-to-use wrapper around azure-sdk-for-go that allows you to fetch a PFX/PEM certificate from Azure Key Vault and returns a tls.Certificate{} that you can load into your app/api's web server.

Usage

go get github.com/jfarleyx/go-keyvault-cert/v2

go-keyvault-cert is really easy to use. The easiest way to get started is to create the following environment variables and make them available to your application:

AZURE_TENANT_ID: an Azure tenant ID

AZURE_CLIENT_ID: an Azure app client ID

AZURE_CLIENT_SECRET: an Azure app client secret

Note: The designated Azure client must have the following permissions to Azure Key Vault:

  • Certificate permissions: Get & List
  • Secret permissions: Get

The environment variables are read by the azure-sdk-for-go when you call the AuthorizeFromEnvironment() method in kvcert.

Here is an simple example of using go-keyvault-cert to fetch an x509 certificate from Azure Key Vault and use it in an HTTP server. The global variables KEY_VAULT_NAME & KEY_VAULT_CERT_NAME are used for example purposes only. You can provide strings in place of those two environment variables.

package main

  import (
  	"context"
  	"crypto/tls"
  	"log"
  	"net/http"

  	"github.com/jfarleyx/go-keyvault-cert/v2"
  )

  func main() {
  	// Create new key vault certificate object that will be used to fetch certificate
  	akv := kvcert.New(os.Getenv("KEY_VAULT_NAME"))

  	// Authorize access to Azure Key Vault utilizing environment variables mentioned above.
  	err := akv.AuthorizeFromEnvironment()
  	if err != nil {
  	  log.Fatalf("Error attempting to authorize azure key vault: %v", err)
  	}

  	ctx := context.Background()

  	// Fetch certificate from Azure Key Vault
  	cert, err := akv.GetCertificate(ctx, os.Getenv("KEY_VAULT_CERT_NAME"))
  	if err != nil {
  	  log.Fatalf("Error attempting to fetch certificate: %v", err)
  	}
  	
  	// Add cert to tls configuration
  	config := &tls.Config{
  	  Certificates: []tls.Certificates{*cert},
  	}

  	// Add tls configuration to http server
  	server := &http.Server{
  	  Addr:      ":44366",
  	  TLSConfig: config,
  	}

  	server.ListenAndServeTLS("", "")
  }

Documentation

Overview

Package kvcert is a simple utility that utilizes the azure-sdk-for-go to fetch a Certificate from Azure Key Vault. The certificate can then be used in your Go web server to support TLS communication.

A trivial example is below. This example uses the following environment variables:

KEY_VAULT_NAME: name of your Azure Key Vault

KEY_VAULT_CERT_NAME: name of your certificate in Azure Key Vault

AZURE_TENANT_ID: azure tenant id (not visible in example, but required by azure-sdk-for-go)

AZURE_CLIENT_ID: azure client id (not visible in example, but required by azure-sdk-for-go)

AZURE_CLIENT_SECRET: azure client secret (not visible in example, but required by azure-sdk-for-go) 

package main

import (
	"context"
	"crypto/tls"
	"log"
	"net/http"

	"github.com/jfarleyx/go-keyvault-cert"
)

func main() {
	// Create new key vault certificate object that will be used to fetch certificate
	akv := kvcert.New(os.Getenv("KEY_VAULT_NAME"))

	// Authorize access to Azure Key Vault utilizing environment variables mentioned above.
	err := akv.AuthorizeFromEnvironment()
	if err != nil {
	  log.Fatalf("Error attempting to authorize azure key vault: %v", err)
	}

	ctx := context.Background()

	// Fetch certificate from Azure Key Vault
	cert, err := akv.GetCertificate(ctx, os.Getenv("KEY_VAULT_CERT_NAME"))
	if err != nil {
	  log.Fatalf("Error attempting to fetch certificate: %v", err)
	}

	// Add x509 certificate to tls configuration
	tlsConfig := &tls.Config{
	  Certificates: []tls.Certificates{cert},
	}

	// Add tls configuration to http server
	server := &http.Server{
	  Addr:      ":44366",
	  TLSConfig: tlsConfig,
	}

	server.ListenAndServeTLS("", "")
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AzureKeyVault 

type AzureKeyVault struct {
	// VaultName is the name of the Azure Key Vault.
	VaultName string
	// contains filtered or unexported fields
}

AzureKeyVault is a Key Vault client that facilitates connecting to and communicating with an Azure Key Vault instance.

func New 

func New(vaultName string) *AzureKeyVault

New creates and returns a new kvcert.AzureKeyVault struct.

func (*AzureKeyVault) AuthorizeFromEnvironment 

func (kv *AzureKeyVault) AuthorizeFromEnvironment() error

AuthorizeFromEnvironment creates a keyvault dataplane Authorizer configured from environment variables in the order: 1. Client credentials 2. Client certificate 3. Username password 4. MSI. See github.com/Azure/azure-sdk-for-go/services/keyvault/auth for more details.

func (*AzureKeyVault) GetCertificate 

func (kv *AzureKeyVault) GetCertificate(ctx context.Context, certName string) (*tls.Certificate, error)

GetCertificate returns an X509 Certificate from Azure Key Vault Certificate store.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.