Documentation ¶
Overview ¶
Package kvcert is a simple utility that utilizes the azure-sdk-for-go to fetch a Certificate from Azure Key Vault. The certificate can then be used in your Go web server to support TLS communication.
A trivial example is below. This example uses the following environment variables:
KEY_VAULT_NAME: name of your Azure Key Vault
KEY_VAULT_CERT_NAME: name of your certificate in Azure Key Vault
AZURE_TENANT_ID: azure tenant id (not visible in example, but required by azure-sdk-for-go)
AZURE_CLIENT_ID: azure client id (not visible in example, but required by azure-sdk-for-go)
AZURE_CLIENT_SECRET: azure client secret (not visible in example, but required by azure-sdk-for-go)
package main import ( "context" "crypto/tls" "log" "net/http" "github.com/jfarleyx/go-keyvault-cert" ) func main() { // Create new key vault certificate object that will be used to fetch certificate akv := kvcert.New(os.Getenv("KEY_VAULT_NAME")) // Authorize access to Azure Key Vault utilizing environment variables mentioned above. err := akv.AuthorizeFromEnvironment() if err != nil { log.Fatalf("Error attempting to authorize azure key vault: %v", err) } ctx := context.Background() // Fetch certificate from Azure Key Vault cert, err := akv.GetCertificate(ctx, os.Getenv("KEY_VAULT_CERT_NAME")) if err != nil { log.Fatalf("Error attempting to fetch certificate: %v", err) } // Add x509 certificate to tls configuration tlsConfig := &tls.Config{ Certificates: []tls.Certificates{cert}, } // Add tls configuration to http server server := &http.Server{ Addr: ":44366", TLSConfig: tlsConfig, } server.ListenAndServeTLS("", "") }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AzureKeyVault ¶
type AzureKeyVault struct { // VaultName is the name of the Azure Key Vault. VaultName string // contains filtered or unexported fields }
AzureKeyVault is a Key Vault client that facilitates connecting to and communicating with an Azure Key Vault instance.
func New ¶
func New(vaultName string) *AzureKeyVault
New creates and returns a new kvcert.AzureKeyVault struct.
func (*AzureKeyVault) AuthorizeFromEnvironment ¶
func (kv *AzureKeyVault) AuthorizeFromEnvironment() error
AuthorizeFromEnvironment creates a keyvault dataplane Authorizer configured from environment variables in the order: 1. Client credentials 2. Client certificate 3. Username password 4. MSI. See github.com/Azure/azure-sdk-for-go/services/keyvault/auth for more details.
func (*AzureKeyVault) GetCertificate ¶
func (kv *AzureKeyVault) GetCertificate(ctx context.Context, certName string) (*tls.Certificate, error)
GetCertificate returns an X509 Certificate from Azure Key Vault Certificate store.