gocloud.dev: gocloud.dev/secrets/hashivault Index | Examples | Files

package hashivault

import "gocloud.dev/secrets/hashivault"

Package hashivault provides a secrets implementation using the Transit Secrets Engine of Vault by Hashicorp. Use OpenKeeper to construct a *secrets.Keeper.


For secrets.OpenKeeper, hashivault registers for the scheme "hashivault". The default URL opener will dial a Vault server using the environment variables "VAULT_SERVER_URL" and "VAULT_SERVER_TOKEN". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.


hashivault does not support any types for As.


// This example is used in https://gocloud.dev/howto/secrets/#vault

// import _ "gocloud.dev/secrets/hashivault"

// Variables set up elsewhere:
ctx := context.Background()

keeper, err := secrets.OpenKeeper(ctx, "hashivault://mykey")
if err != nil {
defer keeper.Close()



Package Files



const Scheme = "hashivault"

Scheme is the URL scheme hashivault registers its URLOpener under on secrets.DefaultMux.

func Dial Uses

func Dial(ctx context.Context, cfg *Config) (*api.Client, error)

Dial gets a Vault client.

func OpenKeeper Uses

func OpenKeeper(client *api.Client, keyID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses the Transit Secrets Engine of Vault by Hashicorp. See the package documentation for an example.


// This example is used in https://gocloud.dev/howto/secrets/#vault-ctor

// import _ "gocloud.dev/secrets/hashivault"

// Variables set up elsewhere:
ctx := context.Background()

// Get a client to use with the Vault API.
client, err := hashivault.Dial(ctx, &hashivault.Config{
    Token: "CLIENT_TOKEN",
    APIConfig: api.Config{
        Address: "",
if err != nil {

// Construct a *secrets.Keeper.
keeper := hashivault.OpenKeeper(client, "my-key", nil)
defer keeper.Close()

type Config Uses

type Config struct {
    // Token is the access token the Vault client uses to talk to the server.
    // See https://www.vaultproject.io/docs/concepts/tokens.html for more
    // information.
    Token string
    // APIConfig is used to configure the creation of the client.
    APIConfig api.Config

Config is the authentication configurations of the Vault server.

type KeeperOptions Uses

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener Uses

type URLOpener struct {
    // Client must be non-nil.
    Client *api.Client

    // Options specifies the options to pass to OpenKeeper.
    Options KeeperOptions

URLOpener opens Vault URLs like "hashivault://mykey".

The URL Host + Path are used as the keyID.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL Uses

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens the Keeper URL.

Package hashivault imports 11 packages (graph) and is imported by 1 packages. Updated 2019-07-18. Refresh now. Tools for package owners.