Skip to content

jaredpetersen/vaultx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

.github

.github

 
 

api

api

 
 

auth

auth

 
 

db

db

 
 

docs

docs

 
 

internal

internal

 
 

kv

kv

 
 

transit

transit

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE.md

LICENSE.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

config.go

config.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

vaultx.go

vaultx.go

 
 

vaultx_test.go

vaultx_test.go

 
 

Repository files navigation

vaultx

CI Go Reference

vaultx is an alternative to the official Vault Go package that is designed with the developer in mind.

The official Vault package is very useful, but it has a number of issues that make it difficult to integrate Vault into your applications:

  • Tied tightly to the HTTP API, making accomplishing basic functionality involve writing expansive blocks of code
  • Types are very generic, so you lose out on type safety and must know the HTTP API in order interact with it
  • Automatic renewal of authentication credentials is not well-supported

vaultx seeks to address these issues and make Vault a joy to use in Go.

Usage

To create your vault client, create a new configuration struct and pass it to vaultx's New() function:

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/jaredpetersen/vaultx"
	vaultxauth "github.com/jaredpetersen/vaultx/auth"
)

const k8sRole = "my-app"
const vaultKVSecretPath = "my-secret"
const vaultTransitKey = "transit-key"

func main() {
	ctx := context.Background()

	cfg := vaultx.NewConfig("https://vault.mydomain.com")
	cfg.Auth.Method = vaultxauth.NewKubernetesMethod(vaultxauth.KubernetesConfig{Role: k8sRole})

	vltx := vaultx.New(cfg)

	err := vltx.Auth().Login(ctx)
	if err != nil {
		fmt.Println("Failed to authenticate against Vault")
		os.Exit(1)
	}

	// Store secret
	secretData := map[string]interface{}{
		"username": "dbuser",
		"password": "3hvu2ZLxwauHrNaZjJbJARHE",
	}
	err = vltx.KV().UpsertSecret(ctx, vaultKVSecretPath, secretData)
	if err != nil {
		fmt.Println("Failed to store secret")
		os.Exit(1)
	}

	// Get secret
	secret, err := vltx.KV().GetSecret(ctx, vaultKVSecretPath)
	if err != nil {
		fmt.Println("Failed to retrieve secret")
		os.Exit(1)
	}

	fmt.Printf("secret username: %s\n", secret.Data["username"])
	fmt.Printf("secret password: %s\n", secret.Data["password"])

	// Encrypt data
	plaintext := "encrypt me"
	encrypted, err := vltx.Transit().Encrypt(ctx, vaultTransitKey, []byte(plaintext))
	if err != nil {
		fmt.Println("Failed to encrypt data")
		os.Exit(1)
	}

	fmt.Printf("encrypted: %s\n", encrypted)

	// Decrypt data
	decrypted, err := vltx.Transit().Decrypt(ctx, vaultTransitKey, encrypted)
	if err != nil {
		fmt.Println("Failed to decrypt data")
		os.Exit(1)
	}

	fmt.Printf("decrypted: %s\n", string(decrypted))
}

Install

go get github.com/jaredpetersen/vaultx

Sponsorship

If you or your company uses vaultx, please consider contributing to the project via GitHub Sponsors. There's some cool work that we'd like to do -- like end-to-end integration tests -- but cloud computing isn't free.

About

🔐 Developer-focused alternative to the official Vault package

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases 9

v0.0.8 Latest
May 15, 2022
+ 8 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages