Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

vaultlib

Build Status Coverage Status GoDoc Go Report Card

Lightweight, simple Go library for Vault secret reading (http API).

Connect to Vault through app role or token.

Reads kv secret values

Features

  • Connect to Vault through app role
  • Read Vault secret, kv type (v1 or v2 "versioned")
  • Automatically renew token
  • Execute any HTTP request on Vault (RawRequest)

Config

Configuration can be done through env variables or programmatically through the Config object The following env variables are supported:

VAULT_ADDR            # Vault server URL (default "http://localhost:8200")
VAULT_CACERT          # Path to CA file
VAULT_TOKEN           # Vault Token
VAULT_ROLEID          # Vault app role id
VAULT_SECRETID        # Vault app role secret id
VAULT_MOUNTPOINT      # Vault app role mountpoint (default "approle")
VAULT_CLIENT_TIMEOUT  # Client timeout
VAULT_SKIP_VERIFY     # Do not check SSL

If not set, vaultlib will fallback to safe default values.

vautlib will automatically use the http_proxy environment variable to connect to Vault

Getting Started

For a simple, working example, check the sample folder.

package main

import (
    "fmt"
    "log"
    "os"

    vault "github.com/mch1307/vaultlib"
)

func main() {
    // Config can be set through ENV before invoking NewConfig
    os.Setenv("VAULT_ADDR", "http://localhost:8200")

    // Create a new config. Reads env variables, fallback to default value if needed
    vcConf := vault.NewConfig()

    // Config can also be done programmtically
    vcConf.Address = "http://localhost:8200"

    // set app role credentials (ie after reading from docker secret)
    // vcConf.AppRoleCredentials.RoleID = "myRoleID"
    // vcConf.AppRoleCredentials.SecretID = "mySecretID"
    // if you have set a different mountpoint from "approle" :
    // vcConf.AppRoleCredentials.MountPoint = "myCustomMountPoint"

    // Create new client
    vaultCli, err := vault.NewClient(vcConf)
    if err != nil {
        log.Fatal(err)
    }

    // Get the Vault secret data
    kv, err := vaultCli.GetSecret("my_kv/my_org/my_secret")
    if err != nil {
        fmt.Println(err)
    }
    for k, v := range kv.KV {
        fmt.Printf("secret %v: %v\n", k, v)
    }
}

About

Lightweight Go client library for reading Vault kv secrets

Topics

Resources

License

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •