Skip to content

scribd/vault-authenticator

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

vaultlibs

Status

Useful golang functions for interacting with Vault.

Vault is a great tool, but programming against it sometimes requires one to go more deeply than one wants to in order to navigate these waters.

This library abstracts some of the work and provided some high level bindings so that the author of a tool that uses Vault doesn't need to be an expert in Vault.

The crown jewel is the authenticator object which has has one main method: Auth(). This method tries to authenticate to Vault in a number of ways and returns an authenticated Vault client for the first one that succeeds.

Configuration

To configure authenticator, create the object via it's constructor:

auth = authenticator.NewAuthenticator()

Then set the address of the Vault server:

auth.SetAddress("https://vault.corp.scribd.com")

Set a private CA if you're using one:

auth.SetCACertificate(`-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
`)

Set Auth methods. These will be tried in order:

auth.SetAuthMethods([]string{
	"iam",
	"k8s",
	"tls",
	"ldap",
})

If your usernames don't necessarily map to posix users on the system:

auth.SetUsernameFunc(somelib.GetUsername)

Finally, if using TLS Auth, set the locations of the client certs:

auth.SetTlsClientCrtPath("/path/to/cert.crt")
auth.SetTlsClientKeyPath("/path/to/key.key")

After that, simply run:

client, err := auth.Auth()
if err != nil {
  log.Fatalf("Auth failed: %s", err)
}

path := "/secret/foo

secret, err := authenticator.GetSecret(client, path)
if err != nil {
  log.Fatalf("Failed getting secret from %s: %s", path, err)
}

... do something with secret ...

About

Managed Secrets Client Libraries

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages