-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathvault.go
executable file
·51 lines (40 loc) · 1.69 KB
/
vault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
// Copyright (c) 2023, 2025, Oracle and/or its affiliates.
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
package vault
import (
"context"
b64 "encoding/base64"
"github.com/prometheus/common/promslog"
"strings"
"github.com/oracle/oci-go-sdk/v65/common"
"github.com/oracle/oci-go-sdk/v65/example/helpers"
"github.com/oracle/oci-go-sdk/v65/secrets"
)
func GetVaultSecret(vaultId string, secretName string) string {
promLogConfig := &promslog.Config{}
logger := promslog.New(promLogConfig)
client, err := secrets.NewSecretsClientWithConfigurationProvider(common.DefaultConfigProvider())
helpers.FatalIfError(err)
tenancyID, err := common.DefaultConfigProvider().TenancyOCID()
helpers.FatalIfError(err)
region, err := common.DefaultConfigProvider().Region()
helpers.FatalIfError(err)
logger.Info("OCI_VAULT_ID env var is present so using OCI Vault", "Region", region)
logger.Info("OCI_VAULT_ID env var is present so using OCI Vault", "tenancyOCID", tenancyID)
req := secrets.GetSecretBundleByNameRequest{
SecretName: common.String(secretName),
VaultId: common.String(vaultId)}
resp, err := client.GetSecretBundleByName(context.Background(), req)
helpers.FatalIfError(err)
rawSecret := getSecretFromBase64(resp)
return strings.TrimRight(rawSecret, "\r\n") // make sure a \r and/or \n didn't make it into the secret
}
func getSecretFromBase64(resp secrets.GetSecretBundleByNameResponse) string {
base64Details, ok := resp.SecretBundleContent.(secrets.Base64SecretBundleContentDetails)
secret := ""
if ok {
secretBytes, _ := b64.StdEncoding.DecodeString(*base64Details.Content)
secret = string(secretBytes)
}
return secret
}