Skip to content

A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly

License

Notifications You must be signed in to change notification settings

canidam/libvault

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

libvault

libvault CI

A lightweight Hashicorp Vault client written in Go, with no dependencies. It aims to provide an intuitive, simple API that is easy to use. Just like with the CLI.

Using the module, you currently can only read secrets from a Vault engine. This is an ongoing project, feel free to open FRs, PRs or issues.

Features

  • Supported Auth Methods:

    • Tokens
    • AppRole
    • AwsRole (EC2 method)
  • Supported Secrets Engines:

  • Supports self-signed CA certificates

  • By default, the Vault API secrets are consumed using environment variables. You can provide them to the client if you prefer. Check the tests file for examples.

Installation

go get -d -v github.com/canidam/libvault

Usage

package main

import (
	"fmt"
	"github.com/canidam/libvault"
	"os"
)

func main() {
	//
	// Example using Token
	//
	
	// If env var is not set
	os.Setenv("VAULT_TOKEN", "my_token")

	tokenClient, err := libvault.NewClient(SetVaultAddr("http://localhost:8200"))
	if err != nil {
		// handle error
	}

	var secret_path = "/my.secrets"
	secretsUsingToken, err := tokenClient.Read(secret_path)
	if err != nil {
		// handle error
	}

	// secrets is of type map[string]string
	for k, v := range secretsUsingToken {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
	
	//
	// Example using AppRole
	//
	
	// If env var is not set
	os.Setenv("VAULT_ROLE_ID", "my_role_id")	
	os.Setenv("VAULT_SECRET_ID", "my_secret_id")	
	os.Setenv("VAULT_ADDR", "http://localhost:8200")
	
	approleClient, err := libvault.NewClient(UseApprole())
	if err != nil { 
		// handle error
	}
        
	secretsUsingApprole, err := approleClient.Read(secret_path)
	if err != nil {
		// handle error
	}
  
	// secrets is of type map[string]string
	for k, v := range secretsUsingApprole {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
}

Documentation

Can be found here

Tests

Checkout the project and run

go test -v ./...

testdata/ is a special directory containing raw data for unit-tests.

tests/ includes scripts (and it's own README) for starting a dev Vault server for development.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. Please make sure to update tests as appropriate.

Roadmap

TBD

License

GPLv3.0