Skip to content
/ libvault Public

A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly

License

GPL-3.0 license
73 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

canidam/libvault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github
.github
 
 
docs
docs
 
 
testdata
testdata
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
auth.go
auth.go
 
 
go.mod
go.mod
 
 
secrets.go
secrets.go
 
 
vault.go
vault.go
 
 
vault_test.go
vault_test.go
 
 

Repository files navigation

libvault

libvault CI

A lightweight Hashicorp Vault client written in Go, with no dependencies. It aims to provide an intuitive, simple API that is easy to use. Just like with the CLI.

Using the module, you currently can only read secrets from a Vault engine. This is an ongoing project, feel free to open FRs, PRs or issues.

Features

  • Supported Auth Methods:

    • Tokens
    • AppRole
    • AwsRole (EC2 method)

  • Supported Secrets Engines:

  • Supports self-signed CA certificates

  • By default, the Vault API secrets are consumed using environment variables. You can provide them to the client if you prefer. Check the tests file for examples.

Installation

go get -d -v github.com/canidam/libvault

Usage

package main

import (
	"fmt"
	"github.com/canidam/libvault"
	"os"
)

func main() {
	//
	// Example using Token
	//
	
	// If env var is not set
	os.Setenv("VAULT_TOKEN", "my_token")

	tokenClient, err := libvault.NewClient(SetVaultAddr("http://localhost:8200"))
	if err != nil {
		// handle error
	}

	var secret_path = "/my.secrets"
	secretsUsingToken, err := tokenClient.Read(secret_path)
	if err != nil {
		// handle error
	}

	// secrets is of type map[string]string
	for k, v := range secretsUsingToken {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
	
	//
	// Example using AppRole
	//
	
	// If env var is not set
	os.Setenv("VAULT_ROLE_ID", "my_role_id")	
	os.Setenv("VAULT_SECRET_ID", "my_secret_id")	
	os.Setenv("VAULT_ADDR", "http://localhost:8200")
	
	approleClient, err := libvault.NewClient(UseApprole())
	if err != nil { 
		// handle error
	}
        
	secretsUsingApprole, err := approleClient.Read(secret_path)
	if err != nil {
		// handle error
	}
  
	// secrets is of type map[string]string
	for k, v := range secretsUsingApprole {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
}

Documentation

Can be found here

Tests

Checkout the project and run

go test -v ./...

testdata/ is a special directory containing raw data for unit-tests.

tests/ includes scripts (and it's own README) for starting a dev Vault server for development.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. Please make sure to update tests as appropriate.

Roadmap

TBD

License

GPLv3.0

About

A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly

Topics

go golang secrets hashicorp hashicorp-vault vault-client vault-api secrets-management

Resources

Readme

License

GPL-3.0 license
Activity

Stars

73 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases 1

Initial release Latest
May 29, 2021

Languages