A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly

Overview

libvault

libvault CI

A lightweight Hashicorp Vault client written in Go, with no dependencies. It aims to provide an intuitive, simple API that is easy to use. Just like with the CLI.

Using the module, you currently can only read secrets from a Vault engine. This is an ongoing project, feel free to open FRs, PRs or issues.

Features

  • Supported Auth Methods:

    • Tokens
    • AppRole
  • Supported Secrets Engines:

  • Support self-signed CA certificates

  • The secrets are consumed using environment variables. You should set them before initializing the client.

Installation

go get -d -v github.com/canidam/libvault

Usage

package main

import (
	"fmt"
	"github.com/canidam/libvault"
	"os"
)

func main() {
	//
	// Example using Token
	//
	
	// If env var is not set
	os.Setenv("VAULT_TOKEN", "my_token")

	tokenClient, err := libvault.NewClient(SetVaultAddr("http://localhost:8200"))
	if err != nil {
		// handle error
	}

	var secret_path = "/my.secrets"
	secretsUsingToken, err := tokenClient.Read(secret_path)
	if err != nil {
		// handle error
	}

	// secrets is of type map[string]string
	for k, v := range secretsUsingToken {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
	
	//
	// Example using AppRole
	//
	
	// If env var is not set
	os.Setenv("VAULT_ROLE_ID", "my_role_id")	
	os.Setenv("VAULT_SECRET_ID", "my_secret_id")	
	os.Setenv("VAULT_ADDR", "http://localhost:8200")
	
	approleClient, err := libvault.NewClient(UseApprole())
	if err != nil { 
		// handle error
	}
        
	secretsUsingApprole, err := approleClient.Read(secret_path)
	if err != nil {
		// handle error
	}
  
	// secrets is of type map[string]string
	for k, v := range secretsUsingApprole {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
}

Documentation

Can be found here

Tests

Checkout the project and run

go test -v ./...

testdata/ is a special directory containing raw data for unit-tests.

tests/ includes scripts (and it's own README) for starting a dev Vault server for development.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. Please make sure to update tests as appropriate.

Roadmap

TBD

License

GPLv3.0

You might also like...
A Friendly SSH Jumper Bastion Fortress Server
A Friendly SSH Jumper Bastion Fortress Server

Felix 中文 Thanks to 360 Total Security and 360-web-platform For Whom BackEnd Engineer Golang SQL RESTful APIs engineer DevOps Engineer People Heavily e

Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests.

When I was working on a Zipkin PR I discovered a nice Java library called Testcontainers. It provides an easy and clean API over the go docker sdk to

Koyeb is a developer-friendly serverless platform to deploy apps globally.
Koyeb is a developer-friendly serverless platform to deploy apps globally.

Koyeb Serverless Platform Deploy a Go Gin application on Koyeb Learn more about Koyeb · Explore the documentation · Discover our tutorials About Koyeb

Awesome-italia-remote - A list of remote-friendly or full-remote companies that targets Italian talents

Awesome Italia Remote A list of remote-friendly or full-remote companies that ta

Instatus-go - Lightweight and speedy Go client for Instatus

🪁 Go Client for Instatus Lightweight and speedy Go client for Instatus Why did

Manage Go Versions/Projects/Dependencies
Manage Go Versions/Projects/Dependencies

rodent rodent is a shell (bash) application which: Manages multiple versions of Go. Allows you to test/build your projects against multiple Go release

Collect data about your dependencies

Collect data about your dependencies Features and Data Sources: Go modules, runs tests, detects tests and benchmarks Flexible rendering with Graphviz,

A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies.

gocfg ⚠️ Work in progress! A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies. Example From main.go: //

Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.
Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.

TERRAFORM CONTROLLER Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a control

Releases(v0.1)
  • v0.1(May 29, 2021)

    The first release of libvault. It includes support for:

    • Tokens, AppRole and AwsRole (ec2) authentication backends
    • Secrets engine backends: KV v2
    Source code(tar.gz)
    Source code(zip)
Owner
null
Small helper to bridge between Vault and AWS Credential Process.

vault-aws-credential-helper The Vault AWS Credential Helper is a component that can be injected into a task environment and be used as a credential he

Michael Aldridge 1 Nov 21, 2021
A plugin for Hashicorp Vault to create ephemeral users and API tokens for Jenkins CI

vault-plugin-secrets-jenkins This is a backend plugin to be used with Hashicorp Vault. This plugin generates ephemeral Jenkins Users and API tokens. v

Caleb Lemoine 5 Mar 1, 2022
VaultOperator provides a CRD to interact securely and indirectly with secrets stored in Hashicorp Vault.

vault-operator The vault-operator provides several CRDs to interact securely and indirectly with secrets. Details Currently only stage 1 is implemente

finleap connect 3 Mar 12, 2022
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Opstree Container Kit 112 Aug 25, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

null 1 Feb 11, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

Red Hat Communities of Practice 37 Sep 10, 2022
Terraform credentials helper for Vault

Terraform Credentials from HashiCorp Vault terraform-credentials-vault is a Terraform "credentials helper" plugin that allows providing credentials fo

James Oulman 4 Apr 28, 2022
Copy your HashiCorp Vault secrets to a file

Vault Backup ⚠️ Check the oficial way to backup your HashiCorp Vault. Create a backup file of all HashiCorp Vault kv2 secrets. ./vault-backup -help

Leonardo Comelli 5 Sep 9, 2022
⚔ Personal Golang starter kit with an engineer research perspective, expressjs developer friendly, and aims for rapid app development.

Goku (WIP; Author Only) ⚔ Personal Golang starter kit with an engineer research perspective, expressjs developer friendly, and aims for rapid app deve

Fauzan 1 Jan 6, 2022
A beginner friendly introduction to prometheus 🔥

Prometheus-Basics A beginner friendly introduction to prometheus. Table of Contents What is prometheus ? What are metrics and why is it important ? Ba

S Santhosh Nagaraj 1.6k Sep 21, 2022