A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly

libvault

libvault CI

A lightweight Hashicorp Vault client written in Go, with no dependencies. It aims to provide an intuitive, simple API that is easy to use. Just like with the CLI.

Using the module, you currently can only read secrets from a Vault engine. This is an ongoing project, feel free to open FRs, PRs or issues.

Features

  • Supported Auth Methods:

    • Tokens
    • AppRole

  • Supported Secrets Engines:

  • Support self-signed CA certificates

  • The secrets are consumed using environment variables. You should set them before initializing the client.

Installation

go get -d -v github.com/canidam/libvault

Usage

package main

import (
	"fmt"
	"github.com/canidam/libvault"
	"os"
)

func main() {
	//
	// Example using Token
	//
	
	// If env var is not set
	os.Setenv("VAULT_TOKEN", "my_token")

	tokenClient, err := libvault.NewClient(SetVaultAddr("http://localhost:8200"))
	if err != nil {
		// handle error
	}

	var secret_path = "/my.secrets"
	secretsUsingToken, err := tokenClient.Read(secret_path)
	if err != nil {
		// handle error
	}

	// secrets is of type map[string]string
	for k, v := range secretsUsingToken {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
	
	//
	// Example using AppRole
	//
	
	// If env var is not set
	os.Setenv("VAULT_ROLE_ID", "my_role_id")	
	os.Setenv("VAULT_SECRET_ID", "my_secret_id")	
	os.Setenv("VAULT_ADDR", "http://localhost:8200")
	
	approleClient, err := libvault.NewClient(UseApprole())
	if err != nil { 
		// handle error
	}
        
	secretsUsingApprole, err := approleClient.Read(secret_path)
	if err != nil {
		// handle error
	}
  
	// secrets is of type map[string]string
	for k, v := range secretsUsingApprole {
		fmt.Printf("key %s, secret %s\n", k, v)
	}
}

Documentation

Can be found here

Tests

Checkout the project and run

go test -v ./...

testdata/ is a special directory containing raw data for unit-tests.

tests/ includes scripts (and it's own README) for starting a dev Vault server for development.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. Please make sure to update tests as appropriate.

Roadmap

TBD

License

GPLv3.0

Owner
null
https://github.com/canidam/libvault
Similar Resources

A Friendly SSH Jumper Bastion Fortress Server

A Friendly SSH Jumper Bastion Fortress Server

Felix δΈ­ζ–‡ Thanks to 360 Total Security and 360-web-platform For Whom BackEnd Engineer Golang SQL RESTful APIs engineer DevOps Engineer People Heavily e

Jan 2, 2023

Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests.

When I was working on a Zipkin PR I discovered a nice Java library called Testcontainers. It provides an easy and clean API over the go docker sdk to

Jan 7, 2023

Koyeb is a developer-friendly serverless platform to deploy apps globally.

Koyeb is a developer-friendly serverless platform to deploy apps globally.

Koyeb Serverless Platform Deploy a Go Gin application on Koyeb Learn more about Koyeb Β· Explore the documentation Β· Discover our tutorials About Koyeb

Nov 14, 2022

Awesome-italia-remote - A list of remote-friendly or full-remote companies that targets Italian talents

Awesome Italia Remote A list of remote-friendly or full-remote companies that ta

Dec 29, 2022

Instatus-go - Lightweight and speedy Go client for Instatus

πŸͺ Go Client for Instatus Lightweight and speedy Go client for Instatus Why did

Feb 17, 2022

Manage Go Versions/Projects/Dependencies

Manage Go Versions/Projects/Dependencies

rodent rodent is a shell (bash) application which: Manages multiple versions of Go. Allows you to test/build your projects against multiple Go release

Dec 13, 2022

Collect data about your dependencies

Collect data about your dependencies Features and Data Sources: Go modules, runs tests, detects tests and benchmarks Flexible rendering with Graphviz,

Dec 20, 2022

A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies.

gocfg ⚠️ Work in progress! A simple multi-layered config loader for Go. Made for smaller projects. No external dependencies. Example From main.go: //

Dec 26, 2021

Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.

Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.

TERRAFORM CONTROLLER Terraform Controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a control

Dec 15, 2022
Related tags
DevOps Tools libvault
Small helper to bridge between Vault and AWS Credential Process.

vault-aws-credential-helper The Vault AWS Credential Helper is a component that can be injected into a task environment and be used as a credential he

Nov 21, 2021
A plugin for Hashicorp Vault to create ephemeral users and API tokens for Jenkins CI
 A plugin for Hashicorp Vault to create ephemeral users and API tokens for Jenkins CI

vault-plugin-secrets-jenkins This is a backend plugin to be used with Hashicorp Vault. This plugin generates ephemeral Jenkins Users and API tokens. v

Dec 15, 2022
VaultOperator provides a CRD to interact securely and indirectly with secrets stored in Hashicorp Vault.

vault-operator The vault-operator provides several CRDs to interact securely and indirectly with secrets. Details Currently only stage 1 is implemente

Mar 12, 2022
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
 A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Oct 15, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

Sep 30, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes
 An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

Dec 19, 2022
Terraform credentials helper for Vault

Terraform Credentials from HashiCorp Vault terraform-credentials-vault is a Terraform "credentials helper" plugin that allows providing credentials fo

Apr 28, 2022
Copy your HashiCorp Vault secrets to a file

Vault Backup ⚠️ Check the oficial way to backup your HashiCorp Vault. Create a backup file of all HashiCorp Vault kv2 secrets. ./vault-backup -help

Dec 20, 2022
βš” Personal Golang starter kit with an engineer research perspective, expressjs developer friendly, and aims for rapid app development.
 βš” Personal Golang starter kit with an engineer research perspective, expressjs developer friendly, and aims for rapid app development.

Goku (WIP; Author Only) βš” Personal Golang starter kit with an engineer research perspective, expressjs developer friendly, and aims for rapid app deve

Jan 6, 2022
A beginner friendly introduction to prometheus πŸ”₯
 A beginner friendly introduction to prometheus πŸ”₯

Prometheus-Basics A beginner friendly introduction to prometheus. Table of Contents What is prometheus ? What are metrics and why is it important ? Ba

Dec 29, 2022