Documentation ¶
Overview ¶
Package hcvault provides integration with the HashiCorp Vault.
Package hcvault provides integration with the HashiCorp Vault (https://www.vaultproject.io/).
Example ¶
package main import ( "crypto/tls" "log" "github.com/google/tink/go/aead" "github.com/google/tink/go/core/registry" "github.com/google/tink/go/keyset" ) func main() { const keyURI = "hcvault://hcvault.corp.com:8200/transit/keys/key-1" vaultClient, err := NewClient(keyURI, tlsConfig(), vaultToken()) if err != nil { log.Fatal(err) } registry.RegisterKMSClient(vaultClient) dek := aead.AES128CTRHMACSHA256KeyTemplate() kh, err := keyset.NewHandle(aead.KMSEnvelopeAEADKeyTemplate(keyURI, dek)) if err != nil { log.Fatal(err) } a, err := aead.New(kh) if err != nil { log.Fatal(err) } ct, err := a.Encrypt([]byte("this data needs to be encrypted"), nil) if err != nil { log.Fatal(err) } _, err = a.Decrypt(ct, nil) if err != nil { log.Fatal(err) } } func tlsConfig() *tls.Config { // Return a TLS configuration used to communicate with Vault server via HTTPS. return nil } func vaultToken() string { return "" // Your Vault token. }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClient ¶
NewClient returns a new client to HashiCorp Vault. uriPrefix parameter is a valid URI which must have "hcvault" scheme and vault server address and port. Specific key URIs will be matched against this prefix to determine if the client supports the key or not. tlsCfg represents tls.Config which will be used to communicate with Vault server via HTTPS protocol. If not specified a default tls.Config{} will be used.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.