vaultx

package module

v0.0.8 Latest Latest Go to latest Published: May 15, 2022 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jaredpetersen/vaultx

Links

Open Source Insights

README ¶

vaultx

vaultx is an alternative to the official Vault Go package that is designed with the developer in mind.

The official Vault package is very useful, but it has a number of issues that make it difficult to integrate Vault into your applications:

Tied tightly to the HTTP API, making accomplishing basic functionality involve writing expansive blocks of code
Types are very generic, so you lose out on type safety and must know the HTTP API in order interact with it
Automatic renewal of authentication credentials is not well-supported

vaultx seeks to address these issues and make Vault a joy to use in Go.

Usage

To create your vault client, create a new configuration struct and pass it to vaultx's New() function:

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/jaredpetersen/vaultx"
	vaultxauth "github.com/jaredpetersen/vaultx/auth"
)

const k8sRole = "my-app"
const vaultKVSecretPath = "my-secret"
const vaultTransitKey = "transit-key"

func main() {
	ctx := context.Background()

	cfg := vaultx.NewConfig("https://vault.mydomain.com")
	cfg.Auth.Method = vaultxauth.NewKubernetesMethod(vaultxauth.KubernetesConfig{Role: k8sRole})

	vltx := vaultx.New(cfg)

	err := vltx.Auth().Login(ctx)
	if err != nil {
		fmt.Println("Failed to authenticate against Vault")
		os.Exit(1)
	}

	// Store secret
	secretData := map[string]interface{}{
		"username": "dbuser",
		"password": "3hvu2ZLxwauHrNaZjJbJARHE",
	}
	err = vltx.KV().UpsertSecret(ctx, vaultKVSecretPath, secretData)
	if err != nil {
		fmt.Println("Failed to store secret")
		os.Exit(1)
	}

	// Get secret
	secret, err := vltx.KV().GetSecret(ctx, vaultKVSecretPath)
	if err != nil {
		fmt.Println("Failed to retrieve secret")
		os.Exit(1)
	}

	fmt.Printf("secret username: %s\n", secret.Data["username"])
	fmt.Printf("secret password: %s\n", secret.Data["password"])

	// Encrypt data
	plaintext := "encrypt me"
	encrypted, err := vltx.Transit().Encrypt(ctx, vaultTransitKey, []byte(plaintext))
	if err != nil {
		fmt.Println("Failed to encrypt data")
		os.Exit(1)
	}

	fmt.Printf("encrypted: %s\n", encrypted)

	// Decrypt data
	decrypted, err := vltx.Transit().Decrypt(ctx, vaultTransitKey, encrypted)
	if err != nil {
		fmt.Println("Failed to decrypt data")
		os.Exit(1)
	}

	fmt.Printf("decrypted: %s\n", string(decrypted))
}

Install

go get github.com/jaredpetersen/vaultx

Sponsorship

If you or your company uses vaultx, please consider contributing to the project via GitHub Sponsors. There's some cool work that we'd like to do -- like end-to-end integration tests -- but cloud computing isn't free.

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	Method auth.Method
}

AuthConfig describes how the Client should be configured in regard to authentication.

type Client ¶

type Client struct {
	// Config configures how the Vault client will interact with Vault.
	Config *Config
	// contains filtered or unexported fields
}

Client is a resource for interacting with Vault.

func New ¶

func New(config Config) *Client

New creates a new Vault client.

func (*Client) API ¶

func (c *Client) API() *api.Client

API is a direct client to the Vault HTTP engine, enabling manual execution against Vault.

func (*Client) Auth ¶

func (c *Client) Auth() *auth.Client

Auth is a gateway into Vault authentication.

See https://www.vaultproject.io/api-docs/auth for more information.

func (*Client) DB ¶

func (c *Client) DB() *db.Client

DB is a gateway into the database secrets engine.

For more information, see https://www.vaultproject.io/docs/secrets/databases.

func (*Client) KV ¶

func (c *Client) KV() *kv.Client

KV is a gateway into the key-value secrets engine.

For more information, see https://www.vaultproject.io/docs/secrets/kv.

func (*Client) Transit ¶

func (c *Client) Transit() *transit.Client

Transit is a gateway into the transit secrets engine.

For more information, see https://www.vaultproject.io/docs/secrets/transit.

type Config ¶

type Config struct {
	URL  string
	HTTP HTTPConfig
	Auth AuthConfig
}

Config describes how the Client should be configured.

func NewConfig ¶

func NewConfig(url string) Config

NewConfig creates a new configuration struct with some helpful defaults.

type HTTPConfig ¶

type HTTPConfig struct {
	Timeout time.Duration
}

HTTPConfig describes how the HTTP client should be configured.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api Package api provides functionality for making requests against the Vault API.	Package api provides functionality for making requests against the Vault API.
auth Package auth contains all the functionality necessary for authenticating with Vault.	Package auth contains all the functionality necessary for authenticating with Vault.
db Package db contains all the functionality necessary for interacting with Vault's database secrets engine.	Package db contains all the functionality necessary for interacting with Vault's database secrets engine.
internal
testcontainerpostgres Package testcontainerpostgres is an internal testing utility that aids in setting up a Postgres container.	Package testcontainerpostgres is an internal testing utility that aids in setting up a Postgres container.
testcontainervault Package testcontainervault is an internal testing utility that aids in setting up a Vault container.	Package testcontainervault is an internal testing utility that aids in setting up a Vault container.
kv Package kv contains all the functionality necessary for interacting with Vault's KV secrets engine.	Package kv contains all the functionality necessary for interacting with Vault's KV secrets engine.
transit Package transit contains all the functionality necessary for interacting with Vault's transit secrets engine.	Package transit contains all the functionality necessary for interacting with Vault's transit secrets engine.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL