README

SecretHub

Go Client

GoDoc CircleCI Go Report Card Version Discord

secrethub-go provides a client for various SecretHub APIs.

SecretHub is a secrets management tool that works for every engineer. Securely provision passwords and keys throughout your entire stack with just a few lines of code.

Gopher

Usage

You can install secrethub-go with:

go get github.com/secrethub/secrethub-go

Or install a specific version with:

go get github.com/secrethub/secrethub-go@vX.Y.Z

Then, import it using:

import (
    "github.com/secrethub/secrethub-go/pkg/secrethub"
)

Note: only packages inside the /pkg directory should be considered library code that you can use in your projects. All other code is not guaranteed to be backwards compatible and may change in the future.

Examples

For details on all functionality of this library, see the GoDoc documentation.

Below are a few simple examples:

Read Secrets
package main

import (
    "fmt"

    "github.com/secrethub/secrethub-go/pkg/secrethub"
)

func main() {
    client, _ := secrethub.NewClient()
    secret, _ := client.Secrets().ReadString("path/to/db/pass")
    fmt.Println(secret)
    // Output: wFc16W#96N1$
}
Write Secrets
package main

import (
    "fmt"

    "github.com/secrethub/secrethub-go/pkg/secrethub"
)

func main() {
    client, _ := secrethub.NewClient()
    _, _ = client.Secrets().Write("path/to/secret", []byte("password123"))
}
Generate Secrets
package main

import (
    "fmt"

    "github.com/secrethub/secrethub-go/pkg/randchar"
    "github.com/secrethub/secrethub-go/pkg/secrethub"
)

func main() {
    client, _ := secrethub.NewClient()
    data, _ := randchar.Generate(30)
    _, _ = client.Secrets().Write("path/to/secret", data)
}

Credential

To use the SecretHub Go client, you need to provide a credential for your SecretHub account. You can create a free developer account by signing up through the CLI.

After signup, the credential is located at $HOME/.secrethub/credential by default. secrethub.NewClient() automatically uses this credential.

Development

Pull requests from the community are welcome. If you'd like to contribute, please checkout the contributing guidelines.

Testing

Run all tests:

make test

Run tests for one package:

go test ./pkg/secrethub

Run a single test:

go test ./pkg/secrethub -run TestSignup

For any requests, bug or comments, please open an issue or submit a pull request.

Getting help

If you get stuck or just want advice, come chat with the engineers on Discord or send an email to support@secrethub.io

Attributions

"gopher.png" by Takuya Ueda is licensed under CC BY 3.0

Directories

Path Synopsis
internals
api
Package api provides request and response types for interacting with the SecretHub API.
Package api provides request and response types for interacting with the SecretHub API.
api/uuid
Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.
Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.
assert
Package assert is a utility package that provides simple assertions to help with writing tests.
Package assert is a utility package that provides simple assertions to help with writing tests.
auth
Package auth provides authentication to the SecretHub API.
Package auth provides authentication to the SecretHub API.
aws
Package aws provides Keyless Authentication for services running on AWS.
Package aws provides Keyless Authentication for services running on AWS.
crypto
Package crypto provides the all cryptographic functions used by the client (e.g.
Package crypto provides the all cryptographic functions used by the client (e.g.
errio
Package errio contains custom error types to easily transfer errors between applications and output them to the user in a consistent way.
Package errio contains custom error types to easily transfer errors between applications and output them to the user in a consistent way.
gcp
pkg
randchar
Package randchar helps to generate random sequences of characters from a configured character set, which can be useful for e.g.
Package randchar helps to generate random sequences of characters from a configured character set, which can be useful for e.g.
randchar/fakes
Package fakes provides mock implementations to be used in testing.
Package fakes provides mock implementations to be used in testing.
secrethub
Package secrethub provides the SecretHub API client, look here to read, write and manage secrets.
Package secrethub provides the SecretHub API client, look here to read, write and manage secrets.
secrethub/configdir
Package configdir provides simple functions to manage the SecretHub configuration directory.
Package configdir provides simple functions to manage the SecretHub configuration directory.
secrethub/credentials
Package credentials provides utilities for managing SecretHub API credentials.
Package credentials provides utilities for managing SecretHub API credentials.
secrethub/credentials/sessions
Package sessions provides session authentication to the SecretHub API for the HTTP client.
Package sessions provides session authentication to the SecretHub API for the HTTP client.
secrethub/fakeclient
Package fakeclient provides mock implementations of the client to be used for testing.
Package fakeclient provides mock implementations of the client to be used for testing.
secrethub/internals/http
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
secrethub/iterator
Package iterator provides a generic iterator to be used as a building block for typed iterators.
Package iterator provides a generic iterator to be used as a building block for typed iterators.
secretpath
Package secretpath implements utility functions for manipulating paths compatible with SecretHub (e.g.
Package secretpath implements utility functions for manipulating paths compatible with SecretHub (e.g.
scripts