This is a Golang client for Vault which was primarily used for Riot's AWS temporary key generation utility, KeyConjurer. It is no longer under development. You are suggested to use the official Hashicorp Vault SDK instead, or consider factoring your programs such that they are unaware of Vault entirely.
- ✔️ IAM
- ✔️ AppRole
- ✔️ LDAP
- ✔️ Token
- k8s (coming soon)
- ✔️ KV2
To retrieve this package run:
go get github.com/riotgames/vault-go-client
The following will create a client with default configuration:
import vault "github.com/riotgames/vault-go-client"
...
// Uses VAULT_ADDR env var to set the clients URL
client, err := vault.NewClient(vault.DefaultConfig())
if err != nil {
log.Fatal(err.Error())
}
...
The following will put a secret into Vault:
secretMap := map[string]interface{}{
"hello": "world",
}
if _, err = client.KV2.Put(vault.KV2PutOptions{
MountPath: secretMountPath,
SecretPath: secretPath,
Secrets: secretMap,
}); err != nil {
log.Fatal(err.Error())
}
This approach unmarshals the secret from Vault into the provided struct.
The embedded struct vault.SecretMetadata is optional.
type Secret struct {
Hello string `json:"hello"`
vault.SecretMetadata
}
...
secret := &Secret{}
if _, err = client.KV2.Get(vault.KV2GetOptions{
MountPath: secretMountPath,
SecretPath: secretPath,
UnmarshalInto: secret,
}); err != nil {
log.Fatal(err.Error())
}
fmt.Printf("%v\n", secret)
This approach returns a Secret defined in github.com/hashicorp/vault/api.
secret, err := client.KV2.Get(vault.KV2GetOptions{
MountPath: secretMountPath,
SecretPath: secretPath,
})
if err != nil {
log.Fatal(err.Error())
}