{"id":19963670,"url":"https://github.com/cyberark/conjur-api-go","last_synced_at":"2026-01-28T12:15:04.191Z","repository":{"id":23873639,"uuid":"87459360","full_name":"cyberark/conjur-api-go","owner":"cyberark","description":"Go client for the CyberArk Conjur API","archived":false,"fork":false,"pushed_at":"2025-04-24T13:11:03.000Z","size":746,"stargazers_count":20,"open_issues_count":1,"forks_count":21,"subscribers_count":21,"default_branch":"main","last_synced_at":"2025-04-24T14:28:00.119Z","etag":null,"topics":["api-client","conjbot-notify","conjur","conjur-core","conjur-sdk","core","go","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-04-06T18:01:24.000Z","updated_at":"2025-04-24T13:11:26.000Z","dependencies_parsed_at":"2023-02-19T12:00:47.452Z","dependency_job_id":"86c12b48-13e0-4dac-9ec7-d47bf8744003","html_url":"https://github.com/cyberark/conjur-api-go","commit_stats":{"total_commits":240,"total_committers":37,"mean_commits":6.486486486486487,"dds":0.8083333333333333,"last_synced_commit":"8fceec1d8077ace007eefda70e403cb76c154552"},"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur-api-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur-api-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur-api-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fconjur-api-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/conjur-api-go/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254471061,"owners_count":22076585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-client","conjbot-notify","conjur","conjur-core","conjur-sdk","core","go","golang"],"created_at":"2024-11-13T02:16:45.022Z","updated_at":"2026-01-28T12:15:04.184Z","avatar_url":"https://github.com/cyberark.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CyberArk Secrets Manager API for Go\n\nProgrammatic Golang access to the CyberArk Secrets Manager API.\n\n## Certification level\n![](https://img.shields.io/badge/Certification%20Level-Community-28A745?link=https://github.com/cyberark/community/blob/master/Conjur/conventions/certification-levels.md)\n\nThis repo is a **Community** level project. It's a community contributed project that **is not reviewed or supported\nby CyberArk**. For more detailed information on our certification levels, see [our community guidelines](https://github.com/cyberark/community/blob/master/Conjur/conventions/certification-levels.md#community).\n\n## Using conjur-api-go with Conjur Open Source\n\nAre you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we\n**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS\nsuite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html).\nConjur maintainers perform additional testing on the suite release versions to ensure\ncompatibility. When possible, upgrade your Conjur version to match the\n[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm);\nwhen using integrations, choose the latest suite release that matches your Conjur version. For any\nquestions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).\n\n## Compatibility\n\nThe `conjur-api-go` has been tested against the following Go versions:\n\n- 1.24\n- 1.25\n\n## Installation\n\n```sh\ngo get github.com/cyberark/conjur-api-go/conjurapi\n```\n\n## Quick Start\n\nThis example demonstrates how to retrieve a secret from Conjur.\n\nSuppose there exists a variable `db/secret` with secret value `fde5c4a45ce573f9768987cd`. Create a Go program using `conjur-api-go` to fetch the secret value:\n\n```go\npackage main\n\nimport (\n    \"os\"\n    \"fmt\"\n    \"github.com/cyberark/conjur-api-go/conjurapi\"\n    \"github.com/cyberark/conjur-api-go/conjurapi/authn\"\n)\n\nfunc main() {\n    variableIdentifier := \"db/secret\"\n\n    config, err := conjurapi.LoadConfig()\n    if err != nil {\n        panic(err)\n    }\n\n    conjur, err := conjurapi.NewClientFromKey(config,\n        authn.LoginPair{\n            Login:  os.Getenv(\"CONJUR_AUTHN_LOGIN\"),\n            APIKey: os.Getenv(\"CONJUR_AUTHN_API_KEY\"),\n        },\n    )\n    if err != nil {\n        panic(err)\n    }\n\n    // Retrieve a secret into []byte.\n    secretValue, err := conjur.RetrieveSecret(variableIdentifier)\n    if err != nil {\n        panic(err)\n    }\n    fmt.Println(\"The secret value is: \", string(secretValue))\n\n    // Retrieve a secret into io.ReadCloser, then read into []byte.\n    // Alternatively, you can transfer the secret directly into secure memory,\n    // vault, keychain, etc.\n    secretResponse, err := conjur.RetrieveSecretReader(variableIdentifier)\n    if err != nil {\n        panic(err)\n    }\n\n    secretValue, err = conjurapi.ReadResponseBody(secretResponse)\n    if err != nil {\n        panic(err)\n    }\n    fmt.Println(\"The secret value is: \", string(secretValue))\n}\n```\n\nBuild and run the program:\n\n```bash\n$ export CONJUR_APPLIANCE_URL=https://eval.conjur.org\n$ export CONJUR_ACCOUNT=myorg\n$ export CONJUR_AUTHN_LOGIN=mylogin\n$ export CONJUR_AUTHN_API_KEY=myapikey\n$ go run main.go\nThe secret value is: fde5c4a45ce573f9768987cd\n```\n\n## Usage\n\n### Configuration and Authentication\n\nConnecting to CyberArk Secrets Manager requires two steps:\n\n1. **Configuration** - Specify the CyberArk Secrets Manager endpoint and connection security settings\n2. **Authentication** - Provide credentials for authentication\n\n### Credential Storage\n\nThe Conjur Go API supports three credential storage options, configurable via the `CredentialStorage` field in the `Config` struct:\n\n#### Storage Options\n\n- **`conjurapi.CredentialStorageKeyring`** - Stores credentials in the system keyring (default when available). This is the most secure option for desktop environments.\n- **`conjurapi.CredentialStorageFile`** - Stores credentials in a `.netrc` file (default when keyring is not available). The `.netrc` file location can be customized using the `NetRCPath` config field.\n- **`conjurapi.CredentialStorageNone`** - Does not store credentials. **Use this option in environments where there are no file permissions to create a `.netrc` file**, such as restricted containers, read-only filesystems, or ephemeral compute instances.\n\n\u003e **Note:** If no credential storage is specified, the API will automatically select `CredentialStorageKeyring` if available, otherwise it will default to `CredentialStorageFile`.\n\n#### Example: Disabling Credential Storage\n\n```go\nconfig := conjurapi.Config{\n    ApplianceURL:      \"https://conjur.example.com\",\n    Account:           \"myorg\",\n    CredentialStorage: conjurapi.CredentialStorageNone,\n}\n\nconjur, err := conjurapi.NewClientFromKey(config,\n    authn.LoginPair{\n        Login:  \"mylogin\",\n        APIKey: \"myapikey\",\n    },\n)\n```\n\n### Authentication Methods\n\n#### API Key Authentication\n\nThe Quick Start example above demonstrates API key authentication using `NewClientFromKey()`. This is the most common authentication method for legacy applications.\n\n#### JWT Authentication\n\nYou can authenticate using JWT tokens via environment variables. This method is useful for containerized environments and CI/CD pipelines and is more secure than using API keys.\n\n##### Environment Variables Required\n\n- `CONJUR_APPLIANCE_URL` - The URL of your Conjur instance\n- `CONJUR_ACCOUNT` - Your Conjur account name\n- `CONJUR_AUTHN_JWT_SERVICE_ID` - The JWT authenticator service ID\n- `CONJUR_AUTHN_JWT_TOKEN` - The JWT token\n- `CONJUR_SECRET_ID` - The identifier of the secret to retrieve\n\n##### Example Code\n\n```go\npackage main\n\nimport (\n    \"fmt\"\n    \"log\"\n    \"os\"\n\n    \"github.com/cyberark/conjur-api-go/conjurapi\"\n)\n\nfunc checkEnvironmentVariables() error {\n    variables := []string{\n        \"CONJUR_APPLIANCE_URL\",\n        \"CONJUR_ACCOUNT\",\n        \"CONJUR_AUTHN_JWT_SERVICE_ID\",\n        \"CONJUR_AUTHN_JWT_TOKEN\",\n        \"CONJUR_SECRET_ID\",\n    }\n\n    for _, variable := range variables {\n        if os.Getenv(variable) == \"\" {\n            return fmt.Errorf(\"environment variable %s is not set\", variable)\n        }\n    }\n\n    return nil\n}\n\nfunc main() {\n    // Check for required environment variables\n    if err := checkEnvironmentVariables(); err != nil {\n        log.Fatalf(\"%v\", err)\n    }\n\n    // Get the secret ID to retrieve\n    variableIdentifier := os.Getenv(\"CONJUR_SECRET_ID\")\n\n    // Load configuration from environment variables\n    config, err := conjurapi.LoadConfig()\n    if err != nil {\n        log.Fatalf(\"Cannot load configuration: %s\", err)\n    }\n\n    // Create a new Conjur client using environment variables\n    conjur, err := conjurapi.NewClientFromEnvironment(config)\n    if err != nil {\n        log.Fatalf(\"Cannot create client: %s\", err)\n    }\n\n    // Retrieve the secret value from Conjur\n    secretValue, err := conjur.RetrieveSecret(variableIdentifier)\n    if err != nil {\n        log.Fatalf(\"Cannot retrieve secret %s: %s\", variableIdentifier, err)\n    }\n\n    // Print the secret value to stdout\n    fmt.Printf(\"%s\", string(secretValue))\n}\n```\n\n## Contributing\n\nWe welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing\nguide][contrib].\n\n[contrib]: https://github.com/cyberark/conjur-api-go/blob/main/CONTRIBUTING.md\n\n## License\n\nCopyright (c) 2022-2025 CyberArk Software Ltd. All rights reserved.\n\nThis repository is licensed under Apache License 2.0 - see [`LICENSE`](LICENSE) for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fconjur-api-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fconjur-api-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fconjur-api-go/lists"}