{"id":25190045,"url":"https://github.com/keyfactor/keyfactor-auth-client-go","last_synced_at":"2026-04-02T20:54:23.287Z","repository":{"id":262871521,"uuid":"795585424","full_name":"Keyfactor/keyfactor-auth-client-go","owner":"Keyfactor","description":"The Keyfactor Auth Client - Golang is a Go module that handles authentication and authorization for the Keyfactor API.","archived":false,"fork":false,"pushed_at":"2026-04-01T02:57:29.000Z","size":356,"stargazers_count":3,"open_issues_count":12,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-04-01T05:21:56.268Z","etag":null,"topics":["keyfactor-api-client"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keyfactor.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-05-03T15:41:36.000Z","updated_at":"2026-02-13T23:16:46.000Z","dependencies_parsed_at":"2025-01-06T18:31:56.104Z","dependency_job_id":"a5955323-e508-4303-8842-7b6c7980554b","html_url":"https://github.com/Keyfactor/keyfactor-auth-client-go","commit_stats":null,"previous_names":["keyfactor/keyfactor-auth-client-go"],"tags_count":134,"template":false,"template_full_name":null,"purl":"pkg:github/Keyfactor/keyfactor-auth-client-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fkeyfactor-auth-client-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fkeyfactor-auth-client-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fkeyfactor-auth-client-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fkeyfactor-auth-client-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keyfactor","download_url":"https://codeload.github.com/Keyfactor/keyfactor-auth-client-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fkeyfactor-auth-client-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31316008,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keyfactor-api-client"],"created_at":"2025-02-09T21:18:46.249Z","updated_at":"2026-04-02T20:54:23.282Z","avatar_url":"https://github.com/Keyfactor.png","language":"Go","readme":"# keyfactor-auth-client-go\n\nClient library for authenticating to Keyfactor Command.\n\n## Environment Variables\n\n### Global\n\n| Name | Description | Default |\n|-------------------------------|-----------------------------------------------------------------------------------------------------------------|----------------------------------------|\n| KEYFACTOR_HOSTNAME | Keyfactor Command hostname without protocol and port | |\n| KEYFACTOR_PORT | Keyfactor Command port | `443` |\n| KEYFACTOR_API_PATH | Keyfactor Command API Path | `KeyfactorAPI` |\n| KEYFACTOR_SKIP_VERIFY | Skip TLS verification when connecting to Keyfactor Command | `false` |\n| KEYFACTOR_CA_CERT | Either a file path or PEM encoded string to a CA certificate to trust when communicating with Keyfactor Command | |\n| KEYFACTOR_CLIENT_TIMEOUT | Timeout for HTTP client requests to Keyfactor Command | `60s` |\n| KEYFACTOR_AUTH_CONFIG_FILE | Path to a JSON file containing the authentication configuration | `$HOME/.keyfactor/command_config.json` |\n| KEYFACTOR_AUTH_CONFIG_PROFILE | Profile to use from the authentication configuration file | `default` |\n\n### Basic Auth\n\nCurrently `Basic Authentication` via `Active Directory` is the *ONLY* supported method of `Basic Authentication`.\n\n| Name | Description | Default |\n|--------------------|---------------------------------------------------------------------------------------------|---------|\n| KEYFACTOR_USERNAME | Active Directory username to authenticate to Keyfactor Command API | |\n| KEYFACTOR_PASSWORD | Password associated with Active Directory username to authenticate to Keyfactor Command API | |\n| KEYFACTOR_DOMAIN | Active Directory domain of user. Can be implied from username if it contains `@` or `\\\\` | |\n\n### oAuth Client Credentials\n\n| Name | Description | Default |\n|------------------------------|---------------------------------------------------------------------------------------------------------------------------------|----------|\n| KEYFACTOR_AUTH_CLIENT_ID | Keyfactor Auth Client ID | |\n| KEYFACTOR_AUTH_CLIENT_SECRET | Keyfactor Auth Client Secret | |\n| KEYFACTOR_AUTH_TOKEN_URL | URL to request an access token from Keyfactor Auth | |\n| KEYFACTOR_AUTH_SCOPES | Scopes to request when authenticating to Keyfactor Command API. Each scope MUST be separated by `,` | `openid` |\n| KEYFACTOR_AUTH_AUDIENCE | Audience to request when authenticating to Keyfactor Command API | |\n| KEYFACTOR_AUTH_ACCESS_TOKEN | Access token to use to authenticate to Keyfactor Command API. This can be supplied directly or generated via client credentials | |\n| KEYFACTOR_AUTH_CA_CERT | Either a file path or PEM encoded string to a CA certificate to use when connecting to Keyfactor Auth | |\n\n### Kerberos/SPNEGO Authentication\n\nKerberos authentication supports three methods: credential cache (ccache), keytab file, or username/password. The authentication method is determined automatically based on which credentials are provided, with the following priority: ccache \u003e keytab \u003e password.\n\n| Name | Description | Default |\n|-----------------------------------|----------------------------------------------------------------------------------------------------|-------------------|\n| KEYFACTOR_AUTH_KRB_USERNAME | Kerberos principal (username or user@REALM format) | |\n| KEYFACTOR_AUTH_KRB_PASSWORD | Password for password-based Kerberos authentication | |\n| KEYFACTOR_AUTH_KRB_REALM | Kerberos realm (uppercase, e.g., EXAMPLE.COM). Can be implied from username if using user@REALM | |\n| KEYFACTOR_AUTH_KRB_KEYTAB | Path to keytab file for keytab-based authentication | |\n| KEYFACTOR_AUTH_KRB_CONFIG | Path to krb5.conf file | `/etc/krb5.conf` |\n| KEYFACTOR_AUTH_KRB_CCACHE | Path to credential cache file for ccache-based authentication | |\n| KEYFACTOR_AUTH_KRB_SPN | Service Principal Name (optional, auto-generated as HTTP/hostname if not specified) | |\n| KEYFACTOR_AUTH_KRB_DISABLE_PAFXFAST | Set to `true` to disable PA-FX-FAST for Active Directory compatibility | `false` |\n\n### Test Environment Variables\n\nThese environment variables are used to run go tests. They are not used in the actual client library.\n\n| Name | Description | Default |\n|-------------------------|-------------------------------------------------------|---------|\n| TEST_KEYFACTOR_AD_AUTH | Set to `true` to test Active Directory authentication | false |\n| TEST_KEYFACTOR_KC_AUTH | Set to `true` to test Keycloak authentication | false |\n| TEST_KEYFACTOR_KRB_AUTH | Set to `true` to test Kerberos authentication | false |\n\n## Configuration File\n\nA JSON or YAML file can be used to store authentication configuration. A configuration file can contain references to\nmultiple Keyfactor Command environments and can be referenced by a `profile` name. The `default` profile will be used\nwhen no profile is specified. Keyfactor tools will look for a config file located at\n`$HOME/.keyfactor/command_config.json`\nby default. The config file should be structured as follows:\n\n### Basic Auth\n\n#### JSON\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"host\": \"keyfactor.command.kfdelivery.com\",\n \"username\": \"keyfactor\",\n \"password\": \"password\",\n \"domain\": \"command\",\n \"api_path\": \"KeyfactorAPI\"\n },\n \"server2\": {\n \"host\": \"keyfactor2.command.kfdelivery.com\",\n \"username\": \"keyfactor2\",\n \"password\": \"password2\",\n \"domain\": \"command\",\n \"api_path\": \"Keyfactor/API\"\n }\n }\n}\n```\n\n#### YAML\n\n```yaml\nservers:\n default:\n host: keyfactor.command.kfdelivery.com\n username: keyfactor\n password: password\n domain: command\n api_path: KeyfactorAPI\n server2:\n host: keyfactor2.command.kfdelivery.com\n username: keyfactor2\n password: password2\n domain: command\n api_path: Keyfactor/API\n```\n\n### oAuth Client Credentials\n\n#### JSON\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"host\": \"keyfactor.command.kfdelivery.com\",\n \"token_url\": \"https://idp.keyfactor.command.kfdelivery.com/oauth2/token\",\n \"client_id\": \"client-id\",\n \"client_secret\": \"client-secret\",\n \"audience\": \"https://keyfactor.command.kfdelivery.com\",\n \"scopes\": [\n \"openid\",\n \"profile\",\n \"email\"\n ],\n \"api_path\": \"KeyfactorAPI\"\n },\n \"server2\": {\n \"host\": \"keyfactor.command.kfdelivery.com\",\n \"token_url\": \"https://idp.keyfactor.command.kfdelivery.com/oauth2/token\",\n \"client_id\": \"client-id\",\n \"client_secret\": \"client-secret\",\n \"api_path\": \"KeyfactorAPI\"\n }\n }\n}\n```\n\n#### YAML\n\n```yaml\nservers:\n default:\n host: keyfactor.command.kfdelivery.com\n token_url: https://idp.keyfactor.command.kfdelivery.com/oauth2/token\n client_id: client-id\n client_secret: client-secret\n api_path: KeyfactorAPI\n audience: https://keyfactor.command.kfdelivery.com\n scopes:\n - openid\n - profile\n - email\n server2:\n host: keyfactor.command.kfdelivery.com\n token_url: https://idp.keyfactor.command.kfdelivery.com/oauth2/token\n client_id: client-id\n client_secret: client-secret\n api_path: KeyfactorAPI\n```\n\n### Kerberos/SPNEGO\n\n#### JSON (with keytab)\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"host\": \"keyfactor.command.kfdelivery.com\",\n \"username\": \"svc_keyfactor\",\n \"kerberos_realm\": \"EXAMPLE.COM\",\n \"kerberos_keytab\": \"/etc/keytabs/svc_keyfactor.keytab\",\n \"kerberos_config\": \"/etc/krb5.conf\",\n \"api_path\": \"KeyfactorAPI\"\n }\n }\n}\n```\n\n#### JSON (with password)\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"host\": \"keyfactor.command.kfdelivery.com\",\n \"username\": \"user@EXAMPLE.COM\",\n \"password\": \"password\",\n \"kerberos_realm\": \"EXAMPLE.COM\",\n \"kerberos_config\": \"/etc/krb5.conf\",\n \"api_path\": \"KeyfactorAPI\"\n }\n }\n}\n```\n\n#### YAML (with keytab)\n\n```yaml\nservers:\n default:\n host: keyfactor.command.kfdelivery.com\n username: svc_keyfactor\n kerberos_realm: EXAMPLE.COM\n kerberos_keytab: /etc/keytabs/svc_keyfactor.keytab\n kerberos_config: /etc/krb5.conf\n api_path: KeyfactorAPI\n```\n\n## Configuration File Providers\n\nBelow are a list of configuration file providers that can be used to load configuration from a file if loading from disk\nis not desired. \n\n### Azure Key Vault\n\nTo use Azure Key Vault as a configuration file provider, the code must either be running in an Azure environment or the\nenvironment configured with `az login`. The following environment variables can be used and will take precedence over\nany configuration file. *NOTE* that the secret must be formatted as specified in the example configuration files above.\n\n| Name | Description | Default |\n|---------------------|---------------------------------------|---------|\n| AZURE_KEYVAULT_NAME | The name of the Azure KeyVault | |\n| AZURE_SECRET_NAME | The name of the Azure KeyVault secret | |\n\n#### JSON\n\nBelow is an example of a configuration file that uses Azure Key Vault as a configuration file provider. *NOTE* that the\nsecret must be formatted as specified in the example configuration files above.\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"auth_provider\": {\n \"type\": \"azid\",\n \"profile\": \"default\",\n \"parameters\": {\n \"secret_name\": \"\u003cakv_secret_name\u003e\",\n \"vault_name\": \"\u003cakv_vault_name\u003e\"\n }\n }\n }\n }\n}\n```\n\n#### YAML\n\nBelow is an example of a configuration file that uses Azure Key Vault as a configuration file provider. *NOTE* that the\nsecret must be formatted as specified in the example configuration files above.\n\n```yaml\nservers:\n default:\n auth_provider:\n type: azid\n profile: default\n parameters:\n secret_name: \u003cakv_secret_name\u003e\n vault_name: \u003cakv_vault_name\u003e\n```\n\n# Testing\n\nTo run the tests you'll need to provide a `${HOME}/.keyfactor/command_config.json` file for some of the tests to use. \n\n## Example:\n\n```json\n{\n \"servers\": {\n \"default\": {\n \"host\": \"\u003cinsert keyfactor command hostname\u003e\",\n \"port\": 443,\n \"client_id\": \"\u003cinsert valid client_id\u003e\",\n \"client_secret\": \"\u003cinsert valid client_secret\u003e\",\n \"token_url\": \"https://\u003cinsert oauth2 token endpoint hostname\u003e/oauth2/token\",\n \"api_path\": \"Keyfactor/API\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"oauth\"\n },\n \"basic-auth\": {\n \"host\": \"\u003cinsert valid keyfactor command hostname\u003e\",\n \"port\": 443,\n \"username\": \"\u003cinsert valid keyfactor command username\u003e\",\n \"password\": \"\u003cinsert valid keyfactor command password\u003e\",\n \"domain\": \"\u003cinsert valid AD domain name\u003e\",\n \"api_path\": \"KeyfactorAPI\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"basic\"\n },\n \"default\": {\n \"host\": \"\u003cinsert valid keyfactor command hostname\u003e\",\n \"port\": 443,\n \"username\": \"\u003cinsert valid keyfactor command username\u003e\",\n \"password\": \"\u003cinsert valid keyfactor command password\u003e\",\n \"domain\": \"\u003cinsert valid AD domain name\u003e\",\n \"api_path\": \"KeyfactorAPI\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"basic\"\n },\n \"invalid-host\": {\n \"host\": \"\u003cinsert valid keyfactor command hostname\u003e\",\n \"port\": 443,\n \"username\": \"\u003cinsert valid keyfactor command username\u003e\",\n \"password\": \"\u003cinsert valid keyfactor command password\u003e\",\n \"domain\": \"\u003cinsert valid AD domain name\u003e\",\n \"api_path\": \"KeyfactorAPI\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"basic\"\n },\n \"invalid-username\": {\n \"host\": \"\u003cinsert valid keyfactor command hostname\u003e\",\n \"port\": 443,\n \"username\": \"invalid\",\n \"password\": \"\u003cinsert valid keyfactor command password\u003e\",\n \"domain\": \"\u003cinsert valid AD domain name\u003e\",\n \"api_path\": \"KeyfactorAPI\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"basic\"\n },\n \"invalid-password\": {\n \"host\": \"\u003cinsert valid keyfactor command hostname\u003e\",\n \"port\": 443,\n \"username\": \"\u003cinsert valid keyfactor command username\u003e\",\n \"password\": \"invalid\",\n \"domain\": \"\u003cinsert valid AD domain name\u003e\",\n \"api_path\": \"KeyfactorAPI\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"basic\"\n },\n \"oauth\": {\n \"host\": \"\u003cinsert keyfactor command hostname\u003e\",\n \"port\": 443,\n \"client_id\": \"\u003cinsert valid client_id\u003e\",\n \"client_secret\": \"\u003cinsert valid client_secret\u003e\",\n \"token_url\": \"https://\u003cinsert oauth2 token endpoint hostname\u003e/oauth2/token\",\n \"api_path\": \"Keyfactor/API\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"oauth\"\n },\n \"oauth-invalid-creds\": {\n \"host\": \"\u003cinsert keyfactor command hostname\u003e\",\n \"port\": 443,\n \"client_id\": \"invalid\",\n \"client_secret\": \"invalid\",\n \"token_url\": \"https://\u003cinsert oauth2 token endpoint hostname\u003e/oauth2/token\",\n \"api_path\": \"Keyfactor/API\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"oauth\"\n },\n \"oauth-invalid-host\": {\n \"host\": \"invalid.localhost.dev\",\n \"port\": 443,\n \"client_id\": \"\u003cinsert valid client_id\u003e\",\n \"client_secret\": \"\u003cinsert valid client_secret\u003e\",\n \"token_url\": \"https://\u003cinsert oauth2 token endpoint hostname\u003e/oauth2/token\",\n \"api_path\": \"Keyfactor/API\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"oauth\"\n },\n \"oauth-skiptls\": {\n \"host\": \"\u003cinsert keyfactor command hostname\u003e\",\n \"port\": 443,\n \"client_id\": \"\u003cinsert valid client_id\u003e\",\n \"client_secret\": \"\u003cinsert valid client_secret\u003e\",\n \"token_url\": \"https://\u003cinsert oauth2 token endpoint hostname\u003e/oauth2/token\",\n \"api_path\": \"Keyfactor/API\",\n \"auth_provider\": {},\n \"skip_tls_verify\": true,\n \"auth_type\": \"oauth\"\n }\n }\n}\n\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fkeyfactor-auth-client-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeyfactor%2Fkeyfactor-auth-client-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fkeyfactor-auth-client-go/lists"}