Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jaredpetersen/vaultx
🔐 Developer-focused alternative to the official Vault package
https://github.com/jaredpetersen/vaultx
Last synced: about 6 hours ago
JSON representation
🔐 Developer-focused alternative to the official Vault package
- Host: GitHub
- URL: https://github.com/jaredpetersen/vaultx
- Owner: jaredpetersen
- License: mit
- Created: 2022-04-25T04:20:40.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-05-15T01:41:35.000Z (over 2 years ago)
- Last Synced: 2024-06-20T10:06:34.910Z (5 months ago)
- Language: Go
- Homepage:
- Size: 81.1 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# vaultx
[](https://github.com/jaredpetersen/vaultx/actions/workflows/ci.yaml)
[](https://pkg.go.dev/github.com/jaredpetersen/vaultx)
vaultx is an alternative to the official Vault Go package that is designed with the developer in mind.
The official Vault package is very useful, but it has a number of issues that make it difficult to integrate Vault
into your applications:
- Tied tightly to the HTTP API, making accomplishing basic functionality involve writing expansive blocks of code
- Types are very generic, so you lose out on type safety and must know the HTTP API in order interact with it
- Automatic renewal of authentication credentials is not well-supported
vaultx seeks to address these issues and make Vault a joy to use in Go.
## Usage
To create your vault client, create a new configuration struct and pass it to vaultx's `New()` function:
```go
package main
import (
"context"
"fmt"
"os"
"github.com/jaredpetersen/vaultx"
vaultxauth "github.com/jaredpetersen/vaultx/auth"
)
const k8sRole = "my-app"
const vaultKVSecretPath = "my-secret"
const vaultTransitKey = "transit-key"
func main() {
ctx := context.Background()
cfg := vaultx.NewConfig("https://vault.mydomain.com")
cfg.Auth.Method = vaultxauth.NewKubernetesMethod(vaultxauth.KubernetesConfig{Role: k8sRole})
vltx := vaultx.New(cfg)
err := vltx.Auth().Login(ctx)
if err != nil {
fmt.Println("Failed to authenticate against Vault")
os.Exit(1)
}
// Store secret
secretData := map[string]interface{}{
"username": "dbuser",
"password": "3hvu2ZLxwauHrNaZjJbJARHE",
}
err = vltx.KV().UpsertSecret(ctx, vaultKVSecretPath, secretData)
if err != nil {
fmt.Println("Failed to store secret")
os.Exit(1)
}
// Get secret
secret, err := vltx.KV().GetSecret(ctx, vaultKVSecretPath)
if err != nil {
fmt.Println("Failed to retrieve secret")
os.Exit(1)
}
fmt.Printf("secret username: %s\n", secret.Data["username"])
fmt.Printf("secret password: %s\n", secret.Data["password"])
// Encrypt data
plaintext := "encrypt me"
encrypted, err := vltx.Transit().Encrypt(ctx, vaultTransitKey, []byte(plaintext))
if err != nil {
fmt.Println("Failed to encrypt data")
os.Exit(1)
}
fmt.Printf("encrypted: %s\n", encrypted)
// Decrypt data
decrypted, err := vltx.Transit().Decrypt(ctx, vaultTransitKey, encrypted)
if err != nil {
fmt.Println("Failed to decrypt data")
os.Exit(1)
}
fmt.Printf("decrypted: %s\n", string(decrypted))
}
```
## Install
```shell
go get github.com/jaredpetersen/vaultx
```
## Sponsorship
If you or your company uses vaultx, please consider contributing to the project via
[GitHub Sponsors](https://github.com/sponsors/jaredpetersen). There's some cool work that we'd like to do -- like
end-to-end integration tests -- but cloud computing isn't free.