https://github.com/keyfactor/keyfactor-auth-client-go
The Keyfactor Auth Client - Golang is a Go module that handles authentication and authorization for the Keyfactor API.
https://github.com/keyfactor/keyfactor-auth-client-go
keyfactor-api-client
Last synced: 10 months ago
JSON representation
The Keyfactor Auth Client - Golang is a Go module that handles authentication and authorization for the Keyfactor API.
- Host: GitHub
- URL: https://github.com/keyfactor/keyfactor-auth-client-go
- Owner: Keyfactor
- License: apache-2.0
- Created: 2024-05-03T15:41:36.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-31T16:54:32.000Z (10 months ago)
- Last Synced: 2025-03-31T17:49:33.573Z (10 months ago)
- Topics: keyfactor-api-client
- Language: Go
- Size: 265 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# keyfactor-auth-client-go
Client library for authenticating to Keyfactor Command.
## Environment Variables
### Global
| Name | Description | Default |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------|----------------------------------------|
| KEYFACTOR_HOSTNAME | Keyfactor Command hostname without protocol and port | |
| KEYFACTOR_PORT | Keyfactor Command port | `443` |
| KEYFACTOR_API_PATH | Keyfactor Command API Path | `KeyfactorAPI` |
| KEYFACTOR_SKIP_VERIFY | Skip TLS verification when connecting to Keyfactor Command | `false` |
| KEYFACTOR_CA_CERT | Either a file path or PEM encoded string to a CA certificate to trust when communicating with Keyfactor Command | |
| KEYFACTOR_CLIENT_TIMEOUT | Timeout for HTTP client requests to Keyfactor Command | `60s` |
| KEYFACTOR_AUTH_CONFIG_FILE | Path to a JSON file containing the authentication configuration | `$HOME/.keyfactor/command_config.json` |
| KEYFACTOR_AUTH_CONFIG_PROFILE | Profile to use from the authentication configuration file | `default` |
### Basic Auth
Currently `Basic Authentication` via `Active Directory` is the *ONLY* supported method of `Basic Authentication`.
| Name | Description | Default |
|--------------------|---------------------------------------------------------------------------------------------|---------|
| KEYFACTOR_USERNAME | Active Directory username to authenticate to Keyfactor Command API | |
| KEYFACTOR_PASSWORD | Password associated with Active Directory username to authenticate to Keyfactor Command API | |
| KEYFACTOR_DOMAIN | Active Directory domain of user. Can be implied from username if it contains `@` or `\\` | |
### oAuth Client Credentials
| Name | Description | Default |
|------------------------------|---------------------------------------------------------------------------------------------------------------------------------|----------|
| KEYFACTOR_AUTH_CLIENT_ID | Keyfactor Auth Client ID | |
| KEYFACTOR_AUTH_CLIENT_SECRET | Keyfactor Auth Client Secret | |
| KEYFACTOR_AUTH_TOKEN_URL | URL to request an access token from Keyfactor Auth | |
| KEYFACTOR_AUTH_SCOPES | Scopes to request when authenticating to Keyfactor Command API. Each scope MUST be separated by `,` | `openid` |
| KEYFACTOR_AUTH_AUDIENCE | Audience to request when authenticating to Keyfactor Command API | |
| KEYFACTOR_AUTH_ACCESS_TOKEN | Access token to use to authenticate to Keyfactor Command API. This can be supplied directly or generated via client credentials | |
| KEYFACTOR_AUTH_CA_CERT | Either a file path or PEM encoded string to a CA certificate to use when connecting to Keyfactor Auth | |
### Test Environment Variables
These environment variables are used to run go tests. They are not used in the actual client library.
| Name | Description | Default |
|------------------------|-------------------------------------------------------|---------|
| TEST_KEYFACTOR_AD_AUTH | Set to `true` to test Active Directory authentication | false |
| TEST_KEYFACTOR_KC_AUTH | Set to `true` to test Keycloak authentication | false |
## Configuration File
A JSON or YAML file can be used to store authentication configuration. A configuration file can contain references to
multiple Keyfactor Command environments and can be referenced by a `profile` name. The `default` profile will be used
when no profile is specified. Keyfactor tools will look for a config file located at
`$HOME/.keyfactor/command_config.json`
by default. The config file should be structured as follows:
### Basic Auth
#### JSON
```json
{
"servers": {
"default": {
"host": "keyfactor.command.kfdelivery.com",
"username": "keyfactor",
"password": "password",
"domain": "command",
"api_path": "KeyfactorAPI"
},
"server2": {
"host": "keyfactor2.command.kfdelivery.com",
"username": "keyfactor2",
"password": "password2",
"domain": "command",
"api_path": "Keyfactor/API"
}
}
}
```
#### YAML
```yaml
servers:
default:
host: keyfactor.command.kfdelivery.com
username: keyfactor
password: password
domain: command
api_path: KeyfactorAPI
server2:
host: keyfactor2.command.kfdelivery.com
username: keyfactor2
password: password2
domain: command
api_path: Keyfactor/API
```
### oAuth Client Credentials
#### JSON
```json
{
"servers": {
"default": {
"host": "keyfactor.command.kfdelivery.com",
"token_url": "https://idp.keyfactor.command.kfdelivery.com/oauth2/token",
"client_id": "client-id",
"client_secret": "client-secret",
"audience": "https://keyfactor.command.kfdelivery.com",
"scopes": [
"openid",
"profile",
"email"
],
"api_path": "KeyfactorAPI"
},
"server2": {
"host": "keyfactor.command.kfdelivery.com",
"token_url": "https://idp.keyfactor.command.kfdelivery.com/oauth2/token",
"client_id": "client-id",
"client_secret": "client-secret",
"api_path": "KeyfactorAPI"
}
}
}
```
#### YAML
```yaml
servers:
default:
host: keyfactor.command.kfdelivery.com
token_url: https://idp.keyfactor.command.kfdelivery.com/oauth2/token
client_id: client-id
client_secret: client-secret
api_path: KeyfactorAPI
audience: https://keyfactor.command.kfdelivery.com
scopes:
- openid
- profile
- email
server2:
host: keyfactor.command.kfdelivery.com
token_url: https://idp.keyfactor.command.kfdelivery.com/oauth2/token
client_id: client-id
client_secret: client-secret
api_path: KeyfactorAPI
```
## Configuration File Providers
Below are a list of configuration file providers that can be used to load configuration from a file if loading from disk
is not desired.
### Azure Key Vault
To use Azure Key Vault as a configuration file provider, the code must either be running in an Azure environment or the
environment configured with `az login`. The following environment variables can be used and will take precedence over
any configuration file. *NOTE* that the secret must be formatted as specified in the example configuration files above.
| Name | Description | Default |
|---------------------|---------------------------------------|---------|
| AZURE_KEYVAULT_NAME | The name of the Azure KeyVault | |
| AZURE_SECRET_NAME | The name of the Azure KeyVault secret | |
#### JSON
Below is an example of a configuration file that uses Azure Key Vault as a configuration file provider. *NOTE* that the
secret must be formatted as specified in the example configuration files above.
```json
{
"servers": {
"default": {
"auth_provider": {
"type": "azid",
"profile": "default",
"parameters": {
"secret_name": "",
"vault_name": ""
}
}
}
}
}
```
#### YAML
Below is an example of a configuration file that uses Azure Key Vault as a configuration file provider. *NOTE* that the
secret must be formatted as specified in the example configuration files above.
```yaml
servers:
default:
auth_provider:
type: azid
profile: default
parameters:
secret_name:
vault_name:
```