https://github.com/micnncim/go-secretresolver
Transparently resolve secret references for secret managers
https://github.com/micnncim/go-secretresolver
Last synced: 2 months ago
JSON representation
Transparently resolve secret references for secret managers
- Host: GitHub
- URL: https://github.com/micnncim/go-secretresolver
- Owner: micnncim
- License: apache-2.0
- Created: 2020-05-25T06:52:00.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-10-10T20:01:25.000Z (over 1 year ago)
- Last Synced: 2024-06-20T15:57:28.842Z (about 1 year ago)
- Language: Go
- Homepage: https://pkg.go.dev/github.com/micnncim/go-secretresolver
- Size: 13.7 KB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# go-secretresolver
[![actions-workflow-test][actions-workflow-test-badge]][actions-workflow-test]
[![release][release-badge]][release]
[![pkg.go.dev][pkg.go.dev-badge]][pkg.go.dev]
[![dependabot][dependabot-badge]][dependabot]
[![license][license-badge]][license]
The package that transparently resolve secret references for secret managers (e.g., Google Secret Manager, Hashicorp Vault) in environment variables.
The idea comes from [Berglas](https://github.com/GoogleCloudPlatform/berglas).
`go-secretresolver` is general-purpose resolver package unlike Berglas.
It means `go-secretresolver` works well with any secret manager.
## Example
```go
package main
import (
"fmt"
"os"
"github.com/micnncim/go-secretresolver"
secretmanager "cloud.google.com/go/secretmanager/apiv1"
secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
)
type GoogleSecretManager struct {
client *secretmanager.Client
}
func (m *GoogleSecretManager) GetSecretValue(ctx context.Context, name string) (string, error) {
result, _ := m.client.AccessSecretVersion(ctx, &secretmanagerpb.AccessSecretVersionRequest{
Name: name,
})
return string(result.Payload.Data), nil
}
func main() {
// Before getting started, create a secret in some secret manager.
// $ echo "VALUE" | gcloud secrets create my-secret --data-file=- --project=my-project
ctx := context.Background()
client, _ := secretmanager.NewClient(ctx)
sm := &GoogleSecretManager{
client: client,
}
os.Setenv("KEY", "secret://projects/my-project/secrets/my-secret/versions/latest")
secretresolver.Resolve(ctx, sm.GetSecretValue)
fmt.Println(os.Getenv("KEY")) // => "VALUE"
}
```
[actions-workflow-test]: https://github.com/micnncim/go-secretresolver/actions?query=workflow%3ATest
[actions-workflow-test-badge]: https://img.shields.io/github/workflow/status/micnncim/go-secretresolver/Test?label=Test&style=for-the-badge&logo=github
[release]: https://github.com/micnncim/go-secretresolver/releases
[release-badge]: https://img.shields.io/github/v/release/micnncim/go-secretresolver?style=for-the-badge&logo=github
[pkg.go.dev]: https://pkg.go.dev/github.com/micnncim/go-secretresolver?tab=overview
[pkg.go.dev-badge]: https://img.shields.io/badge/pkg.go.dev-reference-02ABD7?style=for-the-badge&logoWidth=25&logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9Ijg1IDU1IDEyMCAxMjAiPjxwYXRoIGZpbGw9IiMwMEFERDgiIGQ9Ik00MC4yIDEwMS4xYy0uNCAwLS41LS4yLS4zLS41bDIuMS0yLjdjLjItLjMuNy0uNSAxLjEtLjVoMzUuN2MuNCAwIC41LjMuMy42bC0xLjcgMi42Yy0uMi4zLS43LjYtMSAuNmwtMzYuMi0uMXptLTE1LjEgOS4yYy0uNCAwLS41LS4yLS4zLS41bDIuMS0yLjdjLjItLjMuNy0uNSAxLjEtLjVoNDUuNmMuNCAwIC42LjMuNS42bC0uOCAyLjRjLS4xLjQtLjUuNi0uOS42bC00Ny4zLjF6bTI0LjIgOS4yYy0uNCAwLS41LS4zLS4zLS42bDEuNC0yLjVjLjItLjMuNi0uNiAxLS42aDIwYy40IDAgLjYuMy42LjdsLS4yIDIuNGMwIC40LS40LjctLjcuN2wtMjEuOC0uMXptMTAzLjgtMjAuMmMtNi4zIDEuNi0xMC42IDIuOC0xNi44IDQuNC0xLjUuNC0xLjYuNS0yLjktMS0xLjUtMS43LTIuNi0yLjgtNC43LTMuOC02LjMtMy4xLTEyLjQtMi4yLTE4LjEgMS41LTYuOCA0LjQtMTAuMyAxMC45LTEwLjIgMTkgLjEgOCA1LjYgMTQuNiAxMy41IDE1LjcgNi44LjkgMTIuNS0xLjUgMTctNi42LjktMS4xIDEuNy0yLjMgMi43LTMuN2gtMTkuM2MtMi4xIDAtMi42LTEuMy0xLjktMyAxLjMtMy4xIDMuNy04LjMgNS4xLTEwLjkuMy0uNiAxLTEuNiAyLjUtMS42aDM2LjRjLS4yIDIuNy0uMiA1LjQtLjYgOC4xLTEuMSA3LjItMy44IDEzLjgtOC4yIDE5LjYtNy4yIDkuNS0xNi42IDE1LjQtMjguNSAxNy05LjggMS4zLTE4LjktLjYtMjYuOS02LjYtNy40LTUuNi0xMS42LTEzLTEyLjctMjIuMi0xLjMtMTAuOSAxLjktMjAuNyA4LjUtMjkuMyA3LjEtOS4zIDE2LjUtMTUuMiAyOC0xNy4zIDkuNC0xLjcgMTguNC0uNiAyNi41IDQuOSA1LjMgMy41IDkuMSA4LjMgMTEuNiAxNC4xLjYuOS4yIDEuNC0xIDEuN3oiLz48cGF0aCBmaWxsPSIjMDBBREQ4IiBkPSJNMTg2LjIgMTU0LjZjLTkuMS0uMi0xNy40LTIuOC0yNC40LTguOC01LjktNS4xLTkuNi0xMS42LTEwLjgtMTkuMy0xLjgtMTEuMyAxLjMtMjEuMyA4LjEtMzAuMiA3LjMtOS42IDE2LjEtMTQuNiAyOC0xNi43IDEwLjItMS44IDE5LjgtLjggMjguNSA1LjEgNy45IDUuNCAxMi44IDEyLjcgMTQuMSAyMi4zIDEuNyAxMy41LTIuMiAyNC41LTExLjUgMzMuOS02LjYgNi43LTE0LjcgMTAuOS0yNCAxMi44LTIuNy41LTUuNC42LTggLjl6bTIzLjgtNDAuNGMtLjEtMS4zLS4xLTIuMy0uMy0zLjMtMS44LTkuOS0xMC45LTE1LjUtMjAuNC0xMy4zLTkuMyAyLjEtMTUuMyA4LTE3LjUgMTcuNC0xLjggNy44IDIgMTUuNyA5LjIgMTguOSA1LjUgMi40IDExIDIuMSAxNi4zLS42IDcuOS00LjEgMTIuMi0xMC41IDEyLjctMTkuMXoiLz48L3N2Zz4=
[dependabot]: https://github.com/micnncim/go-secretresolver/pulls?q=is:pr%20author:app/dependabot-preview
[dependabot-badge]: https://img.shields.io/badge/dependabot-enabled-blue?style=for-the-badge&logo=dependabot
[license]: LICENSE
[license-badge]: https://img.shields.io/github/license/micnncim/go-secretresolver?style=for-the-badge