https://github.com/nikogura/vault-authenticator
Managed Secrets Client Libraries
https://github.com/nikogura/vault-authenticator
security
Last synced: 5 months ago
JSON representation
Managed Secrets Client Libraries
- Host: GitHub
- URL: https://github.com/nikogura/vault-authenticator
- Owner: nikogura
- License: mit
- Created: 2019-11-14T21:10:51.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-12-11T22:16:53.000Z (over 1 year ago)
- Last Synced: 2025-08-14T23:43:12.040Z (11 months ago)
- Topics: security
- Language: Go
- Homepage: https://github.com/nikogura/vault-authenticator
- Size: 119 KB
- Stars: 1
- Watchers: 5
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# vault-authenticator
[](https://goreportcard.com/report/github.com/nikogura/vault-authenticator)
[](http://godoc.org/github.com/nikogura/vault-authenticator/pkg/vault-authenticator)
Useful golang functions for interacting with Vault.
Vault is a great tool, but programming against it sometimes requires one to go more deeply than one wants to in order to navigate these waters.
This library abstracts some of the work and provided some high level bindings so that the author of a tool that _uses_ Vault doesn't need to be an expert in Vault.
The crown jewel is the `authenticator` object which has has one main method: Auth(). This method tries to authenticate to Vault in a number of ways and returns an authenticated Vault client for the first one that succeeds.
## Configuration
To configure `authenticator`, create the object via it's constructor:
auth = authenticator.NewAuthenticator()
Then set the address of the Vault server:
auth.SetAddress("https://vault.example.com")
Set a private CA if you're using one:
auth.SetCACertificate(`-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
`)
Set Auth methods. These will be tried in order:
auth.SetAuthMethods([]string{
"iam",
"k8s",
"tls",
"ldap",
})
If your usernames don't necessarily map to posix users on the system:
auth.SetUsernameFunc(somelib.GetUsername)
Finally, if using TLS Auth, set the locations of the client certs:
auth.SetTlsClientCrtPath("/path/to/cert.crt")
auth.SetTlsClientKeyPath("/path/to/key.key")
After that, simply run:
client, err := auth.Auth()
if err != nil {
log.Fatalf("Auth failed: %s", err)
}
path := "/secret/foo
secret, err := authenticator.GetSecret(client, path)
if err != nil {
log.Fatalf("Failed getting secret from %s: %s", path, err)
}
... do something with secret ...