diff options
Diffstat (limited to 'vault/simple_client.go')
-rw-r--r-- | vault/simple_client.go | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/vault/simple_client.go b/vault/simple_client.go new file mode 100644 index 0000000..560ebfe --- /dev/null +++ b/vault/simple_client.go | |||
@@ -0,0 +1,69 @@ | |||
1 | package vault | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "os" | ||
6 | |||
7 | "github.com/hashicorp/vault/api" | ||
8 | "github.com/mitchellh/mapstructure" | ||
9 | ) | ||
10 | |||
11 | type Credential struct { | ||
12 | Username string `json:"username"` | ||
13 | Password string `json:"password"` | ||
14 | } | ||
15 | |||
16 | type VaultKey struct { | ||
17 | Data Credential `json:"data"` | ||
18 | } | ||
19 | |||
20 | func loginAndRead(path string) (*api.Secret, error) { | ||
21 | c, err := api.NewClient(api.DefaultConfig()) | ||
22 | if err != nil { | ||
23 | return nil, err | ||
24 | } | ||
25 | |||
26 | lc := c.Logical() | ||
27 | s, err := lc.Write("auth/approle/login", map[string]interface{}{ | ||
28 | "role_id": os.Getenv("VAULT_ROLE_ID"), | ||
29 | "secret_id": os.Getenv("VAULT_SECRET_ID"), | ||
30 | }) | ||
31 | if err != nil { | ||
32 | return nil, err | ||
33 | } | ||
34 | |||
35 | c.SetToken(s.Auth.ClientToken) | ||
36 | |||
37 | s, err = lc.Read(path) | ||
38 | if err != nil { | ||
39 | return nil, err | ||
40 | } | ||
41 | |||
42 | return s, nil | ||
43 | } | ||
44 | |||
45 | func GetVaultKey(path string) (Credential, error) { | ||
46 | s, err := loginAndRead(fmt.Sprintf("kv/data/%s", path)) | ||
47 | if err != nil { | ||
48 | return Credential{}, err | ||
49 | } | ||
50 | |||
51 | var vk VaultKey | ||
52 | if err = mapstructure.Decode(s.Data, &vk); err != nil { | ||
53 | return Credential{}, err | ||
54 | } | ||
55 | |||
56 | return vk.Data, nil | ||
57 | } | ||
58 | |||
59 | func GetVaultDatabase(path string) (Credential, error) { | ||
60 | s, err := loginAndRead(path) | ||
61 | if err != nil { | ||
62 | return Credential{}, err | ||
63 | } | ||
64 | |||
65 | return Credential{ | ||
66 | Username: s.Data["username"].(string), | ||
67 | Password: s.Data["password"].(string), | ||
68 | }, nil | ||
69 | } | ||