Skip to content

Instantly share code, notes, and snippets.

@arielazem

arielazem/vault-golang-login

Forked from jun06t/vault-golang-login
Created February 4, 2025 05:08
Show Gist options
  • Save arielazem/effefb3d5c396bc5607b9a2ff6a46a4a to your computer and use it in GitHub Desktop.
Save arielazem/effefb3d5c396bc5607b9a2ff6a46a4a to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @jun06t jun06t created this gist Jul 13, 2018.
    105 changes: 105 additions & 0 deletions vault-golang-login
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,105 @@
    package main

    import (
    "encoding/json"
    "fmt"
    "net/http"
    "time"

    "github.com/hashicorp/vault/api"
    "github.com/hashicorp/vault/builtin/credential/aws"
    )

    const (
    vaultAddr = "http://YOUR_VAULT_ADDR:8200"

    staticToken = "YOUR_STATIC_TOKEN"
    )

    var httpClient = &http.Client{
    Timeout: 10 * time.Second,
    }

    func main() {
    // token := staticToken
    //token, err := userpassLogin()
    //if err != nil {
    // panic(err)
    //}
    token, err := awsLogin()
    if err != nil {
    panic(err)
    }

    client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
    if err != nil {
    panic(err)
    }

    client.SetToken(token)
    data, err := client.Logical().Read("secret/data/my-secret")
    if err != nil {
    panic(err)
    }

    b, _ := json.Marshal(data.Data)
    fmt.Println(string(b))
    }

    const (
    username = "jun06t"
    password = "foo"
    )

    func userpassLogin() (string, error) {
    // create a vault client
    client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
    if err != nil {
    return "", err
    }

    // to pass the password
    options := map[string]interface{}{
    "password": password,
    }
    path := fmt.Sprintf("auth/userpass/login/%s", username)

    // PUT call to get a token
    secret, err := client.Logical().Write(path, options)
    if err != nil {
    return "", err
    }

    token := secret.Auth.ClientToken
    return token, nil
    }

    const (
    accessKey = ""
    secretKey = ""
    sessionToken = ""
    headerValue = ""
    )

    func awsLogin() (string, error) {
    // get aws credential
    data, err := awsauth.GenerateLoginData(accessKey, secretKey, sessionToken, headerValue)
    if err != nil {
    return "", err
    }

    // create a vault client
    client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
    if err != nil {
    return "", err
    }

    // PUT call to get a token
    secret, err := client.Logical().Write("auth/aws/login", data)
    if err != nil {
    return "", err
    }

    token := secret.Auth.ClientToken
    return token, nil
    }