Created
July 13, 2023 18:27
-
-
Save manju4ever/7c47c9baf6a18a14fd58383c27cd8834 to your computer and use it in GitHub Desktop.
Vault Client with Auto Login and Renewal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package vault_client | |
| import ( | |
| "context" | |
| "log" | |
| "time" | |
| "github.com/hashicorp/vault/api" | |
| ) | |
| // VaultClient is a singleton Vault client. | |
| var VaultClient *api.Client | |
| // Config is the configuration for the Vault client. | |
| type Config struct { | |
| Hostname string | |
| Port int | |
| RoleID string | |
| SecretID string | |
| } | |
| // Context is the context for the Vault client. | |
| type Context struct { | |
| Timeout time.Duration | |
| } | |
| func init(config Config, ctx Context) { | |
| // Create a new Vault client. | |
| client, err := api.NewClient(api.WithAddress(config.Hostname), api.WithToken(config.SecretID)) | |
| if err != nil { | |
| log.Printf("Error creating Vault client: %v", err) | |
| return | |
| } | |
| // Set the Vault client as a singleton. | |
| VaultClient = client | |
| // Login to Vault and get the initial TTL. | |
| secret, err := AppRoleLogin(context.Background(), config.RoleID, config.SecretID) | |
| if err != nil { | |
| log.Printf("Error logging in to Vault: %v", err) | |
| return | |
| } | |
| ttl := secret.LeaseDuration | |
| // Create a timer to renew the token. | |
| timer := time.AfterFunc(ttl-ctx.Timeout, func() { | |
| // Renew the token. | |
| err := RenewToken(context.Background()) | |
| if err != nil { | |
| log.Printf("Error renewing token: %v", err) | |
| } | |
| }) | |
| // Wait for the timer to expire. | |
| <-timer.C | |
| } | |
| // AppRoleLogin logs in to Vault using the AppRole authentication method. | |
| func AppRoleLogin(ctx context.Context) (*api.Secret, error) { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Login to Vault using the AppRole authentication method. | |
| secret, err := client.Auth().AppRole().Login(ctx, config.RoleID, config.SecretID) | |
| if err != nil { | |
| return nil, err | |
| } | |
| return secret, nil | |
| } | |
| // RenewToken renews the token. | |
| func RenewToken(ctx context.Context) error { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Renew the token. | |
| err := client.Auth().Renew(ctx) | |
| if err != nil { | |
| log.Printf("Error renewing token: %v", err) | |
| return err | |
| } | |
| return nil | |
| } | |
| // CloseConnection closes the connection to Vault. | |
| func CloseConnection() { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Close the connection. | |
| err := client.Close() | |
| if err != nil { | |
| log.Printf("Error closing connection to Vault: %v", err) | |
| } | |
| } | |
| // AddSecret adds a secret to Vault. | |
| func AddSecret(ctx context.Context, path, data string) error { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Add the secret to Vault. | |
| err := client.Sys().Write(ctx, path, data) | |
| if err != nil { | |
| return err | |
| } | |
| return nil | |
| } | |
| // UpdateSecret updates a secret in Vault. | |
| func UpdateSecret(ctx context.Context, path, data string) error { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Update the secret in Vault. | |
| err := client.Sys().Update(ctx, path, data) | |
| if err != nil { | |
| return err | |
| } | |
| return nil | |
| } | |
| // RemoveSecret removes a secret from Vault. | |
| func RemoveSecret(ctx context.Context, path string) error { | |
| // Get the Vault client. | |
| client := VaultClient | |
| // Remove the secret from Vault. | |
| err := client.Sys().Delete(ctx, path) | |
| if err != nil { | |
| return err | |
| } | |
| return nil | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment