Created
July 13, 2018 15:56
-
-
Save jun06t/c5a628abae1cb1562d16f369ca31b22a to your computer and use it in GitHub Desktop.
Golang Vault Login Sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "fmt" | |
| "net/http" | |
| "time" | |
| "github.com/hashicorp/vault/api" | |
| "github.com/hashicorp/vault/builtin/credential/aws" | |
| ) | |
| const ( | |
| vaultAddr = "http://YOUR_VAULT_ADDR:8200" | |
| staticToken = "YOUR_STATIC_TOKEN" | |
| ) | |
| var httpClient = &http.Client{ | |
| Timeout: 10 * time.Second, | |
| } | |
| func main() { | |
| // token := staticToken | |
| //token, err := userpassLogin() | |
| //if err != nil { | |
| // panic(err) | |
| //} | |
| token, err := awsLogin() | |
| if err != nil { | |
| panic(err) | |
| } | |
| client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient}) | |
| if err != nil { | |
| panic(err) | |
| } | |
| client.SetToken(token) | |
| data, err := client.Logical().Read("secret/data/my-secret") | |
| if err != nil { | |
| panic(err) | |
| } | |
| b, _ := json.Marshal(data.Data) | |
| fmt.Println(string(b)) | |
| } | |
| const ( | |
| username = "jun06t" | |
| password = "foo" | |
| ) | |
| func userpassLogin() (string, error) { | |
| // create a vault client | |
| client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient}) | |
| if err != nil { | |
| return "", err | |
| } | |
| // to pass the password | |
| options := map[string]interface{}{ | |
| "password": password, | |
| } | |
| path := fmt.Sprintf("auth/userpass/login/%s", username) | |
| // PUT call to get a token | |
| secret, err := client.Logical().Write(path, options) | |
| if err != nil { | |
| return "", err | |
| } | |
| token := secret.Auth.ClientToken | |
| return token, nil | |
| } | |
| const ( | |
| accessKey = "" | |
| secretKey = "" | |
| sessionToken = "" | |
| headerValue = "" | |
| ) | |
| func awsLogin() (string, error) { | |
| // get aws credential | |
| data, err := awsauth.GenerateLoginData(accessKey, secretKey, sessionToken, headerValue) | |
| if err != nil { | |
| return "", err | |
| } | |
| // create a vault client | |
| client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient}) | |
| if err != nil { | |
| return "", err | |
| } | |
| // PUT call to get a token | |
| secret, err := client.Logical().Write("auth/aws/login", data) | |
| if err != nil { | |
| return "", err | |
| } | |
| token := secret.Auth.ClientToken | |
| return token, nil | |
| } |
imported with github.com/hashicorp/vault/api, I suppose
Does this code work correctly now?
it does not . I am getting this error : missing client token
thank you for saving my time
There are some unused variables and the code needs some cleanup/refactoring but you can connect with a client token to the vault. At least I tested only the client token part thank you for that!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In line 86, where are you getting
awsauthfrom?