DEV Community

Ankit malik
Ankit malik

Posted on • Updated on

Working with Vault and Golang

Hi, This is my first post on this portal.

What is Vault:
Vault is a tool by which you can securely access you credentials. It is developed by Hashicorp. It is similar to AWS Parameter store. It helps in managing credentials effectively.

Sample Code for CRUD Operations in Vault:

package main

import (
    "fmt"
    "net/http"
    "time"

    "github.com/hashicorp/vault/api"
)

var httpClient = &http.Client{
    Timeout: 10 * time.Second,
}

func main() {
    token := "your token"
    vaultAddr := "your url"

    client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
    if err != nil {
        panic(err)
    }
    client.SetToken(token)

    //writing the data
    inputData := map[string]interface{}{
        "data": map[string]interface{}{
            "first": "ankit",
        },
    }
    output, err := client.Logical().Write("secret/data/hello", inputData)
    fmt.Println(output)
    if err != nil {
        panic(err)
    }

    //reading the data
    data, err := client.Logical().Read("secret/data/hello")
    if err != nil {
        panic(err)
    }
    fmt.Println(data.Data)

    //deleting the data
    output, err = client.Logical().Delete("secret/metadata/hello")
    fmt.Println(output)
    if err != nil {
        panic(err)
    }
}

Enter fullscreen mode Exit fullscreen mode

Things to Focus here is code
If we look at in this code then it is very easy to miss the write operation. We need to check inputData and how it is structured because according to golang object type it seems that we should use in this way rather than of how we used it.

inputData := map[string]interface{}{
        "first": "ankit",
    }
Enter fullscreen mode Exit fullscreen mode

Where should I use Vault?

  • It should be used when we are initialising the project.
  • All the configurations should be read from Vault or any other secret manager.
  • There should be no configurations saved on server.

Read Next - Go - Authenticate Your vault sdk with Kubenetes

Top comments (1)

Collapse
 
honeywild profile image
Honeywildbear • Edited

It's a nice start.

//deleting the data
    data, err := client.Logical().Read("secret/data/hello")
Enter fullscreen mode Exit fullscreen mode

Probably you mean, read the data.