MCPcopy Index your code
hub / github.com/canidam/libvault

github.com/canidam/libvault @v0.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1 ↗ · + Follow
59 symbols 207 edges 4 files 19 documented · 32%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

libvault

libvault CI

A lightweight Hashicorp Vault client written in Go, with no dependencies. It aims to provide an intuitive, simple API that is easy to use. Just like with the CLI.

Using the module, you currently can only read secrets from a Vault engine. This is an ongoing project, feel free to open FRs, PRs or issues.

Features

  • Supported Auth Methods:

    • Tokens
    • AppRole
    • AwsRole (EC2 method)
  • Supported Secrets Engines:

  • Supports self-signed CA certificates

  • By default, the Vault API secrets are consumed using environment variables. You can provide them to the client if you prefer. Check the tests file for examples.

Installation

go get -d -v github.com/canidam/libvault

Usage

package main

import (
    "fmt"
    "github.com/canidam/libvault"
    "os"
)

func main() {
    //
    // Example using Token
    //

    // If env var is not set
    os.Setenv("VAULT_TOKEN", "my_token")

    tokenClient, err := libvault.NewClient(SetVaultAddr("http://localhost:8200"))
    if err != nil {
        // handle error
    }

    var secret_path = "/my.secrets"
    secretsUsingToken, err := tokenClient.Read(secret_path)
    if err != nil {
        // handle error
    }

    // secrets is of type map[string]string
    for k, v := range secretsUsingToken {
        fmt.Printf("key %s, secret %s\n", k, v)
    }

    //
    // Example using AppRole
    //

    // If env var is not set
    os.Setenv("VAULT_ROLE_ID", "my_role_id")    
    os.Setenv("VAULT_SECRET_ID", "my_secret_id")    
    os.Setenv("VAULT_ADDR", "http://localhost:8200")

    approleClient, err := libvault.NewClient(UseApprole())
    if err != nil { 
        // handle error
    }

    secretsUsingApprole, err := approleClient.Read(secret_path)
    if err != nil {
        // handle error
    }

    // secrets is of type map[string]string
    for k, v := range secretsUsingApprole {
        fmt.Printf("key %s, secret %s\n", k, v)
    }
}

Documentation

Can be found here

Tests

Checkout the project and run

go test -v ./...

testdata/ is a special directory containing raw data for unit-tests.

tests/ includes scripts (and it's own README) for starting a dev Vault server for development.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. Please make sure to update tests as appropriate.

Roadmap

TBD

License

GPLv3.0

Extension points exported contracts — how you extend this code

Secret (Interface)
Secret is the interface to fetch secrets from the secrets engine used [1 implementers]
secrets.go
Option (FuncType)
(no doc)
vault.go

Core symbols most depended-on inside this repo

NewClient
called by 11
vault.go
SetVaultAddr
called by 9
vault.go
token
called by 7
vault.go
SetRootCA
called by 5
vault.go
Read
called by 4
vault.go
newRequest
called by 3
vault.go
parseJson
called by 3
vault.go
vaultErrorMsg
called by 3
vault.go

Shape

Function 28
Method 22
Struct 5
Interface 3
FuncType 1

Languages

Go100%

Modules by API surface

vault.go24 symbols
vault_test.go15 symbols
auth.go15 symbols
secrets.go5 symbols

For agents

$ claude mcp add libvault \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact