Skip to content

Instantly share code, notes, and snippets.

@jun06t
Created July 13, 2018 15:56
Show Gist options
  • Save jun06t/c5a628abae1cb1562d16f369ca31b22a to your computer and use it in GitHub Desktop.
Save jun06t/c5a628abae1cb1562d16f369ca31b22a to your computer and use it in GitHub Desktop.
Golang Vault Login Sample
package main
import (
"encoding/json"
"fmt"
"net/http"
"time"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/builtin/credential/aws"
)
const (
vaultAddr = "http://YOUR_VAULT_ADDR:8200"
staticToken = "YOUR_STATIC_TOKEN"
)
var httpClient = &http.Client{
Timeout: 10 * time.Second,
}
func main() {
// token := staticToken
//token, err := userpassLogin()
//if err != nil {
// panic(err)
//}
token, err := awsLogin()
if err != nil {
panic(err)
}
client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
if err != nil {
panic(err)
}
client.SetToken(token)
data, err := client.Logical().Read("secret/data/my-secret")
if err != nil {
panic(err)
}
b, _ := json.Marshal(data.Data)
fmt.Println(string(b))
}
const (
username = "jun06t"
password = "foo"
)
func userpassLogin() (string, error) {
// create a vault client
client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
if err != nil {
return "", err
}
// to pass the password
options := map[string]interface{}{
"password": password,
}
path := fmt.Sprintf("auth/userpass/login/%s", username)
// PUT call to get a token
secret, err := client.Logical().Write(path, options)
if err != nil {
return "", err
}
token := secret.Auth.ClientToken
return token, nil
}
const (
accessKey = ""
secretKey = ""
sessionToken = ""
headerValue = ""
)
func awsLogin() (string, error) {
// get aws credential
data, err := awsauth.GenerateLoginData(accessKey, secretKey, sessionToken, headerValue)
if err != nil {
return "", err
}
// create a vault client
client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
if err != nil {
return "", err
}
// PUT call to get a token
secret, err := client.Logical().Write("auth/aws/login", data)
if err != nil {
return "", err
}
token := secret.Auth.ClientToken
return token, nil
}
@marialuquea
Copy link

In line 86, where are you getting awsauth from?

@fbelter-iteratec
Copy link

imported with github.com/hashicorp/vault/api, I suppose

@mrbardia72
Copy link

Does this code work correctly now?

@navneet1075
Copy link

it does not . I am getting this error : missing client token

@catshater
Copy link

thank you for saving my time

@rufreakde
Copy link

There are some unused variables and the code needs some cleanup/refactoring but you can connect with a client token to the vault. At least I tested only the client token part thank you for that!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment