-
Notifications
You must be signed in to change notification settings - Fork 3
/
vault.go
64 lines (56 loc) · 1.27 KB
/
vault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package samlplugin
import (
"fmt"
"os"
"sync"
"time"
"github.com/hashicorp/vault/api"
)
// zie https://github.com/eBay/fabio/blob/610f1cbfd05d5becfdb4840c2e8f432d0f240377/cert/vault_source.go
type VaultSource struct {
Addr string
Refresh time.Duration
mu sync.Mutex
token string // actual token
vaultToken string // VAULT_TOKEN env var. Might be wrapped.
}
func (s *VaultSource) client() (*api.Client, error) {
conf := api.DefaultConfig()
if err := conf.ReadEnvironment(); err != nil {
return nil, err
}
if s.Addr != "" {
conf.Address = s.Addr
}
c, err := api.NewClient(conf)
if err != nil {
return nil, err
}
c.SetToken(s.vaultToken)
return c, nil
}
func NewVaultSource() (*api.Client, error) {
v := &VaultSource{
Addr: vaultServer,
vaultToken: os.Getenv("VAULT_TOKEN"),
}
return v.client()
}
func getVault(path string) (string, error) {
v, err := NewVaultSource()
if err != nil {
return "", err
}
lc := v.Logical()
s, err := lc.Read(path)
if err != nil {
return "", fmt.Errorf("error reading secret from Vault: %v: %v", path, err)
}
if s == nil {
return "", fmt.Errorf("secret not found")
}
if _, ok := s.Data["value"]; !ok {
return "", fmt.Errorf("secret missing 'value' key")
}
return s.Data["value"].(string), nil
}