vault

package

v0.0.0-...-0b8e112 Latest Latest Go to latest Published: Mar 2, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/altessa-s/go-atlas

Links

Open Source Insights

README ¶

vault

import "github.com/altessa-s/go-atlas/security/vault"

Package vault provides a high-level HashiCorp Vault client with pluggable authentication and automatic token renewal. Wraps the official Vault API client with support for AppRole, Token, and UserPass auth.

Functions

Function / Method	Description
`New`	Create Vault client with auth method
`DefaultConfig`	Default Vault configuration
`RunRenewal`	Start background token renewal
`StopRenewal`	Stop renewal goroutine
`Client`	Access underlying `*api.Client`
`CheckConnection`	Health check
`WaitFirstRenew`	Block until first token is obtained

Subpackages

Package	Description
auth	Authentication methods and lifecycle manager
factory	Config-based Vault client creation

Documentation ¶

Overview ¶

Package vault provides high-level HashiCorp Vault client with pluggable authentication and automatic token renewal. Wraps official Vault API client with support for AppRole, Token, and UserPass authentication methods.

Example:

client, _ := vault.New(
	vault.WithAuthMethod(approle.New("role-id", "secret-id")),
	vault.WithLogger(slog.Default()),
)
client.RunRenewal()
defer client.StopRenewal()

Index ¶

Constants
Variables
type Option
type Vault
- func New(ctx context.Context, opts ...Option) (*Vault, error)

Constants ¶

View Source

const DefaultInitialAuthTimeout = 10 * time.Second

DefaultInitialAuthTimeout is the default timeout for initial authentication.

Variables ¶

View Source

var (
	ErrTimeout = errors.New("timeout waiting for Vault token via auth method")
)

ErrTimeout is returned when waiting for a Vault token times out during authentication.

Functions ¶

This section is empty.

Types ¶

type Option ¶

type Option func(o *options)

Option is a functional option for configuring options.

func WithAuthMethod ¶

func WithAuthMethod(v auth.Method) Option

WithAuthMethod sets the authMethod option.

func WithAuthTimeout ¶

func WithAuthTimeout(v time.Duration) Option

WithAuthTimeout sets the authTimeout option.

func WithHealthCoordinator ¶

func WithHealthCoordinator(v *health.Coordinator) Option

WithHealthCoordinator sets the healthCoordinator option.

func WithLogger ¶

func WithLogger(v *slog.Logger) Option

WithLogger sets the logger option.

func WithTlsConfig ¶

func WithTlsConfig(v *tls.Config) Option

WithTlsConfig sets the tlsConfig option.

func WithVaultClient ¶

func WithVaultClient(v *vaultApi.Client) Option

WithVaultClient sets the vaultClient option.

type Vault ¶

type Vault struct {
	// contains filtered or unexported fields
}

Vault is a high-level client for interacting with HashiCorp Vault. It manages authentication, token renewal, and provides access to the underlying Vault API client. Use New to create a new instance.

func New ¶

func New(ctx context.Context, opts ...Option) (*Vault, error)

New creates a new Vault client with the provided options. Options can configure the underlying API client, TLS, authentication method, and logging.

Example:

client, err := vault.New(ctx,
	vault.WithAuthMethod(approle.New("role-id", "secret-id")),
	vault.WithLogger(slog.Default()),
)

func (*Vault) CheckHealth ¶

func (v *Vault) CheckHealth(ctx context.Context) health.ServingStatus

CheckHealth implements health.Checker.

func (*Vault) RawClient ¶

func (v *Vault) RawClient() *vaultApi.Client

RawClient returns the underlying HashiCorp Vault API client for advanced operations.

Example:

raw := client.RawClient()
secret, _ := raw.Logical().Read("secret/data/myapp")

func (*Vault) RunRenewal ¶

func (v *Vault) RunRenewal() (err error)

RunRenewal starts the authentication token renewal process in a background goroutine. It blocks until the first token is obtained or an error/timeout occurs. Returns an error if authentication fails or times out.

Example:

if err := client.RunRenewal(); err != nil {
	log.Fatal(err)
}
defer client.StopRenewal()

func (*Vault) RunRenewalWithContext ¶

func (v *Vault) RunRenewalWithContext(ctx context.Context) (err error)

RunRenewalWithContext starts the authentication token renewal process in a background goroutine. It blocks until the first token is obtained or an error/timeout occurs.

func (*Vault) StopRenewal ¶

func (v *Vault) StopRenewal() error

StopRenewal cancels the background token renewal process, if running.

Example:

defer client.StopRenewal()

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
auth Package auth provides pluggable authentication methods for HashiCorp Vault with automatic token renewal and lifecycle management.	Package auth provides pluggable authentication methods for HashiCorp Vault with automatic token renewal and lifecycle management.
approle Package approle provides AppRole authentication for HashiCorp Vault.	Package approle provides AppRole authentication for HashiCorp Vault.
token Package token provides direct token-based authentication for HashiCorp Vault.	Package token provides direct token-based authentication for HashiCorp Vault.
userpass Package userpass provides username/password authentication for HashiCorp Vault.	Package userpass provides username/password authentication for HashiCorp Vault.
factory Package factory provides configuration-based creation of Vault clients.	Package factory provides configuration-based creation of Vault clients.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL