49 lines
1.2 KiB
Go
49 lines
1.2 KiB
Go
// Package vault provides functions to retrieve info from Hashicorp Vault
|
|
package vault
|
|
|
|
import (
|
|
"context"
|
|
"log"
|
|
"os"
|
|
|
|
vault "github.com/hashicorp/vault/api"
|
|
auth "github.com/hashicorp/vault/api/auth/approle"
|
|
)
|
|
|
|
// InitVaultConnection builds a client connection to vault and return it.
|
|
// It uses the AppRole authentication method.
|
|
// APPROLE_ROLEID and APPROLE_SECRETID are fed from environment variables.
|
|
func InitVaultConnection() *vault.Client {
|
|
config := vault.DefaultConfig()
|
|
client, err := vault.NewClient(config)
|
|
if err != nil {
|
|
log.Fatal("unable to initialize Vault client: %w", err)
|
|
return client
|
|
}
|
|
roleID := os.Getenv("APPROLE_ROLEID")
|
|
if roleID == "" {
|
|
log.Fatal("no role ID was provided in APPROLE_ROLEID env var")
|
|
return client
|
|
}
|
|
secretID := &auth.SecretID{FromEnv: "APPROLE_SECRETID"}
|
|
|
|
appRoleAuth, err := auth.NewAppRoleAuth(
|
|
roleID,
|
|
secretID,
|
|
)
|
|
if err != nil {
|
|
log.Fatal("unable to initialize AppRole auth method: %w", err)
|
|
return client
|
|
}
|
|
authInfo, err := client.Auth().Login(context.Background(), appRoleAuth)
|
|
if err != nil {
|
|
log.Fatal("unable to login to AppRole auth method: %w", err)
|
|
return client
|
|
}
|
|
if authInfo == nil {
|
|
log.Fatal("no auth info returned after login")
|
|
return client
|
|
}
|
|
return client
|
|
}
|