The package that transparently resolve secret references for secret managers (e.g., Google Secret Manager, Hashicorp Vault) in environment variables.
The idea comes from Berglas.
go-secretresolver
is general-purpose resolver package unlike Berglas.
It means go-secretresolver
works well with any secret manager.
package main
import (
"fmt"
"os"
"github.com/micnncim/go-secretresolver"
secretmanager "cloud.google.com/go/secretmanager/apiv1"
secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
)
type GoogleSecretManager struct {
client *secretmanager.Client
}
func (m *GoogleSecretManager) GetSecretValue(ctx context.Context, name string) (string, error) {
result, _ := m.client.AccessSecretVersion(ctx, &secretmanagerpb.AccessSecretVersionRequest{
Name: name,
})
return string(result.Payload.Data), nil
}
func main() {
// Before getting started, create a secret in some secret manager.
// $ echo "VALUE" | gcloud secrets create my-secret --data-file=- --project=my-project
ctx := context.Background()
client, _ := secretmanager.NewClient(ctx)
sm := &GoogleSecretManager{
client: client,
}
os.Setenv("KEY", "secret://projects/my-project/secrets/my-secret/versions/latest")
secretresolver.Resolve(ctx, sm.GetSecretValue)
fmt.Println(os.Getenv("KEY")) // => "VALUE"
}