Giters

nicolascb / vault-aws-provider

A AWS credentials provider using the Vault

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

aws-credentialsgogolangvaultaws-credentials-providerhashicorphashicorp-vault

vault-aws-provider GoDoc

vault-aws-provider is an implementation for AWS Credentials Provider using Vault to fetch credentials.

Features

  • Custom auth methods via vault.AuthMethod
  • Callback on retrieve
  • Token authentication
  • Renew token when retrieving credentials

Usage

import (
	...
	awscfg "github.com/aws/aws-sdk-go-v2/config"
	vaultp "github.com/nicolascb/vault-aws-provider"
)

...
endpoint := "aws/sts/my-secret"
token := "my_vault_auth_token"
provider, err := vaultp.NewProvider(context.TODO(), endpoint, vaultp.WithVaultToken(token))
...

// can now use when initializing config
c, err := awscfg.LoadDefaultConfig(context.TODO(), awscfg.WithCredentialsProvider(provider))
...

Custom auth methods

You can use any authentication method that implements vault.AuthMethod , such as the methods provided by the vault sdk.

Authentication example with Kubernetes:

import (
	...
	awscfg "github.com/aws/aws-sdk-go-v2/config"
	vaultp "github.com/nicolascb/vault-aws-provider"
	auth "github.com/hashicorp/vault/api/auth/kubernetes"
)

func main() {
	endpoint := "aws/sts/my-secret"
	kubeAuth, err := auth.NewKubernetesAuth(
		role,
		auth.WithServiceAccountTokenPath(tokenPath),
	)

	// initialize provider
	provider, err := vaultp.NewProvider(
		context.TODO(),
		endpoint,
		vaultp.WithAuthMethod(kubeAuth),
		// for renew on retrieve
		vaultp.WithAuthBeforeRetrieve())

	// can now use when initializing config
	c, err := awscfg.LoadDefaultConfig(context.TODO(), awscfg.WithCredentialsProvider(provider))

License

Released under the Apache License 2.0.

About

A AWS credentials provider using the Vault

aws-credentialsgogolangvaultaws-credentials-providerhashicorphashicorp-vault

License:Apache License 2.0

Languages

Language:Go 100.0%