feat: STACKIT Secrets Manager Action
Some checks failed
Release Secrets Manager Action / build (push) Has been cancelled
Some checks failed
Release Secrets Manager Action / build (push) Has been cancelled
This commit is contained in:
Timo Bergen
commit
cc0c27a4e9
9 changed files with 401 additions and 0 deletions
41
secretsmanager/client.go
Normal file
41
secretsmanager/client.go
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
package secretsmanager
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"secretsmanager/config"
|
||||
|
||||
"github.com/hashicorp/vault-client-go"
|
||||
"github.com/hashicorp/vault-client-go/schema"
|
||||
)
|
||||
|
||||
type SecretsManager struct {
|
||||
Ctx context.Context
|
||||
Client *vault.Client
|
||||
}
|
||||
|
||||
func InitializeClient(
|
||||
cfg config.Config,
|
||||
) SecretsManager {
|
||||
|
||||
s := SecretsManager{}
|
||||
s.Ctx = context.Background()
|
||||
s.Client, _ = vault.New(
|
||||
vault.WithAddress(cfg.VaultAddr),
|
||||
vault.WithRequestTimeout(30*time.Second),
|
||||
vault.WithTLS(vault.TLSConfiguration{
|
||||
InsecureSkipVerify: false,
|
||||
}),
|
||||
)
|
||||
|
||||
config.InfoLog("Attempting to login with user %s", cfg.VaultUsername)
|
||||
loginResp, err := s.Client.Auth.UserpassLogin(s.Ctx, cfg.VaultUsername, schema.UserpassLoginRequest{Password: cfg.VaultPassword})
|
||||
if err != nil {
|
||||
config.FatalLog("Vault login request failed: %s", err)
|
||||
}
|
||||
config.InfoLog("Login successful. Token received.")
|
||||
s.Client.SetToken(loginResp.Auth.ClientToken)
|
||||
|
||||
return s
|
||||
}
|
||||
37
secretsmanager/secrets.go
Normal file
37
secretsmanager/secrets.go
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
package secretsmanager
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"secretsmanager/config"
|
||||
"log"
|
||||
|
||||
"github.com/hashicorp/vault-client-go"
|
||||
)
|
||||
|
||||
func GetSecrets(
|
||||
s *SecretsManager,
|
||||
cfg config.Config,
|
||||
) ([]string, error) {
|
||||
|
||||
config.InfoLog("Attempting to read secret from mount '%s' at path '%s'", cfg.VaultSecretsManagerID, cfg.VaultPath)
|
||||
secret, err := s.Client.Secrets.KvV2Read(s.Ctx, cfg.VaultPath, vault.WithMountPath(cfg.VaultSecretsManagerID))
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to read secret from vault: %v", err)
|
||||
return nil, fmt.Errorf("failed to read secret from vault: %w", err)
|
||||
}
|
||||
|
||||
if secret == nil || secret.Data.Data == nil {
|
||||
log.Fatal("No data found at the specified secret path.")
|
||||
return []string{}, nil
|
||||
}
|
||||
|
||||
var secretsAsKeyValue []string
|
||||
|
||||
for key, value := range secret.Data.Data {
|
||||
secretsAsKeyValue = append(secretsAsKeyValue, fmt.Sprintf("%s=%v", key, value))
|
||||
}
|
||||
|
||||
config.InfoLog("Successfully retrieved and formatted %d secrets.", len(secretsAsKeyValue))
|
||||
|
||||
return secretsAsKeyValue, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue