Vault

The vault integration provides an opinionated way to interact with Vault as secret manager for helix services.

Trace attributes

The vault integration sets the following trace attributes:

  • vault.server.address
  • vault.agent.address
  • vault.namespace
  • span.kind

When applicable, these attributes can be set as well:

  • vault.kv.mountpath
  • vault.kv.secretpath

Example:

vault.server.address: "http://localhost:8200"
vault.agent.address: ""
vault.namespace: "custom"
vault.kv.mountpath: "/secrets"
vault.kv.secretpath: "my_secret"
span.kind: "internal"

Usage

The integration uses the official Go library maintained by the HashiCorp team.

Install the Go module with:

$ go get go.nunchi.studio/helix/integration/vault

Simple example on how to import, configure, and use the integration:

import (
  "context"

  "go.nunchi.studio/helix/integration/vault"
  "go.nunchi.studio/helix/service"
)

func main() {
  cfg := vault.Config{
    Address:   "http://127.0.0.1:8200",
    Namespace: "custom",
    Token:     "my_token",
  }

  client, err := vault.Connect(cfg)
  if err != nil {
    return err
  }

  ctx := context.Background()
  kv := client.KeyValue(ctx, "/mountpath")
  secret, err := kv.Get(ctx, "secretpath")
  if err != nil {
    // ...
  }

  fmt.Println("Secret:", secret.data)

  if err := service.Start(); err != nil {
    panic(err)
  }

  if err := service.Close(); err != nil {
    panic(err)
  }
}

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the repository. Once we merge it, the changes will be reflected on the website the next time it is deployed. Thank you for your contributions!
Built by
Nunchi