1 files changed, 55 insertions, 0 deletions

diff --git a/server/helpers/vault/vault.go b/server/helpers/vault/vault.go
new file mode 100644
index 0000000..bec18b9
--- /dev/null
+++ b/server/helpers/vault/vault.go
@@ -0,0 +1,55 @@
+package vault
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/vault/api"
+)
+
+// NewClient returns a new vault client.
+func NewClient(address, token string) (*Client, error) {
+	config := &api.Config{
+		Address: address,
+	}
+	client, err := api.NewClient(config)
+	if err != nil {
+		return nil, err
+	}
+	client.SetToken(token)
+	return &Client{
+		vault: client,
+	}, nil
+}
+
+func parseName(name string) (path, key string) {
+	name = strings.TrimPrefix(name, "/vault/")
+	i := strings.LastIndex(name, "/")
+	if i < 0 {
+		return name, ""
+	}
+	return name[:i], name[i+1:]
+}
+
+// Client is a simple client for vault.
+type Client struct {
+	vault *api.Client
+}
+
+// Read returns a secret for a given path and key of the form `/vault/secret/path/key`.
+// If the requested key cannot be read the original string is returned along with an error.
+func (c *Client) Read(value string) (string, error) {
+	p, k := parseName(value)
+	data, err := c.vault.Logical().Read(p)
+	if err != nil {
+		return value, err
+	}
+	if data == nil {
+		return value, fmt.Errorf("no such key %s", k)
+	}
+	secret, ok := data.Data[k]
+	if !ok {
+		return value, fmt.Errorf("no such key %s", k)
+	}
+	return secret.(string), nil
+}