package vault import ( "fmt" "strings" "github.com/hashicorp/vault/api" ) // NewClient returns a new vault client. func NewClient(address, token string) (*Client, error) { config := &api.Config{ Address: address, } client, err := api.NewClient(config) if err != nil { return nil, err } client.SetToken(token) return &Client{ vault: client, }, nil } func parseName(name string) (path, key string) { name = strings.TrimPrefix(name, "/vault/") i := strings.LastIndex(name, "/") if i < 0 { return name, "" } return name[:i], name[i+1:] } // Client is a simple client for vault. type Client struct { vault *api.Client } // Read returns a secret for a given path and key of the form `/vault/secret/path/key`. // If the requested key cannot be read the original string is returned along with an error. func (c *Client) Read(value string) (string, error) { p, k := parseName(value) data, err := c.vault.Logical().Read(p) if err != nil { return value, err } if data == nil { return value, fmt.Errorf("no such key %s", k) } secret, ok := data.Data[k] if !ok { return value, fmt.Errorf("no such key %s", k) } return secret.(string), nil }