Key Management in Golang: Using Vault to Store and Access Passwords

Key management in Golang: Use Vault to store and access passwords

Introduction:
In daily development, we often need to use passwords and sensitive information to connect to databases, access APIs, etc. However, hardcoding these passwords and sensitive information directly into the code is not a secure practice. To better protect this sensitive information, we can use Vault as a key management tool. This article will introduce how to use Vault in Golang to securely store and access passwords.

What is Vault?
Vault is a powerful tool developed by HashiCorp. It provides a secure way to manage sensitive information such as passwords, API keys, etc. Vault uses encrypted storage and access policies to protect this sensitive information, ensuring that only authorized users can access it.

Using Vault in Golang:
First, we need to install Vault locally and start the Vault server. Vault installation and startup documentation can be obtained from the official website https://www.vaultproject.io/.

Once the Vault server is started, we can use VaultClient in the Golang application to obtain and store passwords.

First, we need to add the following dependencies to our Golang project:

import (
    "github.com/hashicorp/vault/api"
)

Next, we need to set up the address and authentication information of the Vault server:

client, err := api.NewClient(&api.Config{
    Address: "http://localhost:8200", // 设置Vault服务器的地址
})

if err != nil {
    log.Fatal(err)
}

client.SetToken("YOUR_VAULT_TOKEN") // 设置Vault服务器的访问令牌

Now we can use VaultClient to get and store passwords. Here is some sample code:

Get the password from Vault:

func getPassword(path string) (string, error) {
    secret, err := client.Logical().Read("secret/data/" + path) // 从Vault中读取密码
    if err != nil {
        return "", err
    }

    password, ok := secret.Data["password"].(string)
    if !ok {
        return "", fmt.Errorf("Invalid password")
    }

    return password, nil
}

Store the password into Vault:

func storePassword(path, password string) error {
    data := map[string]interface{}{
        "password": password,
    }

    _, err := client.Logical().Write("secret/data/" + path, data) // 将密码存储到Vault中
    if err != nil {
        return err
    }

    return nil
}

As you can see, when getting the password, we need Specify the path to store passwords in Vault. When storing the password, we need to provide the password and storage path.

In addition to passwords, we can also store and obtain other sensitive information, such as API keys, database connection strings, and more.

Summary:
In this article, we learned how to use Vault in Golang applications to store and access passwords. By using Vault, we can manage sensitive information more securely and ensure that only authorized users have access to it. Through the above code examples, we can easily integrate Vault in the Golang project and protect our sensitive information. I hope this article helps you better manage your passwords and sensitive information.

The above is the detailed content of Key Management in Golang: Using Vault to Store and Access Passwords. For more information, please follow other related articles on the PHP Chinese website!