README
¶
Teamvault Utils
A Go library and CLI tools for interacting with TeamVault secret management system. Provides type-safe access to passwords, usernames, URLs, and files stored in TeamVault, with support for template parsing and configuration generation.
Features
- Type-Safe API: Strongly typed interfaces for accessing TeamVault secrets
- Multiple Connectors: Remote, cache, disk fallback, and dummy connectors
- Template Parsing: Parse configuration templates with TeamVault placeholders
- Config Generation: Generate configuration files from templates
- CLI Tools: Command-line utilities for quick secret access
- Dependency Injection: Clean architecture with testable components
Installation
go get github.com/bborbe/teamvault-utils/v4
Quick Start
package main
import (
"context"
"fmt"
"net/http"
teamvault "github.com/bborbe/teamvault-utils/v4"
libtime "github.com/bborbe/time"
)
func main() {
ctx := context.Background()
// Create a connector
connector := teamvault.NewRemoteConnector(
http.DefaultClient,
teamvault.Url("https://teamvault.example.com"),
teamvault.User("my-user"),
teamvault.Password("my-pass"),
libtime.NewCurrentDateTime(),
)
// Retrieve a password
password, err := connector.Password(ctx, teamvault.Key("vLVLbm"))
if err != nil {
panic(err)
}
fmt.Printf("Password: %s\n", password)
}
Library Usage
Using the Connector Interface
The Connector interface provides access to TeamVault secrets:
import (
"context"
"net/http"
teamvault "github.com/bborbe/teamvault-utils/v4"
libtime "github.com/bborbe/time"
)
func example() {
ctx := context.Background()
connector := teamvault.NewRemoteConnector(
http.DefaultClient,
teamvault.Url("https://teamvault.example.com"),
teamvault.User("my-user"),
teamvault.Password("my-pass"),
libtime.NewCurrentDateTime(),
)
// Get password
password, err := connector.Password(ctx, teamvault.Key("abc123"))
if err != nil {
// handle error
}
// Get username
user, err := connector.User(ctx, teamvault.Key("abc123"))
if err != nil {
// handle error
}
// Get URL
url, err := connector.Url(ctx, teamvault.Key("abc123"))
if err != nil {
// handle error
}
// Get file
file, err := connector.File(ctx, teamvault.Key("abc123"))
if err != nil {
// handle error
}
// Search for secrets
keys, err := connector.Search(ctx, "database")
if err != nil {
// handle error
}
}
Template Parsing with ConfigParser
Parse configuration templates containing TeamVault placeholders:
import (
"context"
teamvault "github.com/bborbe/teamvault-utils/v4"
)
func parseConfig(connector teamvault.Connector) {
ctx := context.Background()
parser := teamvault.NewConfigParser(connector)
template := []byte(`
database:
username: {{ "vLVLbm" | teamvaultUser }}
password: {{ "vLVLbm" | teamvaultPassword }}
url: {{ "vLVLbm" | teamvaultUrl }}
`)
result, err := parser.Parse(ctx, template)
if err != nil {
// handle error
}
// result now contains resolved values
}
Using Different Connector Types
Cache Connector (for performance):
connector := teamvault.NewCacheConnector(
teamvault.NewRemoteConnector(
http.DefaultClient,
teamvault.Url("https://teamvault.example.com"),
teamvault.User("my-user"),
teamvault.Password("my-pass"),
libtime.NewCurrentDateTime(),
),
)
Disk Fallback Connector (for reliability):
connector := teamvault.NewDiskFallbackConnector(
teamvault.NewRemoteConnector(
http.DefaultClient,
teamvault.Url("https://teamvault.example.com"),
teamvault.User("my-user"),
teamvault.Password("my-pass"),
libtime.NewCurrentDateTime(),
),
)
Dummy Connector (for testing):
connector := teamvault.NewDummyConnector()
Creating Connectors with Factory
Use the factory package for simplified connector creation:
import (
"context"
"net/http"
teamvault "github.com/bborbe/teamvault-utils/v4"
"github.com/bborbe/teamvault-utils/v4/factory"
libtime "github.com/bborbe/time"
)
func createConnector() (teamvault.Connector, error) {
ctx := context.Background()
httpClient, err := factory.CreateHttpClient(ctx)
if err != nil {
return nil, err
}
connector, err := factory.CreateConnectorWithConfig(
ctx,
httpClient,
teamvault.TeamvaultConfigPath("~/.teamvault.json"),
teamvault.Url(""),
teamvault.User(""),
teamvault.Password(""),
teamvault.Staging(false),
true, // enable cache
libtime.NewCurrentDateTime(),
)
if err != nil {
return nil, err
}
return connector, nil
}
API Documentation
For complete API documentation, visit pkg.go.dev.
CLI Tools
The library includes several command-line tools for quick secret access.
Teamvault Get Password
Install:
go get github.com/bborbe/teamvault-utils/v4/cmd/teamvault-password
Run:
teamvault-password \
--teamvault-config ~/.teamvault.json \
--teamvault-key vLVLbm
Teamvault Get Username
Install:
go get github.com/bborbe/teamvault-utils/v4/cmd/teamvault-username
Run:
teamvault-username \
--teamvault-config ~/.teamvault.json \
--teamvault-key vLVLbm
Teamvault Get URL
Install:
go get github.com/bborbe/teamvault-utils/v4/cmd/teamvault-url
Run:
teamvault-url \
--teamvault-config ~/.teamvault.json \
--teamvault-key vLVLbm
Parse Config with Teamvault Secrets
Install:
go get github.com/bborbe/teamvault-utils/v4/cmd/teamvault-config-parser
Sample config template:
foo=bar
username={{ "vLVLbm" | teamvaultUser }}
password={{ "vLVLbm" | teamvaultPassword }}
url={{ "vLVLbm" | teamvaultUrl }}
Run:
cat my.config | teamvault-config-parser \
--teamvault-config ~/.teamvault.json \
--logtostderr \
-v=2
Generate Config Directory from Templates
Install:
go get github.com/bborbe/teamvault-utils/v4/cmd/teamvault-config-dir-generator
TeamVault config file (~/.teamvault.json):
{
"url": "https://teamvault.example.com",
"user": "my-user",
"pass": "my-pass"
}
Run:
teamvault-config-dir-generator \
--teamvault-config ~/.teamvault.json \
--source-dir templates \
--target-dir results \
--logtostderr \
-v=2
Development
Running Tests
make test
Code Generation (Mocks)
make generate
Full Development Workflow
make precommit # Format, test, lint, and check
Full Example
Here's a complete, runnable example demonstrating real-world usage patterns combining multiple features:
package main
import (
"context"
"fmt"
"net/http"
"os"
teamvault "github.com/bborbe/teamvault-utils/v4"
libtime "github.com/bborbe/time"
)
func main() {
ctx := context.Background()
// Create a cached connector for better performance
// The cache connector wraps the remote connector and caches responses
connector := teamvault.NewCacheConnector(
teamvault.NewRemoteConnector(
http.DefaultClient,
teamvault.Url("https://teamvault.example.com"),
teamvault.User("my-user"),
teamvault.Password("my-pass"),
libtime.NewCurrentDateTime(),
),
)
// Example 1: Retrieve individual secrets
password, err := connector.Password(ctx, teamvault.Key("vLVLbm"))
if err != nil {
fmt.Fprintf(os.Stderr, "Error getting password: %v\n", err)
os.Exit(1)
}
fmt.Printf("Retrieved password (length: %d)\n", len(password.String()))
user, err := connector.User(ctx, teamvault.Key("vLVLbm"))
if err != nil {
fmt.Fprintf(os.Stderr, "Error getting user: %v\n", err)
os.Exit(1)
}
fmt.Printf("Retrieved user: %s\n", user.String())
// Example 2: Parse a configuration template
parser := teamvault.NewConfigParser(connector)
configTemplate := []byte(`
# Database Configuration
database:
host: {{ "vLVLbm" | teamvaultUrl }}
username: {{ "vLVLbm" | teamvaultUser }}
password: {{ "vLVLbm" | teamvaultPassword }}
# Application Settings
app:
environment: {{ "production" | env }}
debug: false
`)
result, err := parser.Parse(ctx, configTemplate)
if err != nil {
fmt.Fprintf(os.Stderr, "Error parsing config: %v\n", err)
os.Exit(1)
}
fmt.Println("\nGenerated Configuration:")
fmt.Println(string(result))
// Example 3: Generate configuration files from templates
generator := teamvault.NewConfigGenerator(parser)
err = generator.Generate(
ctx,
teamvault.SourceDirectory("./templates"),
teamvault.TargetDirectory("./config"),
)
if err != nil {
fmt.Fprintf(os.Stderr, "Error generating configs: %v\n", err)
os.Exit(1)
}
fmt.Println("\nConfiguration files generated successfully!")
}
This example demonstrates:
- Creating a cached connector for performance optimization
- Retrieving individual secrets (password, user)
- Parsing configuration templates with TeamVault placeholders
- Generating multiple configuration files from a template directory
Testing
Testing code that uses this library is straightforward using the mock connector or dummy connector:
import (
"context"
"testing"
teamvault "github.com/bborbe/teamvault-utils/v4"
"github.com/bborbe/teamvault-utils/v4/mocks"
)
func TestYourCode(t *testing.T) {
ctx := context.Background()
// Use mock connector for testing
mockConnector := &mocks.Connector{}
mockConnector.PasswordReturns(teamvault.Password("test-password"), nil)
// Test your code with the mock
result, err := mockConnector.Password(ctx, teamvault.Key("test-key"))
if err != nil {
t.Fatal(err)
}
if result != "test-password" {
t.Errorf("expected test-password, got %s", result)
}
}
func TestWithDummyConnector(t *testing.T) {
// Or use dummy connector for simple tests
connector := teamvault.NewDummyConnector()
// Test your code with dummy connector
}
License
This project is licensed under the BSD-style license. See the LICENSE file for details.
Documentation
¶
Overview ¶
Package teamvault provides utilities for accessing and managing TeamVault secrets.
TeamVault is a secret management system, and this package offers Go clients for retrieving passwords, users, URLs, and files from TeamVault instances. It includes various connector implementations for different use cases including remote access, caching, disk fallback, and testing.
The package also provides configuration parsing and generation capabilities to replace TeamVault placeholders in configuration templates with actual secret values.
Index ¶
- func NormalizePath(path string) (string, error)
- type ApiUrl
- type Config
- type ConfigGenerator
- type ConfigParser
- type Connector
- type CurrentRevision
- type File
- type HtpasswdGenerator
- type Key
- type Password
- type SourceDirectory
- type Staging
- type TargetDirectory
- type TeamvaultConfigPath
- type Url
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NormalizePath ¶ added in v4.6.1
NormalizePath converts a path to an absolute path, expanding ~ to the home directory.
Types ¶
type ApiUrl ¶
type ApiUrl string
ApiUrl represents a TeamVault API URL.
type Config ¶
type Config struct {
Url Url `json:"url"`
User User `json:"user"`
Password Password `json:"pass"`
CacheEnabled bool `json:"cacheEnabled,omitempty"`
}
Config holds the configuration for connecting to a TeamVault instance.
func ParseTeamvaultConfig ¶
ParseTeamvaultConfig parses a TeamVault configuration from JSON content.
type ConfigGenerator ¶
type ConfigGenerator interface {
Generate(
ctx context.Context,
sourceDirectory SourceDirectory,
targetDirectory TargetDirectory,
) error
}
ConfigGenerator generates configuration files by parsing templates and replacing TeamVault placeholders.
func NewConfigGenerator ¶
func NewConfigGenerator(configParser ConfigParser) ConfigGenerator
NewConfigGenerator creates a new ConfigGenerator with the given ConfigParser.
type ConfigParser ¶
ConfigParser parses configuration templates and replaces TeamVault placeholders with actual values.
func NewConfigParser ¶
func NewConfigParser( teamvaultConnector Connector, ) ConfigParser
NewConfigParser creates a new ConfigParser with the given TeamVault Connector.
type Connector ¶
type Connector interface {
Password(ctx context.Context, key Key) (Password, error)
User(ctx context.Context, key Key) (User, error)
Url(ctx context.Context, key Key) (Url, error)
File(ctx context.Context, key Key) (File, error)
Search(ctx context.Context, name string) ([]Key, error)
}
Connector provides access to TeamVault secrets including passwords, users, URLs, and files.
func NewCacheConnector ¶
NewCacheConnector creates a new Connector that caches responses from the underlying connector.
func NewDiskFallbackConnector ¶
NewDiskFallbackConnector creates a new Connector that uses disk cache as fallback when the underlying connector fails.
func NewDummyConnector ¶
func NewDummyConnector() Connector
NewDummyConnector creates a new Connector that returns deterministic dummy values for testing.
func NewRemoteConnector ¶
func NewRemoteConnector( httpClient *http.Client, url Url, user User, pass Password, currentDateTime time.CurrentDateTime, ) Connector
NewRemoteConnector creates a new Connector that connects to a remote TeamVault instance.
type CurrentRevision ¶
type CurrentRevision string
CurrentRevision represents the current revision identifier of a TeamVault secret.
func (CurrentRevision) String ¶
func (t CurrentRevision) String() string
String returns the string representation of the CurrentRevision.
type File ¶
type File string
File represents a base64-encoded file stored in TeamVault.
type HtpasswdGenerator ¶
HtpasswdGenerator generates htpasswd formatted credentials from TeamVault secrets.
func NewHtpasswdGenerator ¶
func NewHtpasswdGenerator(connector Connector) HtpasswdGenerator
NewHtpasswdGenerator creates a new HtpasswdGenerator with the given Connector.
type Key ¶
type Key string
Key represents a TeamVault secret identifier.
type Password ¶
type Password string
Password represents a TeamVault password.
func (*Password) UnmarshalJSON ¶ added in v4.7.5
UnmarshalJSON implements json.Unmarshaler to handle both string and number types.
type SourceDirectory ¶
type SourceDirectory string
SourceDirectory represents the source directory path for configuration generation.
func (SourceDirectory) String ¶
func (s SourceDirectory) String() string
String returns the string representation of the SourceDirectory.
type Staging ¶
type Staging bool
Staging indicates whether the TeamVault instance is a staging environment.
type TargetDirectory ¶
type TargetDirectory string
TargetDirectory represents the target directory path for configuration generation.
func (TargetDirectory) String ¶
func (t TargetDirectory) String() string
String returns the string representation of the TargetDirectory.
type TeamvaultConfigPath ¶
type TeamvaultConfigPath string
TeamvaultConfigPath represents a path to a TeamVault configuration file.
func (TeamvaultConfigPath) Exists ¶
func (t TeamvaultConfigPath) Exists() bool
Exists checks if the TeamvaultConfigPath points to an existing non-empty file.
func (TeamvaultConfigPath) NormalizePath ¶
func (t TeamvaultConfigPath) NormalizePath() (TeamvaultConfigPath, error)
NormalizePath converts the TeamvaultConfigPath to an absolute path.
func (TeamvaultConfigPath) Parse ¶
func (t TeamvaultConfigPath) Parse() (*Config, error)
Parse reads and parses the TeamVault configuration from the file.
func (TeamvaultConfigPath) String ¶
func (t TeamvaultConfigPath) String() string
String returns the string representation of the TeamvaultConfigPath.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
teamvault-config-dir-generator
command
|
|
|
teamvault-config-parser
command
|
|
|
teamvault-file
command
|
|
|
teamvault-password
command
|
|
|
teamvault-url
command
|
|
|
teamvault-username
command
|
|
|
Package factory provides factory functions for creating TeamVault connectors and HTTP clients.
|
Package factory provides factory functions for creating TeamVault connectors and HTTP clients. |
|
Code generated by counterfeiter.
|
Code generated by counterfeiter. |