gcpvault provides a function for securely retrieving secrets from HashiCorp Vault while running on the Google Cloud Platform or in your local development environment.
To use this library, users must follow the Vault instructions for enabling GCP authentication: https://www.vaultproject.io/docs/auth/gcp.html.
Under the hood, when deployed to Google Cloud this tool will use the default application credentials to login to Vault and retrieve the specified secrets.
Since the login to Vault can be a heavy and relatively slow operation, we recommend users of the legacy Google App Engine Standard Environment (Go <=1.9) call this library during start up requests for manual scaling systems or in warm up requests for users of automatic scaling to prevent exposing public traffic to such latencies.
For local development, users should use a Github personal access tokens or some similar method to login to Vault before injecting their Vault login token into the local environment.
For mocking out the services required for interacting with Vault, a gcpvaulttest package has been included to provide httptest.Servers for each dependency.
Check out the examples directory for examples on how to use this package.