Vault Client is designed to be a dead simple client library for Vault consumer applications. The purpose is to implement a robust Vault client that makes it easy for developers to instrument HashiCorp Vault into applications.
All implementations of Vault Client will use a common API. After configuring
Vault authentication, the developer simply needs to replace the location of a
needed secret in their code with the appropriate read
method. The Vault
Client object will handle authentication renewal and secret / lease renewal.
Java
String dbUser;
String dbPass;
VaultClient vault = new VaultClient();
vault.setAuthMethod("gcp");
vault.setAuthRole("app_name");
vault.setVaultAddr("https://myvault.company.org");
dbUser = vault.read("database/creds/my-role", "username");
dbPass = vault.read("database/creds/my-role", "password");
Python
vault = VaultClient(
vault_addr="https://myvault.company.org",
auth_method="gcp",
auth_role="app_name",
)
db_user = vault.read("database/creds/my-role", "username")
db_pass = vault.read("database/creds/my-role", "password")
Java | Python | C#/.NET | |
---|---|---|---|
Language Support | ❌ | ||
Auth Renewal (Async) | 🚧 | 🚧 | ❌ |
Generic Read | ✅ | ✅ | ❌ |
KV Read | ✅ | ✅ | ❌ |
Lease Renewal (Async) | ✅ | ✅ | ❌ |
JWT Auth | ✅ | ✅ | ❌ |
GCP Auth (GCE) | ✅ | ✅ | ❌ |
Azure Auth | 🚧 | ❌ | ❌ |
AppRole Auth | ❌ | ❌ | ❌ |
TLS Auth | ❌ | ❌ | ❌ |
✅ - Implemented
❌ - Not implemented
🚧 - Under construction