Vault¶
Since testcontainers-go v0.20.0
Introduction¶
The Testcontainers module for Vault. Vault is an open-source tool designed for securely storing, accessing, and managing secrets and sensitive data such as passwords, certificates, API keys, and other confidential information.
Adding this module to your project dependencies¶
Please run the following command to add the Vault module to your Go dependencies:
go get github.com/testcontainers/testcontainers-go/modules/vault
Usage example¶
The RunContainer function is the main entry point to create a new VaultContainer instance. It takes a context and zero or more Option values to configure the container.
vault, err = testcontainervault.RunContainer(ctx, opts...)
Use CLI to read data from Vault container:¶
exec, reader, err := vault.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test1"})
assert.Nil(t, err)
assert.Equal(t, 0, exec)
bytes, err := io.ReadAll(reader)
assert.Nil(t, err)
assert.Equal(t, "bar1", gjson.Get(string(bytes), "data.data.foo1").String())
Use HTTP API to read data from Vault container:¶
// httpHostAddress {
hostAddress, err := vault.HttpHostAddress(ctx)
assert.Nil(t, err)
// }
request, _ := http.NewRequest(http.MethodGet, hostAddress+"/v1/secret/data/test1", nil)
request.Header.Add("X-Vault-Token", token)
response, err := http.DefaultClient.Do(request)
assert.Nil(t, err)
defer response.Body.Close()
body, err := io.ReadAll(response.Body)
assert.Nil(t, err)
assert.Equal(t, "bar1", gjson.Get(string(body), "data.data.foo1").String())
Use client library to read data from Vault container:¶
Add Vault Client module to your Go dependencies:
go get -u github.com/hashicorp/vault-client-go
hostAddress, _ := vault.HttpHostAddress(ctx)
client, err := vaultClient.New(
vaultClient.WithAddress(hostAddress),
vaultClient.WithRequestTimeout(30*time.Second),
)
assert.Nil(t, err)
err = client.SetToken(token)
assert.Nil(t, err)
s, err := client.Secrets.KVv2Read(ctx, "test1")
assert.Nil(t, err)
assert.Equal(t, "bar1", s.Data["data"].(map[string]interface{})["foo1"])
Module Reference¶
The Vault module exposes one entrypoint function to create the containerr, and this function receives two parameters:
func RunContainer(ctx context.Context, opts ...testcontainers.ContainerCustomizer) (*VaultContainer, error)
context.Context, the Go context.testcontainers.ContainerCustomizer, a variadic argument for passing options.
Container Options¶
When starting the Vault container, you can pass options in a variadic way to configure it.
Image¶
If you need to set a different Vault Docker image, you can use testcontainers.WithImage with a valid Docker image
for Vault. E.g. testcontainers.WithImage("hashicorp/vault:1.13.0").
Info
Default image name is hashicorp/vault:1.13.0.
testcontainers.WithImage("hashicorp/vault:1.13.0"),
Wait Strategies¶
If you need to set a different wait strategy for Vault, you can use testcontainers.WithWaitStrategy with a valid wait strategy
for Vault.
Info
The default deadline for the wait strategy is 60 seconds.
At the same time, it's possible to set a wait strategy and a custom deadline with testcontainers.WithWaitStrategyAndDeadline.
Docker type modifiers¶
If you need an advanced configuration for Vault, you can leverage the following Docker type modifiers:
testcontainers.WithConfigModifiertestcontainers.WithHostConfigModifiertestcontainers.WithEndpointSettingsModifier
Please read the Create containers: Advanced Settings documentation for more information.
Token¶
If you need to add token authentication, you can use the WithToken.
testcontainervault.WithToken(token),
Command¶
If you need to run vault command in the container, you can use the WithInitCommand.
testcontainervault.WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"),
testcontainervault.WithInitCommand("kv put secret/test1 foo1=bar1"),
Container Methods¶
HttpHostAddress¶
This method returns the http host address of Vault, in the http://<host>:<port> format.
hostAddress, err := vault.HttpHostAddress(ctx)
assert.Nil(t, err)