Vault¶
Since v0.20.0
Introduction¶
The Testcontainers module for Vault. Vault is an open-source tool designed for securely storing, accessing, and managing secrets and sensitive data such as passwords, certificates, API keys, and other confidential information.
Adding this module to your project dependencies¶
Please run the following command to add the Vault module to your Go dependencies:
go get github.com/testcontainers/testcontainers-go/modules/vault
Usage example¶
The Run function is the main entry point to create a new VaultContainer instance. It takes a context and zero or more Option values to configure the container.
ctx := context.Background()
vaultContainer, err := vault.Run(ctx, "hashicorp/vault:1.13.0", vault.WithToken("MyToKeN"))
defer func() {
if err := testcontainers.TerminateContainer(vaultContainer); err != nil {
log.Printf("failed to terminate container: %s", err)
}
}()
if err != nil {
log.Printf("failed to start container: %s", err)
return
}
Module Reference¶
Run function¶
- Since v0.32.0
Info
The RunContainer(ctx, opts...)
function is deprecated and will be removed in the next major release of Testcontainers for Go.
The Vault module exposes one entrypoint function to create the container, and this function receives three parameters:
func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustomizer) (*VaultContainer, error)
context.Context
, the Go context.string
, the Docker image to use.testcontainers.ContainerCustomizer
, a variadic argument for passing options.
Image¶
Use the second argument in the Run
function to set a valid Docker image.
In example: Run(context.Background(), "hashicorp/vault:1.13.0")
.
Container Options¶
When starting the Vault container, you can pass options in a variadic way to configure it.
WithToken¶
- Since v0.20.0
If you need to add token authentication, you can use the WithToken
.
testcontainervault.WithToken(token),
WithInitCommand¶
- Since v0.20.0
If you need to run a vault command in the container, you can use the WithInitCommand
.
testcontainervault.WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"),
testcontainervault.WithInitCommand("kv put secret/test1 foo1=bar1"),
The following options are exposed by the testcontainers
package.
Basic Options¶
WithExposedPorts
Since v0.37.0WithEnv
Since v0.29.0WithWaitStrategy
Since v0.20.0WithAdditionalWaitStrategy
Since v0.38.0WithWaitStrategyAndDeadline
Since v0.20.0WithAdditionalWaitStrategyAndDeadline
Since v0.38.0WithEntrypoint
Since v0.37.0WithEntrypointArgs
Since v0.37.0WithCmd
Since v0.37.0WithCmdArgs
Since v0.37.0WithLabels
Since v0.37.0
Lifecycle Options¶
WithLifecycleHooks
Since v0.38.0WithAdditionalLifecycleHooks
Since v0.38.0WithStartupCommand
Since v0.25.0WithAfterReadyCommand
Since v0.28.0
Files & Mounts Options¶
WithFiles
Since v0.37.0WithMounts
Since v0.37.0WithTmpfs
Since v0.37.0WithImageMount
Since v0.37.0
Build Options¶
WithDockerfile
Since v0.37.0
Logging Options¶
WithLogConsumers
Since v0.28.0WithLogConsumerConfig
Since v0.38.0WithLogger
Since v0.29.0
Image Options¶
WithAlwaysPull
Since v0.38.0WithImageSubstitutors
Since v0.26.0WithImagePlatform
Since v0.38.0
Networking Options¶
WithNetwork
Since v0.27.0WithNetworkByName
Since v0.38.0WithBridgeNetwork
Since v0.38.0WithNewNetwork
Since v0.27.0
Advanced Options¶
WithHostPortAccess
Since v0.31.0WithConfigModifier
Since v0.20.0WithHostConfigModifier
Since v0.20.0WithEndpointSettingsModifier
Since v0.20.0CustomizeRequest
Since v0.20.0WithName
Since v0.38.0WithNoStart
Since v0.38.0
Experimental Options¶
WithReuseByName
Since v0.37.0
Container Methods¶
HttpHostAddress¶
- Since v0.20.0
This method returns the http host address of Vault, in the http://<host>:<port>
format.
hostAddress, err := vaultContainer.HttpHostAddress(ctx)
Examples¶
Use CLI to read data from Vault container:¶
exec, reader, err := vaultContainer.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test1"})
The vaultContainer
is the container instance obtained from the Run
function.
Use HTTP API to read data from Vault container:¶
request, _ := http.NewRequest(http.MethodGet, hostAddress+"/v1/secret/data/test1", nil)
request.Header.Add("X-Vault-Token", token)
response, err := http.DefaultClient.Do(request)
The hostAddress
is obtained from the container instance. Please see here for more details.
Use client library to read data from Vault container:¶
Add Vault Client module to your Go dependencies:
go get -u github.com/hashicorp/vault-client-go
client, err := vaultClient.New(
vaultClient.WithAddress(hostAddress),
vaultClient.WithRequestTimeout(30*time.Second),
)
require.NoError(t, err)
err = client.SetToken(token)
require.NoError(t, err)
s, err := client.Secrets.KvV2Read(ctx, "test1", vaultClient.WithMountPath("secret"))