Skip to content

Vault

Since v0.20.0

Introduction

The Testcontainers module for Vault. Vault is an open-source tool designed for securely storing, accessing, and managing secrets and sensitive data such as passwords, certificates, API keys, and other confidential information.

Adding this module to your project dependencies

Please run the following command to add the Vault module to your Go dependencies:

go get github.com/testcontainers/testcontainers-go/modules/vault

Usage example

The Run function is the main entry point to create a new VaultContainer instance. It takes a context and zero or more Option values to configure the container.

ctx := context.Background()

vaultContainer, err := vault.Run(ctx, "hashicorp/vault:1.13.0", vault.WithToken("MyToKeN"))
defer func() {
    if err := testcontainers.TerminateContainer(vaultContainer); err != nil {
        log.Printf("failed to terminate container: %s", err)
    }
}()
if err != nil {
    log.Printf("failed to start container: %s", err)
    return
}

Module Reference

Run function

Info

The RunContainer(ctx, opts...) function is deprecated and will be removed in the next major release of Testcontainers for Go.

The Vault module exposes one entrypoint function to create the container, and this function receives three parameters:

func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustomizer) (*VaultContainer, error)
  • context.Context, the Go context.
  • string, the Docker image to use.
  • testcontainers.ContainerCustomizer, a variadic argument for passing options.

Image

Use the second argument in the Run function to set a valid Docker image. In example: Run(context.Background(), "hashicorp/vault:1.13.0").

Container Options

When starting the Vault container, you can pass options in a variadic way to configure it.

WithToken

If you need to add token authentication, you can use the WithToken.

testcontainervault.WithToken(token),

WithInitCommand

If you need to run a vault command in the container, you can use the WithInitCommand.

testcontainervault.WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"),
testcontainervault.WithInitCommand("kv put secret/test1 foo1=bar1"),

The following options are exposed by the testcontainers package.

Basic Options

Lifecycle Options

Files & Mounts Options

Build Options

Logging Options

Image Options

Networking Options

Advanced Options

Experimental Options

Container Methods

HttpHostAddress

This method returns the http host address of Vault, in the http://<host>:<port> format.

hostAddress, err := vaultContainer.HttpHostAddress(ctx)

Examples

Use CLI to read data from Vault container:

exec, reader, err := vaultContainer.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test1"})

The vaultContainer is the container instance obtained from the Run function.

Use HTTP API to read data from Vault container:

request, _ := http.NewRequest(http.MethodGet, hostAddress+"/v1/secret/data/test1", nil)
request.Header.Add("X-Vault-Token", token)

response, err := http.DefaultClient.Do(request)

The hostAddress is obtained from the container instance. Please see here for more details.

Use client library to read data from Vault container:

Add Vault Client module to your Go dependencies:

go get -u github.com/hashicorp/vault-client-go

client, err := vaultClient.New(
    vaultClient.WithAddress(hostAddress),
    vaultClient.WithRequestTimeout(30*time.Second),
)
require.NoError(t, err)

err = client.SetToken(token)
require.NoError(t, err)

s, err := client.Secrets.KvV2Read(ctx, "test1", vaultClient.WithMountPath("secret"))