I am trying to use the Vault Golang Package to authenticate using the API.
I created a new client, and then can set my token:
client, err := api.NewClient(&api.Config{Address: vaultAddr, HttpClient: httpClient})
if err != nil {
return nil, errors.Wrap(err, "could not create vault client")
}
client.SetToken(token)
That's great and all, but I want to auth against the API using one of the other auth methods, (LDAP, Userpass etc)
Is this even possible? How can I retrieve a token using the API?
I guess I could just use net/http to retrieve the token using an API call, but is there any method to actually auth in another way?
I managed to figure this out, eventually. It's not totally obvious, but makes sense.
Vault has a generic write method it uses to write data. You can utilise this to perform a login with the API by simply building the URL and sending a PUT request to that endpoint
It looks a bit like this:
// create a vault client
client, err := api.NewClient(&api.Config{Address: url, HttpClient: httpClient})
if err != nil {
panic(err)
}
// to pass the password
options := map[string]interface{}{
"password": password,
}
// the login path
// this is configurable, change userpass to ldap etc
path := fmt.Sprintf("auth/userpass/login/%s", username)
// PUT call to get a token
secret, err := client.Logical().Write(path, options)