Introduction

The Akeyless SDK for Go makes it easy for you to integrate secrets from the Akeyless Vault platform into your Go applications, libraries, or scripts. The following Go code examples show a typical sequence of how to do this.

Installation

Get the package:

go get github.com/akeylesslabs/akeyless-go/v2

To start using the package, import it into your project:

go import "github.com/akeylesslabs/akeyless-go/v2"

Configuration

Create and configure an instance of the Akeyless Client:

go
func main() {
    client := akeyless.NewAPIClient(&akeyless.Configuration{
        Servers: []akeyless.ServerConfiguration{
            {
                URL: "<Akeyless Gateway URL>",
            },
        },
    }).V2Api
}

The Akeyless Gateway URL should be one of the following:

  • https://api.akeyless.io: A public instance of the Akeyless Gateway. It is shared between all accounts and does not support zero-knowledge encryption.

  • https://akeyless.example.com:8081: A private Akeyless Gateway deployment. Note that it uses port 8081.

  • https://akeyless.example.com:8080/v2: A private Akeyless Gateway deployment that uses the legacy API port with the /v2 path prefix.

Authentication

The Akeyless SDK for Go supports multiple authentication methods. The following are two examples.

API Key

go
func authWithAPIKey(id, key string) (string, error) {
    auth := akeyless.NewAuth()
    auth.SetAccessType("api_key")
    auth.SetAccessId(id)
    auth.SetAccessKey(key)

    out, _, err := c.V2ApiService.Auth(context.Background()).Body(*auth).Execute()
    if err != nil {
        return "", fmt.Errorf("can't authenticate with api key: %w", err)
    }

    return out.GetToken(), nil
}

AWS IAM

To authenticate using AWS IAM, use a helper package:

go get "github.com/akeylesslabs/akeyless-go-cloud-id"
go
import (
    cloudid "github.com/akeylesslabs/akeyless-go-cloud-id"
)

func authWithAWS(accessID string) (string, error) {
    id, err := cloudid.GetCloudId()
    if err != nil {
        return "", fmt.Errorf("can't get cloud identity: %w", err)
    }

    auth := akeyless.NewAuth()
    auth.SetAccessType("aws_iam")
    auth.SetCloudId(id)
    auth.SetAccessId(accessID)

    out, _, err := c.V2ApiService.Auth(context.Background()).Body(*auth).Execute()
    if err != nil {
        return "", fmt.Errorf("can't authenticate with aws: %w", err)
    }

    return out.GetToken(), nil
}

Usage Examples

List Items

go
func main() {
    // retrieve authToken using one of supported auth methods
    authToken := ""

    listOut, _, err := client.ListItems(context.Background()).
        Body(akeyless.ListItems{
            Token: akeyless.PtrString(authToken),
        }).Execute()
    if err != nil {
        log.Fatalln(err)
    }

    for _, item := range listOut.GetItems() {
        log.Println(item.GetItemName())
    }
}

Get a Dynamic Secret Value

go
func main() {
    // retrieve authToken using one of supported auth methods
    authToken := ""

    out, _, err := client.GetDynamicSecretValue(context.Background()).
        Body(akeyless.GetDynamicSecretValue{
            Name:  "my-secret",
            Token: akeyless.PtrString(authToken),
        }).Execute()
    if err != nil {
        log.Fatalln(err)
    }

    log.Println(out)
}

API Reference

For a detailed API reference, see here.