Open mstrYoda opened 2 years ago
Do you mind expanding on this, @mstrYoda?
To my understanding, the client.Logical()
package is indeed the right way to go about interacting with Vault's API from Go. See e.g., our sample applications in Go [ref].
But what confuses me a little about your request is the mention to certutil
:-) I'm not aware of any PKI-specific behavior in the existing Vault CLI, so I'm wondering what certutil
is necessary for? :-) Our existing CLI (vault write
&c) just maps onto client.Logical().Write(...)
operations, translating the CLI parameters into API request parameters. So anything you can do in the CLI can be done with the Go client (and is actually done using that API, under the covers); there's no special CLI-specific PKI calls.
I guess restated, what behavior would you like to see, in Go, that the CLI makes easier? :-)
Do you mind expanding on this, @mstrYoda?
To my understanding, the
client.Logical()
package is indeed the right way to go about interacting with Vault's API from Go. See e.g., our sample applications in Go [ref].But what confuses me a little about your request is the mention to
certutil
:-) I'm not aware of any PKI-specific behavior in the existing Vault CLI, so I'm wondering whatcertutil
is necessary for? :-) Our existing CLI (vault write
&c) just maps ontoclient.Logical().Write(...)
operations, translating the CLI parameters into API request parameters. So anything you can do in the CLI can be done with the Go client (and is actually done using that API, under the covers); there's no special CLI-specific PKI calls.I guess restated, what behavior would you like to see, in Go, that the CLI makes easier? :-)
Sorry I could not explain what I would like to see. I mean it would not be nice to have a fluent API in client to make calls for pki?
Making parameterized functions that write calls specified for certificate creation on this tutorial: https://learn.hashicorp.com/tutorials/vault/pki-engine
I imagine something like the below:
client.PKI().CreateCert(CreateCertReq{"host", "ttl"}) Certificate
client.PKI().CreateIntermediateCert(CreateIntermediateCertReq{"root-cert", "ttl"}) IntermediateCertificate
I understand that not bringing this kind of utility in the client API which has already achieve with write API capabilities.
Ah, cool, this is clearer. Thank you!
I was very curious about any updates on this issue?
@cipherboy WDYT about implementing that utility functions? I can send a PR for this.
Describe the solution you'd like That would be useful to access vault pki operations (to generate certificates) by vault go client. Basically the commands used by cli can be exposed to use by vault client too.
Describe alternatives you've considered We have to use certutil & logical package to achieve this functionality or use vault cli/curl commands in go using exec.