Vault client libraries for Go and .NET are now in public beta
HashiCorp expands its client libraries to include Go & .NET. The Vault 1.13 release includes support for Go & .NET.
We are excited to announce that our OpenAPI-based Vault client libraries for Go and .NET are now available in public beta. We will continue to expand functionality and add features as we move towards general availability.
» Why client libraries?
Vault can be accessed in several different ways today, including through Vault Agent, CLI, REST API, and through various platform-specific integrations. Client libraries offer an application-native mechanism to fetch required secrets in a simple-to-adopt developer experience with an extremely secure posture.
» OpenAPI code generation approach
The previous approach with regard to Vault client libraries has been inconsistent and scattered. If you refer to our client libraries page, you’ll see that today HashiCorp only officially supports Go and Ruby. Libraries for other languages, including Python, C#, and Java, are all community-managed. Some of these libraries are no longer maintained and haven’t seen changes in years. This results in an inconsistent and unfamiliar developer experience across different languages.
To address this problem, we have chosen to leverage OpenAPI code generation. It allows us to easily keep libraries up-to-date with the latest changes to the Vault API, ensuring minimal downtime between additions to Vault and providing visibility of the functionality across all client libraries. This approach also allows us to incorporate every single built-in Vault plugin into the client library. Using an OpenAPI specification as the basis for code generation means that developers have the ability to generate their own client libraries in other languages as well.
With the new libraries, we have chosen to prioritize developer experience and maintainability. Code generation allows us to achieve a familiar look and feel between languages while being idiomatic.
» Getting started with the Go client library
The new Go client library aims to be a future replacement for the existing API library included with Vault. As such, it follows similar structural patterns for an easier migration path, but offers a number of quality-of-life improvements. The library provides almost 1,000 generated methods as well as a few handcrafted ones, all with a consistent interface and easily discoverable functionality.
Below is a simple example of how you can retrieve your first secret in Go with just a few lines of code:
// Prepare a client with the given Vault server/cluster address
client, _ := vault.New(vault.WithAddress("http://127.0.0.1:8200"))
// Read a secret from key-value secrets engine
secret, _ := client.Secrets.KVv2Read(
context.Background(),
"my-secret",
vault.WithToken("my-token"),
)
log.Println("Secret retrieved:", secret.Data)
For additional examples of how to use the library, please refer to the README page of vault-client-go.
» Getting started with the .NET client library
Previously, Vault developers have had to rely on community maintained libraries to integrate Vault with their .NET applications, such as VaultSharp. With this release, you can use the official HashiCorp-supported library with an emphasis on developer experience. We’ve created the library to be idiomatic with the .NET ecosystem.
Below is an example of how you can retrieve your first secret in C# with just a few lines of code:
// Prepare a client with the given Vault server/cluster address
VaultConfiguration config = new VaultConfiguration("http://127.0.0.1:8200");
VaultClient client = new VaultClient(config);
client.SetToken("my-token");
// Read a secret from key-value secrets engine
VaultResponse<Object> secret = vaultClient.Secrets.KVv2Read("my-secret");
Console.WriteLine("Secret received: {0}", secret.Data);
For additional examples of how to use the library, please refer to the README page of vault-client-dotnet.
» Next steps
With this being the beta release of our Vault client libraries, we will continue to work towards making the libraries (vault-client-dotnet and vault-client-go) generally available and production-ready. We also have plans to continue expanding the available feature set with many requested features, including structured responses, automated token renewal, authentication wrappers, etc.
We would like to continue improving these libraries and would like to hear from you! If you have questions or suggestions feel free to open a GitHub issue in the library repos or post in the HashiCorp discussion forum. We also have more code examples available in our developer quickstart.
Get started with Vault for free to begin managing your secrets.
Sign up for the latest HashiCorp news
More blog posts like this one
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.