Vault¶

Since testcontainers-go v0.20.0

Introduction¶

The Testcontainers module for Vault. Vault is an open-source tool designed for securely storing, accessing, and managing secrets and sensitive data such as passwords, certificates, API keys, and other confidential information.

Adding this module to your project dependencies¶

Please run the following command to add the Vault module to your Go dependencies:

go get github.com/testcontainers/testcontainers-go/modules/vault

Usage example¶

The RunContainer function is the main entry point to create a new VaultContainer instance. It takes a context and zero or more Option values to configure the container.

Creating a Vault container

vault, err = testcontainervault.RunContainer(ctx, opts...)

Use CLI to read data from Vault container:¶

Use CLI to read data

exec, reader, err := vault.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test1"})
assert.Nil(t, err)
assert.Equal(t, 0, exec)

bytes, err := io.ReadAll(reader)
assert.Nil(t, err)

assert.Equal(t, "bar1", gjson.Get(string(bytes), "data.data.foo1").String())

Use HTTP API to read data from Vault container:¶

Use HTTP API to read data

hostAddress, err := vault.HttpHostAddress(ctx)
assert.Nil(t, err)

request, _ := http.NewRequest(http.MethodGet, hostAddress+"/v1/secret/data/test1", nil)
request.Header.Add("X-Vault-Token", token)

response, err := http.DefaultClient.Do(request)
assert.Nil(t, err)
defer response.Body.Close()

body, err := io.ReadAll(response.Body)
assert.Nil(t, err)

assert.Equal(t, "bar1", gjson.Get(string(body), "data.data.foo1").String())

Use client library to read data from Vault container:¶

Add Vault Client module to your Go dependencies:

go get -u github.com/hashicorp/vault-client-go

Use library to read data

hostAddress, _ := vault.HttpHostAddress(ctx)
client, err := vaultClient.New(
    vaultClient.WithAddress(hostAddress),
    vaultClient.WithRequestTimeout(30*time.Second),
)
assert.Nil(t, err)

err = client.SetToken(token)
assert.Nil(t, err)

s, err := client.Secrets.KVv2Read(ctx, "test1")
assert.Nil(t, err)
assert.Equal(t, "bar1", s.Data["data"].(map[string]interface{})["foo1"])

Container Options¶

You can set below options to create Vault container.

Image¶

If you need to set a different Vault image, you can use the testcontainers.WithImage.

Info

Default image name is hashicorp/vault:1.13.0.

Set image name

testcontainers.WithImage("hashicorp/vault:1.13.0"),

Token¶

If you need to add token authentication, you can use the WithToken.

Add token authentication

testcontainervault.WithToken(token),

Command¶

If you need to run vault command in the container, you can use the WithInitCommand.

Run init command

testcontainervault.WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"),
testcontainervault.WithInitCommand("kv put secret/test1 foo1=bar1"),