vault

Vault client libraries for Go and .NET are now in public beta

HashiCorp expands its client libraries to include Go & .NET. The Vault 1.13 release includes support for Go & .NET.

We are excited to announce that our OpenAPI-based Vault client libraries for Go and .NET are now available in public beta. We will continue to expand functionality and add features as we move towards general availability.

»Why client libraries?

Vault can be accessed in several different ways today, including through Vault Agent, CLI, REST API, and through various platform-specific integrations. Client libraries offer an application-native mechanism to fetch required secrets in a simple-to-adopt developer experience with an extremely secure posture.

»OpenAPI code generation approach

The previous approach with regard to Vault client libraries has been inconsistent and scattered. If you refer to our client libraries page, you’ll see that today HashiCorp only officially supports Go and Ruby. Libraries for other languages, including Python, C#, and Java, are all community-managed. Some of these libraries are no longer maintained and haven’t seen changes in years. This results in an inconsistent and unfamiliar developer experience across different languages.

To address this problem, we have chosen to leverage OpenAPI code generation. It allows us to easily keep libraries up-to-date with the latest changes to the Vault API, ensuring minimal downtime between additions to Vault and providing visibility of the functionality across all client libraries. This approach also allows us to incorporate every single built-in Vault plugin into the client library. Using an OpenAPI specification as the basis for code generation means that developers have the ability to generate their own client libraries in other languages as well.

With the new libraries, we have chosen to prioritize developer experience and maintainability. Code generation allows us to achieve a familiar look and feel between languages while being idiomatic.

»Getting started with the Go client library

The new Go client library aims to be a future replacement for the existing API library included with Vault. As such, it follows similar structural patterns for an easier migration path, but offers a number of quality-of-life improvements. The library provides almost 1,000 generated methods as well as a few handcrafted ones, all with a consistent interface and easily discoverable functionality.

Below is a simple example of how you can retrieve your first secret in Go with just a few lines of code:

// Prepare a client with the given Vault server/cluster address
client, _ := vault.New(vault.WithAddress("http://127.0.0.1:8200"))
 
// Read a secret from key-value secrets engine
secret, _ := client.Secrets.KVv2Read(
  context.Background(),
  "my-secret",
  vault.WithToken("my-token"),
)
log.Println("Secret retrieved:", secret.Data)

For additional examples of how to use the library, please refer to the README page of vault-client-go.

»Getting started with the .NET client library

Previously, Vault developers have had to rely on community maintained libraries to integrate Vault with their .NET applications, such as VaultSharp. With this release, you can use the official HashiCorp-supported library with an emphasis on developer experience. We’ve created the library to be idiomatic with the .NET ecosystem.

Below is an example of how you can retrieve your first secret in C# with just a few lines of code:

// Prepare a client with the given Vault server/cluster address
VaultConfiguration config = new VaultConfiguration("http://127.0.0.1:8200");
 
VaultClient client = new VaultClient(config);
client.SetToken("my-token"); 
 
// Read a secret from key-value secrets engine
VaultResponse<Object> secret = vaultClient.Secrets.KVv2Read("my-secret");
Console.WriteLine("Secret received: {0}", secret.Data);

For additional examples of how to use the library, please refer to the README page of vault-client-dotnet.

»Next steps

With this being the beta release of our Vault client libraries, we will continue to work towards making the libraries (vault-client-dotnet and vault-client-go) generally available and production-ready. We also have plans to continue expanding the available feature set with many requested features, including structured responses, automated token renewal, authentication wrappers, etc.

We would like to continue improving these libraries and would like to hear from you! If you have questions or suggestions feel free to open a GitHub issue in the library repos or post in the HashiCorp discussion forum. We also have more code examples available in our developer quickstart.

Get started with Vault for free to begin managing your secrets.


Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.