go-db-credential-refresh

module

v1.0.0 Latest Latest Go to latest Published: Apr 17, 2022 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/davepgreene/go-db-credential-refresh

Links

Open Source Insights

README ¶

Go DB Credential Refresh

Go DB Credential Refresh is a driver to handle seamlessly reconnecting database/sql connections on credential rotation. This driver will work fine with static credentials but is designed for systems like Hashicorp Vault's Database Secrets Engines or AWS RDS IAM Authentication where the credentials are retrieved from the identity manager before connecting.

Go DB Credential Refresh acts as a wrapper over existing DB drivers. It supports the following community DB drivers by default:

but users can register anything that implements database/sql/driver.Driver.

Installation

go get -u github.com/davepgreene/go-db-credential-refresh

Connector

The mechanism to interact with the driver is handled through a Connector which is a tight coupling between a database/sql/driver.Driver, a Formatter, and an AuthError. The latter two types handle formatting the components of a connection string for the specific DB implementation and an evaluation function that determines if an error coming from the driver.Driver is an authentication-related error.

Formatters

Formatters assemble db- or driver-specific connection strings so the Connector can retry a connection with new credentials. This library ships with formatter implementations for MySQL and PostgreSQL both as a connection URI and a K/V connection string (see the PostgreSQL docs for more info) in the driver package.

AuthErrors

An AuthError is an evaluative function which determines if an error represents a failed connection due to authentication. This tells the Connector to use its store to attempt to retrieve new credentials. AuthErrors for MySQL and PostgreSQL are included in the driver package.

Stores

A store is a mechanism to retrieve credentials. When you use the DB driver, you associate a Store with the Connector. Every time Connector.Connect is called, the store is queried for credentials. Stores must implement the Store interface (see driver/store.go).

Go DB Credential Refresh currently ships with store implementations for Vault and RDS IAM Authentication. The Vault store includes both Token Auth and Kubernetes Auth authentication methods. See the vault package for more information.

Examples

See the examples directory for sample usage.

Directories ¶

Path	Synopsis
driver
examples
custom_store
db
store
awsrds Module
vault Module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL