Accessing Secrets
Prerequisites
Before accessing secrets, make sure you've installed and initialized the Secrets Manager SDK.
Basic Usage
After initializing the SDK, you can retrieve secrets with a simple function call:
Go
package main
import (
"fmt"
"log"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
func main() {
// Auto-initializes from environment variables
dbPassword, err := secrets.Get("database-connection")
if err != nil {
log.Fatal(err)
}
fmt.Println("Connection string:", dbPassword)
}package main
import (
"fmt"
"log"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
func main() {
// Auto-initializes from environment variables
dbPassword, err := secrets.Get("database-connection")
if err != nil {
log.Fatal(err)
}
fmt.Println("Connection string:", dbPassword)
}Creating and Updating Secrets
You can create or update secrets directly from your application:
Go
// Create a new secret
err := secrets.Set("api-key", "sk_test_abc123xyz")
if err != nil {
log.Fatal(err)
}
// Update an existing secret
err = secrets.Set("database-connection", "postgres://admin:secret@new-server:5432/myapp")
if err != nil {
log.Fatal(err)
}// Create a new secret
err := secrets.Set("api-key", "sk_test_abc123xyz")
if err != nil {
log.Fatal(err)
}
// Update an existing secret
err = secrets.Set("database-connection", "postgres://admin:secret@new-server:5432/myapp")
if err != nil {
log.Fatal(err)
}Error Handling
When a secret doesn't exist or there's an error, the SDK returns an error. Handle this with idiomatic Go error handling:
Go
secret, err := secrets.Get("non-existent-key")
if err != nil {
// Handle missing secret
fmt.Printf("Secret not found: %v\n", err)
// You might want to create the secret or use a default value
err = secrets.Set("non-existent-key", "default-value")
if err != nil {
log.Fatal(err)
}
}secret, err := secrets.Get("non-existent-key")
if err != nil {
// Handle missing secret
fmt.Printf("Secret not found: %v\n", err)
// You might want to create the secret or use a default value
err = secrets.Set("non-existent-key", "default-value")
if err != nil {
log.Fatal(err)
}
}Best Practices
Cache Configuration
The SDK includes built-in caching to improve performance:
Go
import (
"time"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
// Configure cache with 10 minutes TTL
secrets.ConfigureCache(true, 10*time.Minute)
// Clear cache
secrets.ClearCache()
// Disable cache
secrets.ConfigureCache(false, 0)import (
"time"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
// Configure cache with 10 minutes TTL
secrets.ConfigureCache(true, 10*time.Minute)
// Clear cache
secrets.ClearCache()
// Disable cache
secrets.ConfigureCache(false, 0)Security Best Practices
- Never print or log full secret values
- Don't store secret values in plain text files
- Clear secrets from memory when no longer needed
- Use environment-specific secrets
Common Usage Patterns
Configuration Helper
Create a configuration helper for your application:
Go
package config
import (
"strconv"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
func GetDatabaseConnection() (string, error) {
return secrets.Get("database-connection")
}
func GetApiKey() (string, error) {
return secrets.Get("api-key")
}
func GetCacheTimeout() (int, error) {
value, err := secrets.Get("cache-timeout-minutes")
if err != nil {
return 10, nil // Default to 10
}
return strconv.Atoi(value)
}package config
import (
"strconv"
"github.com/bytehide/bytehide-secrets-go/secrets"
)
func GetDatabaseConnection() (string, error) {
return secrets.Get("database-connection")
}
func GetApiKey() (string, error) {
return secrets.Get("api-key")
}
func GetCacheTimeout() (int, error) {
value, err := secrets.Get("cache-timeout-minutes")
if err != nil {
return 10, nil // Default to 10
}
return strconv.Atoi(value)
}Database Connection Example
Go
package main
import (
"database/sql"
"fmt"
"log"
"github.com/bytehide/bytehide-secrets-go/secrets"
_ "github.com/lib/pq"
)
func connectToDatabase() (*sql.DB, error) {
dbHost, err := secrets.Get("DB_HOST")
if err != nil {
return nil, err
}
dbUser, err := secrets.Get("DB_USER")
if err != nil {
return nil, err
}
dbPass, err := secrets.Get("DB_PASS")
if err != nil {
return nil, err
}
connStr := fmt.Sprintf("host=%s user=%s password=%s sslmode=disable", dbHost, dbUser, dbPass)
return sql.Open("postgres", connStr)
}
func main() {
db, err := connectToDatabase()
if err != nil {
log.Fatal(err)
}
defer db.Close()
fmt.Println("Connected to database successfully!")
}package main
import (
"database/sql"
"fmt"
"log"
"github.com/bytehide/bytehide-secrets-go/secrets"
_ "github.com/lib/pq"
)
func connectToDatabase() (*sql.DB, error) {
dbHost, err := secrets.Get("DB_HOST")
if err != nil {
return nil, err
}
dbUser, err := secrets.Get("DB_USER")
if err != nil {
return nil, err
}
dbPass, err := secrets.Get("DB_PASS")
if err != nil {
return nil, err
}
connStr := fmt.Sprintf("host=%s user=%s password=%s sslmode=disable", dbHost, dbUser, dbPass)
return sql.Open("postgres", connStr)
}
func main() {
db, err := connectToDatabase()
if err != nil {
log.Fatal(err)
}
defer db.Close()
fmt.Println("Connected to database successfully!")
}