A collection of copy-pastable code example snippets demonstrating the various ways to use the Vault client libraries for various languages to authenticate and retrieve secrets.
- Go
- Uses official library HashiCorp Vault
- Provided examples:
- Quick Start with Token Auth
- Auth Methods (AppRole, AWS, Azure, GCP, Kubernetes)
- Token Renewal
- Ruby
- Uses official library vault-ruby
- Provided examples:
- Quick Start with Token Auth
- C#
- Uses community-maintained library VaultSharp
- Provided examples:
- Quick Start with Token Auth
- Auth Methods (AppRole, AWS, Azure, GCP, Kubernetes)
- Python
- Uses community-maintained library HVAC
- Provided examples:
- Quick Start with Token Auth
- Client Application with AppRole Auth, Token Renewal, and Secret Management
- Java (Spring)
- Uses community-maintained library spring-vault
- Provided examples:
- Quick Start with Token Auth
- Client Applications:
- Pure Java with AppRole Auth, Token Renewal, and Secret Management
- Spring Boot Web with Spring Cloud Vault Config and Web UI
- Tomcat Web with Servlet + JSP and Token Auto-Renewal
- C
- Uses libcurl and json-c
- Provided examples:
- Client Application with AppRole Auth, Token Renewal, and Secret Management
- C++
- Uses libcurl and nlohmann/json (C++17)
- Provided examples:
- Client Application with AppRole Auth, Token Renewal, and Secret Management
- Script (Bash)
- Uses curl and jq with Vault Proxy
- Provided examples:
- Script Samples with Vault Proxy integration
- Supports KV, Database Dynamic/Static, SSH (KV/OTP/Signed Certificate), and AWS secrets
- No Vault CLI required, uses pure curl
Find the relevant directory for the concept you're interested in learning about, then find the file for your language of choice. You can use the example code as a reference or paste it into your application and tweak as needed. Each concept's directory also contains a readme explaining some of the specific terminology and operational setup.
This repo is not intended to be "run" as a standalone application.
For an out-of-the-box runnable sample app, please see our Hello-Vault repos.
Hello-Vault:
For complete, runnable client application examples that demonstrate real-world Vault integration patterns, see the Client Applications directory.
These examples include:
- Complete applications in multiple languages (C, C++, Java, Python, Spring Boot, Tomcat)
- Script examples using Vault Proxy
- Real-world patterns for authentication, token renewal, and secret management
- Multiple secret engine support (KV v2, Database Dynamic/Static, SSH, AWS)
Each example includes:
- Full source code
- Build and run instructions
- Configuration examples
- Detailed documentation
See the Client Applications README for more details.
For examples demonstrating Vault integration with Model Context Protocol (MCP) servers for identity-aware credential management, see the MCP Examples directory.
The identity-aware remote example demonstrates:
- User-specific credential separation using Vault Policy Templating
- JWT-based authentication with Keycloak integration
- Remote MCP servers retrieving user-specific credentials from Vault
- Multiple secret engine support (KV v2, Database Dynamic Secrets)
- Authentication flow tracing and credential debugging
See the MCP Remote Vault Demo README and Quick Start Guide for more details.
If you would like to submit a code example to this repo, please create a file containing one function (or a grouping of several related functions) in the appropriate directory.