credential

Package credential provides a simple and secure interface for retrieving secrets from systemd's credential management system. It enables Go applications to safely access sensitive information such as cryptographic keys, certificates, passwords, and identity data in systemd-managed services.

Installation

To install credential and use it in your project, run:

go get git.sr.ht/~jamesponddotco/credential-go@latest

You'll want to ensure your system meets these requirements:

• Go 1.23 or later.
• systemd-based Linux distribution.
• Proper systemd service configuration with credentials.

Documentation

• Please see the Go reference documentation for more information about the package.
• Refer to systemd credentials documentation for more details on its credential management system.

Usage

To use credential, your systemd service unit must be configured with credentials, as the CREDENTIALS_DIRECTORY environment variable required by the package is set by systemd when running as a service with credentials configured.

Example systemd service configuration:

[Unit]
Description=My Application Service

[Service]
ExecStart=/usr/local/bin/myapp
LoadCredential=myapp-database-password:/path/to/secret/file
PrivateMounts=yes

[Install]
WantedBy=multi-user.target

Here's a basic example of how to use the package:

package main

import (
	"fmt"
	"log"

	"git.sr.ht/~jamesponddotco/credential-go"
)

func main() {
	// Open the credential store with your application's name as the prefix.
	store, err := credential.Open("myapp")
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve a secret from the store.
	secret, err := store.Get("database-password")
	if err != nil {
		log.Fatal(err)
	}

	// Print the secret or do something else with it.
	fmt.Println("Database password:", secret)
}

Contributing

Anyone can help make credential better. Send patches on the mailing list and report bugs on the issue tracker.

You must sign-off your work using git commit --signoff. Follow the Linux kernel developer's certificate of origin for more details.

All contributions are made under the MIT License.

Resources

The following resources are available:

• Package documentation.
• Support and general discussions.
• Patches and development related questions.
• Instructions on how to prepare patches.
• Feature requests and bug reports.

---

Released under the MIT License.