A Go SDK for connecting to remote services via ngrok's private endpoints. Embed this library directly in your Go application instead of running the ngrok daemon.
go get github.com/ngrok-oss/ngrokd-goSimple dialer that uses an existing certificate. Auto-loads from ~/.ngrokd-go/certs if no cert provided.
// Auto-load cert from default location
dialer, err := ngrokd.Dialer(ngrokd.DirectConfig{})
// Or provide cert explicitly
cert, _ := tls.LoadX509KeyPair("tls.crt", "tls.key")
dialer, err := ngrokd.Dialer(ngrokd.DirectConfig{
Cert: cert,
})
// Use with http.Client
client := &http.Client{
Transport: &http.Transport{DialContext: dialer.DialContext},
}
resp, _ := client.Get("http://my-service.namespace:8080")Provisions certificates via API and provides endpoint visibility.
dialer, err := ngrokd.DiscoveryDialer(ctx, ngrokd.Config{
APIKey: os.Getenv("NGROK_API_KEY"),
})
// List available endpoints
endpoints, _ := dialer.Endpoints(ctx)
for _, ep := range endpoints {
fmt.Println(ep.URL)
}
// Dial like normal
client := &http.Client{
Transport: &http.Transport{DialContext: dialer.DialContext},
}- First time: Use
DiscoveryDialerwith API key to provision certificate (saved to~/.ngrokd-go/certs) - After that: Use
Dialerwithout API key—auto-loads saved certificate
// One-time provisioning
d, _ := ngrokd.DiscoveryDialer(ctx, ngrokd.Config{APIKey: "..."})
// Cert is now saved to ~/.ngrokd-go/certs
// Later, no API key needed
d, _ := ngrokd.Dialer(ngrokd.DirectConfig{})ngrokd.DirectConfig{
Cert: tls.Certificate{}, // Optional: explicit cert
CertStore: ngrokd.NewFileStore("/custom/path"), // Optional: custom storage
}ngrokd.Config{
APIKey: "your-api-key", // Required
EndpointSelectors: []string{"true"}, // CEL expressions to filter endpoints
}Certificates are stored to avoid re-provisioning:
FileStore(default) —~/.ngrokd-go/certsMemoryStore— ephemeral, for Lambda/Fargate- Custom — implement
CertStoreinterface
See examples/ for complete demos.
MIT