0.1.6 • Published 8 years ago

confabulous-vault-loader v0.1.6

Weekly downloads
Last release
8 years ago

Confabulous Vault Loader

Confabulous-Vault-Loader is an Vault Loader for Confabulous - a hierarchical, asynchronous config loader and post processor.


const confabulous = require('confabulous')
const Confabulous = confabulous.Confabulous
const vault = require('confabulous-vault-loader')
const processors = confabulous.processors

new Confabulous()
    .add((config) => vault({ url: 'http://localhost:8200', path: 'secret/live/demo', method: 'app-id', appId: 'svc-demo-api' , userId: 'demo-live' }))
    .on('loaded', (config) => console.log('Loaded', JSON.stringify(config, null, 2)))
    .on('reloaded', (config) => console.log('Reloaded', JSON.stringify(config, null, 2)))
    .on('error', (err) => console.error('Error', err))
    .on('reload_error', (err) => console.error('Reload Error', err))


urlstringURL of the vault server
pathstringPath to the encrypted config
methodstringAuthentication method (currently only app-id is supported)
appIdstringApplication Id (required for authentication when using app-id method)
userIdstringUser Id (required for authentication when using app-id method)
mandatorybooleantrueCauses an error/reload_error to be emitted if the configuration does not exist
watchobjectPolls the vault server for changes. Requires an interval, e.g. { interval: '5m'}
requestobjectsee hereoptions that will be passed to the underlying http client.

Testing Locally

Setting up a vault environment is no easy task. The following might help...

Start a vault server in development mode

docker run -d -p 8200:8200 --hostname vault --name vault sjourdan/vault
docker logs vault

Make note of the Unseal Key and Root Token and configure exports

export VAULT_ADDR=http://vault:8200

Create an alias so you can execute vault commands from a container

alias vaultcmd="docker run --volume $(pwd)/tests/vault:/tmp --link vault --rm -e VAULT_ADDR -e VAULT_TOKEN sjourdan/vault"

Unseal the vault so you can read / write secrets

vaultcmd unseal <INSERT_UNSEAL_KEY>

Upload a policy

vaultcmd policy-write demo-live /tmp/policies/live/demo.json

Configure an app-id login

vaultcmd auth-enable app-id
vaultcmd write auth/app-id/map/app-id/svc-demo-api value=demo-live display_name=svc-demo-api
vaultcmd write auth/app-id/map/user-id/demo-live value=svc-demo-api
vaultcmd policy-write demo-live /tmp/policies/live/demo.json

You should now be able to run tests. Hoorah!