1.0.15 • Published 3 years ago

nanvc v1.0.15

Weekly downloads
4
License
MIT
Repository
github
Last release
3 years ago

nanvc - Not Another Node Vault Client

build status code coverage

This is a Vault client written in typescript.

Table of contents

Install

# requires nodejs >= 14
npm install nanvc --save

How to use it

The VaultClient constructor takes three optional arguments:

  • vault cluster address - if not passed in, defaults to NANVC_VAULT_CLUSER_ADDRESS environment variable otherwise it will take 'http://127.0.0.1:8200' value
  • vault auth token - if not passed in, defaults to NANVC_VAULT_AUTH_TOKEN env. variable, otherwise will be set to null
  • vault api version - if not passed in, defaults to NANVC_VAULT_API_VERSION environment variable, otherwise is set internaly to 'v1'

ES5

var VaultClient = require('nanvc');
var vault = new VaultClient('http://vault.local:8200');
vault.init({ 
        secret_shares: 1, 
        secret_threshold: 1 
    })
    .then(function (result) { // unseal vault
        console.log("Unsealing vault");
        console.log(result);
        if (!result.succeeded) {
            throw new Error(result.errorMessage);
        }
        var keys = result.apiResponse.keys;
        vault.token = result.apiResponse.root_token;
        return vault.unseal({
            secret_shares: 1,
            key: keys[0]
        });
    })
    .then(function (response) { // write a secret
        console.log("Writing a secret");
        return vault.write(
            '/secret/my-app/my-secret', { 
                'foo': 'my-password' 
            }
        )
    })
    .then(function(response) { // update a secret
        console.log(response);
        console.log("Updating secret");
        return vault.update(
            '/secret/my-app/my-secret', { 
                'foo': 'my-updated-password' 
            }
        );  
    })
    .then(function(response){ // read a secret
        console.log(response);
        console.log("Reading a secret");
        return vault.read('/secret/my-app/my-secret');
    })
    .then(function(response){ // delete a secret
        console.log(response);
        console.log("Deleting a secret");
        return vault.delete('/secret/my-app/my-secret');
    })
    .then(function(response){ // handle delete response 
        console.log(response);
    })
    .catch(console.error);

ES6

import VaultClient from "nanvc";
let vault = new VaultClient('http://vault.local:8200');

async function main() {
    try {
        let initResponse = await vault.init({
            secret_shares: 1,
            secret_threshold: 1
        });

        if (initResponse.succeeded) {
            console.log(initResponse);
            vault.token = initResponse.apiResponse.root_token;
            let unsealResponse = await vault.unseal({
                secret_shares: 1,
                key: initResponse.apiResponse.keys[0]
            });
            if (!unsealResponse.succeeded) {
                throw new Error(unsealResponse.errorMessage);
            }
        } else {
            throw new Error(initResponse.errorMessage);
        }
        // write a secret
        let writeSecretResponse = await vault.write('/secret/my-app/my-secret', { 'foo': 'my-password' });
        console.log(writeSecretResponse);
        // update a secret
        let updateSecretResponse = await vault.update('/secret/my-app/my-secret', { 'foo': 'my-updated-password' });
        console.log(updateSecretResponse);
        // read a secret
        let mySecretQueryResponse = await vault.read('/secret/my-app/my-secret');
        let mySecret = mySecretQueryResponse.succeeded && mySecretQueryResponse.apiResponse.data.foo;
        console.log(mySecretQueryResponse);
        // delete a secret
        let mySecretDeleteQueryResponse = await vault.delete('/secret/my-app/my-secret');
        let mySecretIsDeleted = mySecretDeleteQueryResponse.succeeded;
        console.log(mySecretDeleteQueryResponse);
    } catch (e) {
        throw (e);
    }

}

main().then().catch(console.error);

What is supported

Vault Rest API CallHttp MethodClient Library MethodTested
/:pathGETVaultClient.read(secretPath: string)Yes
/:pathPOSTVaultClient.write(secretPath: string, secretData: object)Yes
/:pathPUTVaultClient.update(secretPath: string, secretData: object)Yes
/:pathDELETEVaultClient.delete(secretPath: string)Yes
/:pathLISTVaultClient.list(path: string)Yes
/sys/auditGETVaultClient.audits()Yes
/sys/audit/:namePUTVaultClient.enableAudit(auditName: string)Yes
/sys/audit/:nameDELETEVaultClient.disableAudit(auditName: string)Yes
/sys/audit-hash/:pathPOSTVaultClient.auditHash(path: string, payload: object)Yes
/sys/authGETVaultClient.auths()Yes
/sys/authPOSTVaultClient.enableAuth(path: string, payload: object)Yes
/sys/authDELETEVaultClient.disableAuth(path: string)Yes
/sys/capabilitiesPOSTN/AN/A
/sys/capabilities-accessorPOSTN/AN/A
/sys/capabilities-selfPOSTN/AN/A
/sys/config/auditingGETN/AN/A
/sys/config/control-groupGETN/AN/A
/sys/config/corsGETN/AN/A
/sys/control-groupPOSTN/AN/A
/sys/generate-rootGETN/AN/A
/sys/healthHEADN/AN/A
/sys/healthGETN/AN/A
/sys/initGETVaultClient.isInitialized()Yes
/sys/initPUTVaultClient.init(initData: object)Yes
/sys/key-statusGETN/AN/A
/sys/leaderGETN/AN/A
/sys/leasesPUTN/AN/A
/sys/leasesLISTN/AN/A
/sys/licenseGETN/AN/A
/sys/mfaN/AN/AN/A
/sys/mountsGETVaultClient.mounts()Yes
/sys/mounts/:mount_pointPOSTVaultClient.mount(path: string, mountOptions: object)Yes
/sys/mounts/:mount_pointDELETEVaultClient.unmount(path: string)Yes
/sys/mounts/:mount_point/tunePOSTN/AN/A
/sys/plugins/reload/backendPUTN/AN/A
/sys/plugins/catalogLISTN/AN/A
/sys/plugins/catalog/:catalog_namePUTN/AN/A
/sys/plugins/catalog/:catalog_nameGETN/AN/A
/sys/plugins/catalog/:catalog_nameDELETEN/AN/A
/sys/policyGETVaultClient.policies()No
/sys/policyPUTVaultClient.addPolicy(policyName: string, policyData: obkect )No
/sys/policyDELETEVaultClient.removePolicy(policyName: string)No
/sys/policiesN/AN/AN/a
/sys/rawN/AN/AN/A
/sys/rekeyN/AN/AN/A
/sys/rekey-recovery-keyN/AN/AN/A
/sys/remountPOSTVaultClient.remount(remountData: object)Yes
/sys/replicationN/AN/AN/A
/sys/rotateN/AN/AN/A
/sys/sealPUTVaultClient.seal()Yes
/sys/seal-statusGETVaultClient.status()Yes
/sys/step-downN/AN/AN/A
/sys/toolsN/AN/AN/A
/sys/unsealPUTVaultClient.unseal(unsealData: object)Yes
/sys/wrapping/lookupN/AN/AN/A
/sys/wrapping/rewrapN/AN/AN/A
/sys/wrapping/unwrapN/AN/AN/A
/sys/wrapping/wrapN/AN/AN/A

TODO list

  • Better documentation(API, more samples, what is supported and what is NOT)
  • Full support for "System Backend Commands"
  • Typescript declarations - it will bring IDE intellisense for tools like Vscode, IntelliJ IDEA, Atom, etc
hashicorpvaultconsulawssecretsmanageclient
gottv4
@infinitebrahmanuniverse/nolb-nan@everything-registry/sub-chunk-2245
1.0.15

3 years ago

1.0.14

5 years ago

1.0.13

5 years ago

1.0.12

5 years ago

1.0.11

6 years ago

1.0.10

6 years ago

1.0.9

6 years ago

1.0.8

6 years ago

1.0.7

6 years ago

1.0.6

6 years ago

1.0.5

6 years ago

1.0.4

6 years ago

1.0.4-beta.2

6 years ago

1.0.4-beta.1

6 years ago

1.0.3-beta.2

6 years ago

1.0.3-beta.1

6 years ago

1.0.3

6 years ago

1.0.1

6 years ago

1.0.0

6 years ago