0.0.5 • Published 3 years ago

vault-wrapper v0.0.5

Weekly downloads
-
License
ISC
Repository
-
Last release
3 years ago

Stuff Vault

The purpose of this package is to secure our secrets and keys. We are using Vault for that. Vault is a tool for securely accessing secrets. Secrets could be: passwords, API keys, SSH keys, RSA tokens, certificates ...

For example you have environment variables for a project, you can read them from Vault, instead of storing them within .env file or config files which is not secure.

Install

npm i @aui.io/stf-vault-h

API Documentation

Public init method

initBasic(baseUrl: string) { ... };

This method should be the first one you run in order to be able to use other methods.
It is used to initialize a new Vault instance by using hashi-vault-js library, this instance is saved in a private variable called _vault, and is used internally.

Public init method

public initForAppRole(roleId: string, secretId: string, baseUrl: string) { ... };

If you need to use App Role connection method (connectViaAppRole) you can use this method, or use the initBasic method and use these public methods setRoleId and setSecretId

This method is used to initialize a new Vault instance by using hashi-vault-js library, this instance is saved in a private variable called _vault, and is used internally.

The difference between this method and initBasic, that we are saving internally roleId and secretId, so you do not need to set them manually.

Public healthStatus method

healthStatus() { ... };

Check health status of the Vault server (using hashi-vault-js), the object can be retrieved using getHealth method, NOTICE: you need to run the headlthStatus method first in order to be able later on to use getHealth method

Public connectViaAppRole method

connectViaAppRole() { ... };

The approle auth method allows machines or apps to authenticate with Vault-defined roles.
This method relies on this two variables roleId, secretId that has been passed to the init method

Public readKVSecret method

/**
 *
 * @param token String
 * @param key String  example => secret/testapp/github
 */
readKVSecret(key: string) { ... };

Read Key Value Secret - This method used to retrieve the contents of a secret by passing the secret name/key

Getting started

Usage Example

The following configuration options are available:

import vaultInstance from '@aui.io/stf-vault-h';
  
const requestData = {
  roleId : "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
  secretId: "12345678-1234-1234-1234-1234567890123",
  baseUrl: "https://your-url.com/v1",
};

vaultInstance.initForAppRole(requestData.roleId, requestData.secretId, requestData.baseUrl);

(async () => {

  console.log("-------------------Testing - Vault health check");
  const healthData = await vaultInstance.healthStatus();
  console.log(healthData);

  console.log("-------------------Testing - Make an auth connection with app role");
  const result = await vaultInstance.connectViaAppRole();
  const clientToken = vaultInstance.getClientToken();
  

  console.log("-------------------Testing - Read a key value secret from Vault");
  const key = 'testapp/config';
  const secret = await vaultInstance.readKeyValueSecret(clientToken, key);
  console.log(secret);

})();

Dependencies

This package is a wrapper for hashi-vault-js

Credits

Esmat Tony

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

Please see License File for more information.

hashi-vault-js
@infinitebrahmanuniverse/nolb-vau@everything-registry/sub-chunk-3044
0.0.5

3 years ago

0.0.4

3 years ago

0.0.3

3 years ago

0.0.2

3 years ago