Get secrets from Vault in bash ENV format
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

2.5 KiB

vault-envs

Retrieve Vault KV storage path as env variables.

>$ ./vault-envs -h
Usage of ./vault-envs:
  -envs-prefix string
        Set ENVs prefix if same named secrets already exported
  -timeout string
        Set timeout to connect in seconds (default "10s")
  -token string
        Set token to authorize API requests
  -vault-path string
        Set KV secrets path, like /databases/postgres-main
  -vault-url string
        Set Vault URL, like https://vault.myproject.ru:8000

Install it from http://deb.blindage.org (Ubuntu\Debian) or download binary from Releases tab.

How to use

Create sample KV secret /databases/test with two named values and run (prefix used):

>$ ./vault-envs -token s.UYzqUtrBpL5MX3YP7GzXapZR \
        -vault-url https://vault.blindage.org \
        -vault-path /databases/test
        -envs-prefix="JOPA_"

Output:

VAULT_RETRIEVER=vault-envs
JOPA_env1=value1
JOPA_env2=value2

Ok, you got your values in ENV variables format, additional mark of vault-envs added. Now export variables to current session:

>$ export eval `./vault-envs -token s.UYzqUtrBpL5MX3YP7GzXapZR \
        -vault-url https://vault.blindage.org \
        -vault-path /databases/test`
>$ echo "Value of env2 is: $env2"
Value of env2 is: value2

How to use in Docker containers

Now think about creating bash script that you can run BEFORE your application start to provide required ENV variables.

Contents of set_vars.sh script:

#!/bin/bash

export eval `/opt/vault-envs/vault-envs -token "$VAULT_TOKEN" \
        -vault-url https://vault.blindage.org \
        -vault-path /databases/test`

exec "$@"

Contents of Dockerfile:

FROM ubuntu:20.04
LABEL maintainer="Vladimir Smagin <21h@blindage.org>, https://blindage.org"
RUN apt update && apt install -y ca-certificates
COPY vault-envs set_vars.sh /opt/vault-envs/
RUN chmod +x /opt/vault-envs/*
ENTRYPOINT ["/opt/vault-envs/set_vars.sh"]

Now build and run!

>$ go build && cp vault-envs sample/ && cd sample
>$ docker build -t vault-envs .
>$ docker run --rm -e VAULT_TOKEN=s.UYzqUtrBpL5MX3YP7GzXapZR vault-envs printenv

Output:

HOSTNAME=579764792a0b
VAULT_TOKEN=s.UYzqUtrBpL5MX3YP7GzXapZR
PWD=/
HOME=/root
VAULT_RETRIEVER=vault-envs
TERM=xterm
SHLVL=0
env2=value2
env1=value1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Cool! You made it!


Copyright by Vladimir Smagin (21h) 2020
http://blindage.org email: 21h@blindage.org
Project page: https://git.blindage.org/21h/vault-envs