Get secrets from Vault in bash ENV format
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

69 lines
1.6 KiB

package main
import (
"flag"
"fmt"
"log"
"time"
"github.com/hashicorp/vault/api"
)
var (
token = flag.String("token", "", "Set token to authorize API requests")
vaultURL = flag.String("vault-url", "", "Set Vault URL, like https://vault.myproject.ru:8000")
vaultPath = flag.String("vault-path", "", "Set KV secrets path, like /databases/postgres-main")
envsPrefix = flag.String("envs-prefix", "", "Set ENVs prefix if same named secrets already exported")
vaultTimeoutFlag = flag.String("timeout", "10s", "Set timeout to connect in seconds")
vaultTimeout = time.Duration(0 * time.Second)
)
func init() {
flag.Parse()
if *token == "" {
log.Fatalln("all requests to API must be authorized, see help")
}
if *vaultURL == "" {
log.Fatalln("you forgot to set vault URL, see help")
}
if *vaultPath == "" {
log.Fatalln("set path of secrets, see help")
}
err := error(nil)
vaultTimeout, err = time.ParseDuration(*vaultTimeoutFlag)
if err != nil {
log.Fatalln("timeout wrong, use time format like: 5s, 21s")
}
}
func main() {
fmt.Println("VAULT_RETRIEVER=vault-envs")
client := &api.Client{}
client, err := api.NewClient(&api.Config{Address: *vaultURL})
if err != nil {
log.Fatalln(err)
}
client.SetToken(*token)
client.SetClientTimeout(vaultTimeout)
vaultClient := client.Logical()
vaultData, err := vaultClient.Read(*vaultPath)
if err != nil {
log.Fatalln(err)
}
if vaultData == nil {
log.Fatalf("No data in path, %v\n", *vaultPath)
}
for varname, value := range vaultData.Data {
fmt.Printf("%v%v=%v\n", *envsPrefix, varname, value)
}
}