|
1 year ago | |
---|---|---|
build/deb | 1 year ago | |
cmd | 1 year ago | |
test | 1 year ago | |
vendor | 1 year ago | |
.gitignore | 1 year ago | |
Dockerfile | 1 year ago | |
Jenkinsfile | 1 year ago | |
README.md | 1 year ago | |
go.mod | 1 year ago | |
go.sum | 1 year ago | |
license.txt | 1 year ago | |
main.go | 1 year ago | |
test-config.yaml | 1 year ago |
This small program can retrieve secret from Vault's path and save as local json file or expose as ENV variable expression.
So you need to specify Vault URL and Token to get connection established.
You can specify Vault URL (by priority):
VAULT_RETRIEVER_ADDRESS
--vault
in command linevault.address
in configuration fileYou can specify Vault Token (by priority):
VAULT_RETRIEVER_TOKEN
--token
in command linevault.token
in configuration fileIf credentials not set program return code 1.
You need to create a config file somewhere (or mount it to container) with connection settings and secrets to get. You can specify configuration with ENV variable VAULT_RETRIEVER_FILE
or command line argument --config
. Fallback filename is vault.yaml
.
Sample config file with connection parameters and secrets:
vault:
address: https://vault.blindage.org
token: s.otBH1tQ5IMDZRBJC1SEuTEPX
# Set output env format, https://golang.org/pkg/fmt/
# Default: %v="%v"
envFormat: 'export %v="%v"'
secrets:
# Set secret path in Vault
- path: /ssh-vault-test/public/vlad
# Save to specified file
# By default complete json data, but not is this case, see below
file: test/secret-vlad.json
# If "key" presents it will return only plain value of this key, not json
key: username
# Return value as ENV expression
# Result in console stdout as defined env format:
# export SSH_USERNAME="vlad"
env: "SSH_USERNAME"
# Save complete data in json format to file
- path: /ssh-vault-test/public/anya
file: test/secret-anya.json
# Return value as ENV expression, no save to file
# Result in console stdout:
# export SSH_NAME="Kot Koteykin"
- path: /ssh-vault-test/public/kot
key: name
env: "SSH_NAME"
Show help screen with arguments:
$> ./vault-retriever -h
vault-retriever exposes secrets from Vault to ENV variables and/or files.
Read documentation here https://git.blindage.org/21h/vault-retriever
Usage:
vault-retriever [flags]
Flags:
-c, --config string Configuration file
-h, --help help for vault-retriever
-t, --token string Vault Token
-v, --vault string Vault URL
Good luck.
Copyright by Vladimir Smagin (21h) 2019
http://blindage.org email: 21h@blindage.org
Project page: https://git.blindage.org/21h/vault-retriever