{"id":21680307,"url":"https://github.com/matthewoden/libvault","last_synced_at":"2025-10-28T13:39:05.035Z","repository":{"id":47898956,"uuid":"157785093","full_name":"matthewoden/libvault","owner":"matthewoden","description":"A flexible, configurable vault library.","archived":false,"fork":false,"pushed_at":"2022-11-09T15:13:08.000Z","size":118,"stargazers_count":44,"open_issues_count":1,"forks_count":9,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-14T05:25:10.972Z","etag":null,"topics":["elixir","elixir-lang","hashicorp-vault","vault"],"latest_commit_sha":null,"homepage":"https://hexdocs.pm/libvault","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matthewoden.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-15T23:22:39.000Z","updated_at":"2024-05-23T16:04:00.000Z","dependencies_parsed_at":"2023-01-21T09:02:50.361Z","dependency_job_id":null,"html_url":"https://github.com/matthewoden/libvault","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewoden%2Flibvault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewoden%2Flibvault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewoden%2Flibvault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewoden%2Flibvault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matthewoden","download_url":"https://codeload.github.com/matthewoden/libvault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230532443,"owners_count":18240792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elixir","elixir-lang","hashicorp-vault","vault"],"created_at":"2024-11-25T15:15:44.243Z","updated_at":"2025-10-28T13:39:00.001Z","avatar_url":"https://github.com/matthewoden.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# libvault\n\n[![travis-ci.com](https://travis-ci.com/matthewoden/libvault.svg?branch=master)](https://travis-ci.com/matthewoden/libvault)\n[![hex.pm](https://img.shields.io/hexpm/v/libvault.svg)](https://hex.pm/packages/libvault)\n[![hex.pm](https://img.shields.io/hexpm/dt/libvault.svg)](https://hex.pm/packages/libvault)\n[![hex.pm](https://img.shields.io/hexpm/l/libvault.svg)](https://hex.pm/packages/libvault)\n[![github.com](https://img.shields.io/github/last-commit/matthewoden/libvault.svg)](https://github.com/matthewoden/libvault/commits/master)\n\nHighly configurable library for HashiCorp's\n[Vault](https://www.vaultproject.io/) which handles authentication for multiple\nbackends, and reading, writing, listing, and deleting secrets for a variety of\nengines.\n\nWhen possible, it tries to emulate the CLI, with `read`, `write`, `list` and\n`delete` and `auth` methods. An additional `request` method is provided when\nyou need further flexibility with the API.\n\nHTML docs can be found at\n[https://hexdocs.pm/libvault](https://hexdocs.pm/libvault).\n\n## API Preview\n\n```elixir\n{:ok, vault} =\n  Vault.new(\n    engine: Vault.Engine.KVV2,\n    auth: Vault.Auth.UserPass\n  )\n  |\u003e Vault.auth(%{username: \"username\", password: \"password\"})\n\n{:ok, db_pass} = Vault.read(vault, \"secret/path/to/password\")\n\n{:ok, %{\"version\" =\u003e 1 }} = Vault.write(vault, \"secret/path/to/creds\", %{secret: \"secrets!\"})\n```\n\n## Configuration / Adapters\n\nHashicorp's Vault is highly configurable. Rather than cover every possible\noption, this library strives to be flexible and adaptable. Auth backends,\nSecret Engines, and HTTP clients are all replaceable, and each behaviour asks\nfor a minimal contract.\n\n## HTTP Adapters\n\nThe following HTTP Adapters are provided:\n\n- `Tesla` with `Vault.HTTP.Tesla`\n  - Can be configured to use [`Hackney`][hackney], [`iBrowse`][ibrowse] or [`Mint`][mint]\n\nBe sure to add applications and dependencies to your mix file as needed.\n\n### JSON Adapters\n\nMost JSON libraries provide the same methods, so no default adapter is needed.\nYou can use `Jason`, `JSX`, `Poison`, or whatever encoder you want.\n\nDefaults to `Jason` or `Poison` if present.\n\nSee `Vault.JSON.Adapter` for the full behaviour interface.\n\n## Auth Adapters\n\nAdapters have been provided for the following auth backends:\n\n- [AppRole](https://www.vaultproject.io/api/auth/approle/index.html) with `Vault.Auth.Approle`\n- [Azure](https://www.vaultproject.io/api/auth/azure/index.html) with `Vault.Auth.Azure`\n- [GitHub](https://www.vaultproject.io/api/auth/github/index.html) with `Vault.Auth.Github`\n- [GoogleCloud](https://www.vaultproject.io/api/auth/gcp/index.html) with with `Vault.Auth.GoogleCloud`\n- [JWT](https://www.vaultproject.io/api/auth/jwt/index.html) with `Vault.Auth.JWT`\n- [Kubernetes](https://www.vaultproject.io/api/auth/jwt/index.html) with `Vault.Auth.Kubernetes`\n- [LDAP](https://www.vaultproject.io/api/auth/ldap/index.html) with `Vault.Auth.LDAP`\n- [UserPass](https://www.vaultproject.io/api/auth/userpass/index.html) with `Vault.Auth.UserPass`\n- [Token](https://www.vaultproject.io/api/auth/token/index.html#lookup-a-token-self-) with `Vault.Auth.Token`\n\nIn addition to the above, a generic backend is also provided\n(`Vault.Auth.Generic`).  If support for auth provider is missing, you can still\nget up and running quickly, without writing a new adapter.\n\n## Secret Engine Adapters\n\nMost of Vault's Secret Engines use a replaceable API. The\n`Vault.Engine.Generic` adapter should handle most use cases for secret\nfetching.\n\nVault's KV version 2 broke away from the standard REST convention. So KV has\nbeen given its own adapter:\n\n- [Key/Value](https://www.vaultproject.io/api/secret/kv/index.html)\n  - [v1](https://www.vaultproject.io/api/secret/kv/kv-v1.html) with `Vault.Engine.KVV1`\n  - [v2](https://www.vaultproject.io/api/secret/kv/kv-v2.html) with `Vault.Engine.KVV2`\n\n### Additional request methods\n\nThe core library only handles the basics around secret fetching. If you need to\naccess additional API endpoints, this library also provides a `Vault.request`\nmethod. This should allow you to tap into the complete vault REST API, while\nstill benefiting from token control, JSON parsing, and other HTTP client\nniceties.\n\n## Installation and Usage\n\n### Installation\n\nEnsure that any adapter dependencies have been included as part of your\napplication's dependencies:\n\n```elixir\ndef deps do\n  [\n    {:libvault, \"~\u003e 0.2.0\"},\n\n    # tesla, required for Vault.HTTP.Tesla\n    {:tesla, \"~\u003e 1.3.0\"},\n\n    # pick your HTTP client - Mint, iBrowse or hackney\n    {:mint, \"~\u003e 0.4.0\"},\n    {:castore, \"~\u003e 0.1.0\"},\n\n    # Pick your json parser - Jason or Poison\n    {:jason, \"\u003e= 1.0.0\"}\n  ]\nend\n```\n\n### Usage\n\n```elixir\nvault =\n  Vault.new([\n    engine: Vault.Engine.KVV2,\n    auth: Vault.Auth.UserPass,\n    json: Jason,\n    credentials: %{username: \"username\", password: \"password\"}\n  ])\n  |\u003e Vault.auth()\n\n{:ok, db_pass} = Vault.read(vault, \"secret/path/to/password\")\n{:ok, %{\"version\" =\u003e 1 }} = Vault.write(vault, \"secret/path/to/creds\", %{secret: \"secrets!\"})\n```\n\nYou can configure the vault client up front, or change configuration on the\nfly.\n\n```elixir\n  vault =\n    Vault.new()\n    |\u003e Vault.set_auth(Vault.Auth.Approle)\n    |\u003e Vault.set_engine(Vault.Engine.Generic)\n    |\u003e Vault.auth(%{role_id: \"role_id\", secret_id: \"secret_id\"})\n\n  {:ok, db_pass} = Vault.read(vault, \"secret/path/to/password\")\n\n  vault = Vault.set_engine(Vault.Engine.KVV2) // switch to versioned secrets\n\n  {:ok, db_pass} = Vault.write(vault, \"kv/path/to/password\", %{ password: \"db_pass\" })\n```\n\nSee the full `Vault` client for additional methods.\n\n## Testing Locally\n\nWhen possible, tests run against a local vault instance. Otherwise, tests run\nagainst the Vault Spec, using bypass to test to confirm the success case, and\nfollows vault patterns for failure.\n\n1. Install the Vault Go CLI https://www.vaultproject.io/downloads.html\n\n1. In the current directory, set up a local dev server with `sh\n   scripts/setup-local-vault`\n\n1. Vault (at this time) can't be run in the background without a docker\n   instance. For now, set up the local secret engine paths with `sh\n   scripts/setup-engines.sh`\n\n[mint]: https://github.com/ericmj/mint\n[hackney]: https://github.com/benoitc/hackney\n[ibrowse]: https://github.com/cmullaparthi/ibrowse\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewoden%2Flibvault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatthewoden%2Flibvault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewoden%2Flibvault/lists"}