{"id":13576963,"url":"https://github.com/nodevault/node-vault","last_synced_at":"2026-04-01T22:25:23.999Z","repository":{"id":31234058,"uuid":"34795315","full_name":"nodevault/node-vault","owner":"nodevault","description":"Client for HashiCorp's Vault","archived":false,"fork":false,"pushed_at":"2026-03-21T23:27:54.000Z","size":950,"stargazers_count":548,"open_issues_count":8,"forks_count":163,"subscribers_count":7,"default_branch":"master","last_synced_at":"2026-03-22T11:02:50.416Z","etag":null,"topics":["api","api-client","client","hashicorp","node","node-vault","nodejs","secrets","vault"],"latest_commit_sha":null,"homepage":"https://vaultproject.io/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nodevault.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"open_collective":"kr1sp1n","custom":["https://opencollective.com/node-vault"]}},"created_at":"2015-04-29T13:27:58.000Z","updated_at":"2026-03-21T23:27:58.000Z","dependencies_parsed_at":"2023-02-16T02:00:24.128Z","dependency_job_id":"5fa08200-49e6-4678-829f-c8a937f12b19","html_url":"https://github.com/nodevault/node-vault","commit_stats":{"total_commits":303,"total_committers":54,"mean_commits":5.611111111111111,"dds":0.6138613861386139,"last_synced_commit":"922f847cdf7e3b09317fc2029362bc37f7eb6d4a"},"previous_names":["kr1sp1n/node-vault"],"tags_count":79,"template":false,"template_full_name":null,"purl":"pkg:github/nodevault/node-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodevault%2Fnode-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodevault%2Fnode-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodevault%2Fnode-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodevault%2Fnode-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nodevault","download_url":"https://codeload.github.com/nodevault/node-vault/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodevault%2Fnode-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-client","client","hashicorp","node","node-vault","nodejs","secrets","vault"],"created_at":"2024-08-01T15:01:16.372Z","updated_at":"2026-04-01T22:25:23.559Z","avatar_url":"https://github.com/nodevault.png","language":"JavaScript","funding_links":["https://opencollective.com/kr1sp1n","https://opencollective.com/node-vault","https://opencollective.com/node-vault/contribute"],"categories":["JavaScript"],"sub_categories":[],"readme":"# node-vault\n\n[![Build Status](https://img.shields.io/github/actions/workflow/status/nodevault/node-vault/lint-and-test.yaml?branch=master\u0026style=flat-square)](https://github.com/nodevault/node-vault/actions/workflows/lint-and-test.yaml)\n[![Download Status](https://img.shields.io/npm/dm/node-vault.svg?style=flat-square)](https://www.npmjs.com/package/node-vault)\n[![NPM Version](https://img.shields.io/npm/v/node-vault?style=flat-square)](https://www.npmjs.com/package/node-vault)\n[![License](https://img.shields.io/npm/l/node-vault?style=flat-square)](https://github.com/nodevault/node-vault/blob/master/LICENSE)\n[![Dependency Status](https://img.shields.io/librariesio/release/npm/node-vault.svg?style=flat-square)](https://libraries.io/npm/node-vault/)\n[![Open Collective backers and sponsors](https://img.shields.io/opencollective/all/node-vault?style=flat-square)](https://opencollective.com/node-vault/contribute)\n\nA client for the HTTP API of HashiCorp's [Vault] written for Node.js.\n\n\n## Install\n\nPrerequisites:\n - Node.js \u003e= `18.0.0`\n\n```bash\nnpm install -S node-vault\n```\n\n\u003e **Note:** If you need to use an older version of Node.js (\u003e= 6.x), use `node-vault \u003c= v0.10.0`.\n\u003e Please be aware that `node-vault \u003c= v0.10.0` contains multiple known vulnerabilities ☠️\n\nTypeScript definitions are included in the package.\n\n\n## Test\n\nRun tests using docker-compose (includes vault and postgres) with:\n```bash\ndocker-compose up --force-recreate test\n```\n\n## Configuration\n\n### Client Options\n\n```javascript\nconst vault = require('node-vault')({\n apiVersion: 'v1', // API version (default: 'v1')\n endpoint: 'http://127.0.0.1:8200', // Vault server URL (default: 'http://127.0.0.1:8200')\n token: 'MY_TOKEN', // Vault token for authentication\n pathPrefix: '', // Optional prefix for all request paths\n namespace: 'my-namespace', // Vault Enterprise namespace\n noCustomHTTPVerbs: false, // Use GET with ?list=1 instead of LIST HTTP method\n requestOptions: {}, // Custom axios request options applied to all requests\n});\n```\n\n\u003e **Note:** Trailing slashes in the `endpoint` URL (e.g. `http://127.0.0.1:8200/`) are automatically stripped to prevent malformed request URIs.\n\n### Environment Variables\n\nThe client reads the following environment variables as defaults:\n\n| Variable | Description |\n| --- | --- |\n| `VAULT_ADDR` | Vault server URL (overridden by `endpoint` option) |\n| `VAULT_TOKEN` | Vault token (overridden by `token` option) |\n| `VAULT_NAMESPACE` | Vault Enterprise namespace (overridden by `namespace` option) |\n| `VAULT_PREFIX` | Request path prefix (overridden by `pathPrefix` option) |\n| `VAULT_SKIP_VERIFY` | When set, disables SSL certificate verification |\n\n\n## Usage\n\n### Init and unseal\n\n```javascript\nconst vault = require('node-vault')({\n apiVersion: 'v1',\n endpoint: 'http://127.0.0.1:8200',\n token: 'MY_TOKEN', // optional; can be set after initialization\n});\n\n// init vault server\nvault.init({ secret_shares: 1, secret_threshold: 1 })\n .then((result) =\u003e {\n const keys = result.keys;\n // set token for all following requests\n vault.token = result.root_token;\n // unseal vault server\n return vault.unseal({ secret_shares: 1, key: keys[0] });\n })\n .catch(console.error);\n```\n\n### Unseal a vault that is already initialized\n\nIf the vault server has been restarted or sealed, you can unseal it using\nthe unseal keys from the original initialization. If the vault was initialized\nwith `secret_threshold \u003e 1`, you must call `unseal` multiple times with\ndifferent keys until the threshold is met.\n\n```javascript\nconst vault = require('node-vault')({\n apiVersion: 'v1',\n endpoint: 'http://127.0.0.1:8200',\n});\n\n// unseal vault server with a single key\nvault.unseal({ key: 'my-unseal-key' })\n .then(console.log)\n .catch(console.error);\n```\n\nWhen the vault requires multiple unseal keys (threshold \u003e 1):\n\n```javascript\nvault.unseal({ key: 'first-unseal-key' })\n .then((result) =\u003e {\n // result.sealed will be true until enough keys are provided\n console.log('Sealed:', result.sealed);\n console.log('Progress:', result.progress + '/' + result.t);\n return vault.unseal({ key: 'second-unseal-key' });\n })\n .then((result) =\u003e {\n // once the threshold is met, sealed will be false\n console.log('Sealed:', result.sealed);\n })\n .catch(console.error);\n```\n\nSee [example/unseal.js](example/unseal.js) for a working example.\n\n### Write, read, update and delete secrets\n\n```javascript\nvault.write('secret/hello', { value: 'world', lease: '1s' })\n .then(() =\u003e vault.read('secret/hello'))\n .then(() =\u003e vault.delete('secret/hello'))\n .catch(console.error);\n```\n\nThe `update` method sends a `PATCH` request with `application/merge-patch+json` content type:\n\n```javascript\nvault.update('secret/data/hello', { data: { value: 'new-world' } })\n .catch(console.error);\n```\n\n### List secrets\n\n```javascript\nvault.list('secret/metadata/')\n .then((result) =\u003e console.log(result.data.keys))\n .catch(console.error);\n```\n\n### Kubernetes Auth Example\n\n```javascript\nconst fs = require('fs');\n\n// Read service account token from default mount path\nconst jwt = fs.readFileSync('/var/run/secrets/kubernetes.io/serviceaccount/token', { encoding: 'utf8' });\n\n// If the Vault Kubernetes auth endpoint is /auth/example-cluster/login and the role is example-role\nvault.kubernetesLogin({\n role: 'example-role',\n jwt: jwt,\n mount_point: 'example-cluster',\n}).catch(console.error);\n```\n\n### AppRole Auth Example\n\n```javascript\nconst vault = require('node-vault')();\n\nvault.approleLogin({\n role_id: 'my-role-id',\n secret_id: 'my-secret-id',\n})\n .then((result) =\u003e {\n // client token is automatically set on successful login\n console.log(result.auth.client_token);\n })\n .catch(console.error);\n```\n\n### Error Handling\n\nThe client exposes two error types accessible from the module:\n\n- **`VaultError`** — Base error class for all vault-related errors.\n- **`ApiResponseError`** — Thrown on non-200/204 responses. Contains a `response` property with `statusCode` and `body`.\n\n```javascript\nvault.read('secret/missing')\n .catch((err) =\u003e {\n console.error(err.message); // Error message from Vault\n if (err.response) {\n console.error(err.response.statusCode); // e.g. 404\n console.error(err.response.body); // Response body from Vault\n }\n });\n```\n\n### Custom Commands\n\nYou can register custom API commands using `generateFunction`:\n\n```javascript\nvault.generateFunction('myCustomEndpoint', {\n method: 'GET',\n path: '/my-custom/endpoint/{{id}}',\n});\n\n// Use the generated function\nvault.myCustomEndpoint({ id: 'abc123' })\n .then(console.log)\n .catch(console.error);\n```\n\n\n## Docs\nGenerate [docco] docs via:\n```bash\nnpm run docs\n```\n\n\n## Examples\nPlease have a look at the [examples] and the generated [feature list] to see all supported Vault API endpoints.\n\nInstead of installing all the dependencies like vault itself and postgres, you can\nuse [docker] and [docker-compose] to link and run multiple docker containers with all of their dependencies.\n\n```bash\ngit clone git@github.com:nodevault/node-vault.git\ncd node-vault\ndocker-compose up vault\n```\n\nNow you can run the examples from another terminal window.\n\nFirst of all you should initialize and unseal the vault:\n```bash\nnode example/init.js\n```\nYou should see `root_token:` followed by a long key in the response.\nPlease copy that long key and export it as an environment variable:\n```bash\nexport VAULT_TOKEN=\u003cinsert long key here\u003e\n```\n\nNow you are able to run all of the other [examples]:\n```bash\nnode example/policies.js\n```\n\n## Connecting to Vault Through a Bastion Host\n\nTo connect to a vault server in a private network through a bastion host, first open a SOCKS proxy connection:\n```bash\nssh -D \u003csocksPort\u003e bastion.example.com\n```\n\nThen configure the client with a SOCKS proxy agent:\n```javascript\nconst { SocksProxyAgent } = require('socks-proxy-agent');\nconst agent = new SocksProxyAgent(`socks://127.0.0.1:${socksPort}`);\n\nconst vault = require('node-vault')({\n apiVersion: 'v1',\n requestOptions: {\n httpsAgent: agent,\n httpAgent: agent,\n },\n});\n```\n\n## Custom SSL/TLS Configuration\n\nIf you encounter SSL errors after upgrading to Node 18+ (e.g., `EPROTO` errors related to\n`unsafe legacy renegotiation disabled`), you can pass SSL/TLS options via `requestOptions`\nor `rpDefaults` when initializing the client:\n\n```javascript\nconst vault = require('node-vault')({\n apiVersion: 'v1',\n endpoint: 'https://vault.example.com:8200',\n token: 'MY_TOKEN',\n requestOptions: {\n agentOptions: {\n securityOptions: 'SSL_OP_LEGACY_SERVER_CONNECT',\n },\n },\n});\n```\n\nThe `requestOptions` object supports TLS/SSL options (`ca`, `cert`, `key`, `passphrase`,\n`agentOptions`, `strictSSL`) as well as `timeout`, `httpsAgent`, and `httpAgent`. TLS options\nare mapped to an `https.Agent` and applied to every request. You can also pass native\n[axios](https://axios-http.com/) request options such as custom `headers`.\n\nYou can also pass request options per-call to any method:\n\n```javascript\nvault.read('secret/hello', {\n agentOptions: {\n securityOptions: 'SSL_OP_LEGACY_SERVER_CONNECT',\n },\n});\n```\n\nSee [example/pass_request_options.js](example/pass_request_options.js) for more examples.\n\n[![Backers](https://opencollective.com/node-vault/tiers/backers.svg?avatarHeight=80\u0026width=600)](https://opencollective.com/node-vault/contribute)\n\n[examples]: https://github.com/nodevault/node-vault/tree/master/example\n[docker-compose.yml]: https://github.com/nodevault/node-vault/tree/master/docker-compose.yml\n[Vault]: https://vaultproject.io/\n[docker-compose]: https://docs.docker.com/compose/\n[docker]: https://docs.docker.com/\n[docco]: http://jashkenas.github.io/docco\n[feature list]: https://github.com/nodevault/node-vault/tree/master/features.md\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodevault%2Fnode-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnodevault%2Fnode-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodevault%2Fnode-vault/lists"}