{"id":20227752,"url":"https://github.com/sdetoni/vault_recursive_gui","last_synced_at":"2025-04-10T17:24:48.270Z","repository":{"id":60392531,"uuid":"530048952","full_name":"sdetoni/vault_recursive_gui","owner":"sdetoni","description":"HasiCorp Vault Recursive GUI Overlay","archived":false,"fork":false,"pushed_at":"2025-03-21T03:10:40.000Z","size":6324,"stargazers_count":9,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-21T04:23:44.263Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sdetoni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-29T03:11:56.000Z","updated_at":"2025-03-21T03:10:43.000Z","dependencies_parsed_at":"2023-10-04T09:00:22.885Z","dependency_job_id":"efc3ce47-871e-450f-a380-913ba907b24f","html_url":"https://github.com/sdetoni/vault_recursive_gui","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdetoni%2Fvault_recursive_gui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdetoni%2Fvault_recursive_gui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdetoni%2Fvault_recursive_gui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdetoni%2Fvault_recursive_gui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sdetoni","download_url":"https://codeload.github.com/sdetoni/vault_recursive_gui/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248261965,"owners_count":21074229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T07:26:24.788Z","updated_at":"2025-04-10T17:24:48.265Z","avatar_url":"https://github.com/sdetoni.png","language":"JavaScript","readme":"# vault_recursive_gui\n\u003ca href=\"https://github.com/sdetoni/vault_recursive_gui\"\u003eHasiCorp Vault Recursive GUI overlay\u003c/a\u003e\n\nThe project implements a GUI over the top of the built in Vault GUI.\nIt does this using a reverse web proxy, and wedges in the Vault GUI using an I-Frame.\nThe vault_recursive_gui uses standard Vault API calls to recursively search a Vault \nrepository on KV2 type secret mount points. Results returned are based upon the logged in user's policies.\nOnce Vault secrets are returned or pre-cached, they're stored locally in the client\nweb browser's memory in an encrypted form using AES-CTR encryption, and a randomly generated key.\n\nIn addition to recursive searching, this GUI provides:\n   - cut and paste of Vault items and directories.\n   - rename and moving of vault items and directories.\n   - pin search history.\n   - regular expressions in searching.\n   - secret password generator.\n   - export and import of secrets using json file format.\n   - root token generator and revoker.\n   - programmer example code to access secret items in PowerShell.\n   \nThe project contains an example Vault setup that implements the GUI overly.\nIt uses 2 dependent pieces of software: \n   Caddy  : A reverse proxy to handle web server, and reverse proxy to the Vault daemon.\n   NodeJS : NodeJS server to handle bulk downloading for very large Vault secret databases. \n   \nNote: The example Vault secret database in this project should NEVER EVER be used in an production environment without changing unseal keys and the root token!\n\nAll API code is written in Javascript and JQuery.\n\n-------------------------------------------------------------------------------------------\n\nExample Software Stack\n----------------------\n\nDownload NodeJS, Caddy, and Vault:\n- NodeJS    https://nodejs.org/dist/v16.17.0/node-v16.17.0-win-x64.zip\n- Caddy     https://caddyserver.com/download\n- Vault     https://releases.hashicorp.com/vault/1.18.1/vault_1.18.1_windows_amd64.zip\n       \nReview boot.cmd to see boot sequence:\n  - refer to file **vault-recovery-keys-root-token.json** for **root_token**\n  - Once services have booted, access vault via **https://127.0.0.1** \n  - Login using method **token** and paste in the token password\n\n-------------------------------------------------------------------------------------------\n\nCaddyfile Reverse Proxy:\n    Take note of the Caddyfile that overrides a header to handle restrictions.\n    This is so it can implement an i-frame from the same server.\n    \n```caddy    \n    # override vault about iframe restrictions and allow it for from the same server.\n    header {\n    }\n    \n    reverse_proxy  https://127.0.0.1:8200 {\n        \n        # Update  header Content-Security-Policy from proxy return, replace it with the one in header override\n        # original header:  content-security-policy \"default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action  'none'; frame-ancestors 'none'; font-src 'self'\"\n        header_down   content-security-policy  \"default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action  'none'; frame-ancestors 'self'; font-src 'self'\"\n    }    \n```\n-------------------------------------------------------------------------------------------\n       \n## Web Client Debug Mode\nPress F12 (Chrome or Firefox) to enter debug mode, and select the Console tab to view Javascript information.\n\n## Screenshots\n\n![](screenshots/logged_in.png)\n\n![](screenshots/search.png)\n\n![](screenshots/clone.png)\n\n![](screenshots/example_code.png)\n\n\n## Vault Raft Proxy Caddy Config\n[raft_proxy_caddy.txt](src/raft_config/raft_proxy_caddy.txt)\n\n## Why 'Vault Recursive GUI'?\nVault Recursive GUI does not replace the standard Vault GUI, it adds to it. \nThis means future Vault features will not be missed; other custom Vault GUI's would need to code these change independently.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdetoni%2Fvault_recursive_gui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsdetoni%2Fvault_recursive_gui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdetoni%2Fvault_recursive_gui/lists"}