Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/caiyeon/goldfish
A HashiCorp Vault UI written with VueJS and Vault native Go API
https://github.com/caiyeon/goldfish
bulma-css go golang hashicorp-vault vault vault-ui vue-admin vuejs
Last synced: 3 months ago
JSON representation
A HashiCorp Vault UI written with VueJS and Vault native Go API
- Host: GitHub
- URL: https://github.com/caiyeon/goldfish
- Owner: Caiyeon
- License: mpl-2.0
- Archived: true
- Created: 2017-01-19T19:34:31.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2018-09-05T03:18:53.000Z (over 6 years ago)
- Last Synced: 2024-10-01T05:42:23.694Z (3 months ago)
- Topics: bulma-css, go, golang, hashicorp-vault, vault, vault-ui, vue-admin, vuejs
- Language: Vue
- Homepage: https://vault-ui.io
- Size: 28.3 MB
- Stars: 2,150
- Watchers: 69
- Forks: 167
- Open Issues: 26
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
Goldfish Vault UI - Live Demo
Share this repo with your colleagues!## What is this?
Goldfish - A HashiCorp Vault UI and workflow tool. pic.twitter.com/uVWLuQEBMi
— Kelsey Hightower (@kelseyhightower) August 21, 2017Goldfish answers many auditing and administration questions that Vault API can't:
* Right now, are there any root tokens in Vault?
* Which policies, users, and tokens can access this particular secret path?
* The unseal admins are working from home, but we need a policy changed.
* How do we generate a root token only for this change, and make sure it's revoked after?
* I store my policies on a Github repo. Can I deploy all my policies in one go? [See more](https://github.com/Caiyeon/goldfish/wiki/Features#request-policy-change-by-github-commit)
* If I remove this secret/policy, will anybody's workflow break?## [Deploy goldfish in production in minutes!](https://github.com/Caiyeon/goldfish/wiki/Production-Deployment)
Seriously, the instructions fit on one screen!
## Features
* [x] Hot-loadable server settings from a provided vault endpoint
* [x] Displaying a vault endpoint as a 'bulletin board' in homepage
* [x] **Logging in** with token, userpass, github, or LDAP
* [x] **Secret** Reading/editing/creating/listing
* [x] **Auth** Searching/creating/listing/deleting
* [x] **Mounts** Listing
* [x] **Policies** Searching/Listing
* [x] Encrypting and decrypting arbitrary strings using transit backend#### Major features: [See wiki for more](https://github.com/Caiyeon/goldfish/wiki/Features)
* [x] **DONE!** Searching tokens by policy [walkthrough](https://github.com/Caiyeon/goldfish/wiki/Features#searching-tokens)
- E.g. Display all tokens that have the policy 'admins'
* [x] **DONE!** Searching policy by rule [walkthrough](https://github.com/Caiyeon/goldfish/wiki/Features#searching-policies)
- E.g. Display all policies that can access 'secret/data*'
* [x] **DONE!** Request & approval based policy changes [walkthrough](https://github.com/Caiyeon/goldfish/wiki/Features#policy-change-requests)
- Users can place a policy change request in vault
- Admins must then provide unseal tokens for that specific request
- Upon reaching a set number, goldfish generates a root token, performs edit, and revokes the root token
* [x] **DONE!** **Terraform your vault** [walkthrough](https://github.com/Caiyeon/goldfish/wiki/Features#request-policy-change-by-github-commit)
- Fetch a folder of policies from a commit in github
- Admins can enter their unseal tokens for approval to set vault policies according to policies found
- Change dozens of policies in one go!
* [x] **DONE!** Resource dependency chain
- E.g. Will removing a particular policy affect current users?
- Will removing a mount or secret path affect current users?## Screenshots
![](screenshots/Login.png)
![](screenshots/PolicyRequest.png)
![](screenshots/BulletinBoard.png)
![](screenshots/TokenCreator.png)
![](screenshots/Users.png)
## Developing Goldfish
#### Running locally
You'll need go (v1.9), nodejs (v8.2), and npm (v5)```bash
# hashicorp vault ui# clone goldfish
go get github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish# running goldfish server in -dev will spin up a local vault instance for you
go run server.go -dev# running goldfish frontend in dev mode will allow for hot-reload of frontend files
cd frontend
sudo npm install -g cross-env
npm install
npm run dev# a browser window/tab should open, pointing directly to goldfish
```#### Using a VM
A vagrantfile is available as wellYou'll need [Vagrant](https://www.vagrantup.com/downloads.html) and [VirtualBox](https://www.virtualbox.org/). On Windows, a restart after installation is needed.
```bash
# if you wish to launch goldfish in a VM:
git clone https://github.com/Caiyeon/goldfish.git
cd goldfish/vagrant# this will take awhile
vagrant up --provision# go to localhost:8080 on your local machine and login with token 'goldfish'
# changes to frontend .vue files will be hot-reloaded
# to force a full reload for the frontend, ssh into the machine and run
# `sudo systemctl restart goldfish_frontend.service`
# to recompile and re-run the backend, ssh into the machine and run
# `sudo systemctl restart goldfish.service`
```#### Compiling
You'll need Go(v1.9), Nodejs (v8.2.0), Npm (v5)Note that using different versions (of nodeJS, especially) will cause differences in the final binary.
```bash
# download the source code
go get -d github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish# resetting to a tagged version is recommended
# no support will be given to arbitrary commits on the master branch
git fetch --all --tags --prune
git checkout tags/ # version could be, for example, v0.8.0# compile the binary
sh build.sh
```## Development
Goldfish is in very active development.Pull requests and feature requests are welcome. Feel free to suggest new workflows by opening issues.
## Components
Frontend:
* VueJS
* Bulma CSS
* Vue AdminBackend:
* [Vault API](https://godoc.org/github.com/hashicorp/vault/api) wrapper## Design
See: [Architecture](https://github.com/Caiyeon/goldfish/wiki/Architecture)
## Sponsored by
![](screenshots/DO_Logo_Horizontal_Blue.png)
## Why 'Goldfish'?
This server should behave as a goldfish, forgetting everything immediately after a request is completed. That, and other inside-joke reasons.
Credits for the goldfish icon goes to [Laurel Chan](https://www.linkedin.com/in/laurel-chan-11baa286)