https://github.com/ceejbot/emancipation-grill
a node client for Hashicorp's Vault
https://github.com/ceejbot/emancipation-grill
Last synced: 12 months ago
JSON representation
a node client for Hashicorp's Vault
- Host: GitHub
- URL: https://github.com/ceejbot/emancipation-grill
- Owner: ceejbot
- License: isc
- Created: 2015-06-01T23:55:52.000Z (about 11 years ago)
- Default Branch: master
- Last Pushed: 2017-05-02T18:15:41.000Z (about 9 years ago)
- Last Synced: 2025-04-18T20:25:31.184Z (about 1 year ago)
- Language: JavaScript
- Size: 83 KB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 19
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# emancipation-grill
A pure JavaScript node client for [Hashicorp's Vault](https://hashicorp.com/blog/vault.html).
[](https://www.npmjs.org/package/emancipation-grill) [](http://travis-ci.org/ceejbot/emancipation-grill) [](https://coveralls.io/r/ceejbot/emancipation-grill) [](https://david-dm.org/ceejbot/emancipation-grill)
Tested against vault 0.6.5. Uses ES6 template strings, so it requires node 4 or newer.
## Usage
All functions return a promise if a callback is not provided. All functions have the following signature:
```javascript
grill.funcname(name, dataObj, callbackFunc);
```
The `name` param is substituted into the url path. The `dataObj` parameter is an optional object containing any data required for PUT or POST operations on the Vault api.
```javascript
var grill = new EmancipationGrill();
grill.initialized()
.then(function(response)
{
return grill.read('secret/apikey');
})
.then(function(key)
{
// do something with the key
}).done();
grill.removePolicy('policy-name', function(err, res) { });
grill.addPolicy('policy-name', { policy: 'data here'}, function(err, res) { });
grill.mount('aws', {}, function(err, res) { });
grill.unmount('aws', function(err, res) { });
```
## API
The implemented functions:
| Grill function | Vault API endpoint | notes |
| --- | --- | --- |
| `read()` | | read a secret
| `write()` | | write a secret
| `delete()` | | delete a secret
| `readSecret()` | | read a secret from the `/secret` path
| `writeSecret()` | | write a secret to the `/secret` path
| `deleteSecret()` | | delete a secret from the `/secret` path
| `initialized()` | [GET /sys/init](http://vaultproject.io/docs/http/sys-init.html) | No parameters.
| `initialize()` | [PUT /sys/init](http://vaultproject.io/docs/http/sys-init.html) | Requires payload.
| `sealed()` | [GET /sys/seal-status](http://vaultproject.io/docs/http/sys-seal-status.html) | No parameters.
| `unseal()` | [PUT /sys/unseal](http://vaultproject.io/docs/http/sys-unseal.html)| Requires `secret_shares` and `key` params in payload.
| `seal()` | [PUT /sys/seal](http://vaultproject.io/docs/http/sys-seal.html) | No parameters, no response body.
| `mounts()` | [GET /sys/mount](http://vaultproject.io/docs/http/sys-mounts.html) | No parameters.
| `mount()` | [PUT /sys/mount/:backend](http://vaultproject.io/docs/http/sys-mounts.html)
| `unmount()` | [DELETE /sys/mount/:backend](http://vaultproject.io/docs/http/sys-mounts.html)
| `remount()` | [POST /sys/remount](http://vaultproject.io/docs/http/sys-remount.html)
| `policies()` | [GET /sys/policy](http://vaultproject.io/docs/http/sys-policy.html)
| `addPolicy()` | [PUT /sys/policy/:policy](http://vaultproject.io/docs/http/sys-policy.html)
| `removePolicy()` | [DELETE /sys/policy/:policy](http://vaultproject.io/docs/http/sys-policy.html)
| `renewLease()` | [PUT sys/renew/:leaseid](http://vaultproject.io/docs/http/sys-renew.html)
| `revokeLease()` | [PUT /sys/revoke/:leaseid](http://vaultproject.io/docs/http/sys-revoke.html)
| `revokePrefix()` | [PUT /sys/revoke-prefix/:pathprefix](http://vaultproject.io/docs/http/sys-revoke-prefix.html)
| `audits()` | [GET /sys/audit](http://vaultproject.io/docs/http/sys-audit.html)
| `enableAudit()` | [PUT /sys/audit/:backend](http://vaultproject.io/docs/http/sys-audit.html)
| `disableAudit()` | [DELETE /sys/audit/:backend](http://vaultproject.io/docs/http/sys-audit.html)
| `auths()` | [GET /sys/auth](http://vaultproject.io/docs/http/sys-auth.html)
| `enableAuth()` | [PUT /sys/auth/:mountpoint](http://vaultproject.io/docs/http/sys-auth.html) | Requires `type` param in payload.
| `disableAuth()` | [DELETE /sys/auth/:mountpoint](http://vaultproject.io/docs/http/sys-auth.html)
| `health()` | | respond with service health object
| `github()` | | UNIMPLEMENTED TODO
| `mapGithubTeam()` | | UNIMPLEMENTED TODO
## TODO
* finish off the api
* unsealing?
## LICENSE
ISC