Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/creditkarma/vault-client
A client for Hashicorp Vault written in TypeScript
https://github.com/creditkarma/vault-client
Last synced: about 2 months ago
JSON representation
A client for Hashicorp Vault written in TypeScript
- Host: GitHub
- URL: https://github.com/creditkarma/vault-client
- Owner: creditkarma
- License: apache-2.0
- Created: 2018-02-21T17:48:15.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-11-20T13:03:45.000Z (10 months ago)
- Last Synced: 2024-07-01T22:40:57.918Z (3 months ago)
- Language: TypeScript
- Size: 268 KB
- Stars: 13
- Watchers: 12
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Vault Client
A client for Hashicorp Vault written in TypeScript.
## Install
```sh
$ npm install --save @creditkarma/vault-client
```## Usage
This library exposes two classes for working with Vault, VaultClient and VaultService. VaultClient provides a slightly higher level of abstraction and a more limited API.
### VaultClient
VaultClient provides two methods: get and set. Both methods return Promises.
#### Options
VaultClient expects the access token for Vault to be available in a local file. The path to this file is passed as an option.
Available options:
* apiVersion - API version to use. Currently this can only be 'v1'.
* protocol - The protocol to use 'http' or 'https'. Defaults to 'http'.
* destination - The location of the Vault instance. Defaults to 'localhost:8200'.
* mount - The mount at which secrets can be found. Defaults to 'secret'.
* namespace - A namespace for secrets. This path will be prepended to all get/set requests. Defaults to ''.
* tokenPath - The local file path to a file containing the Vault token. Defaults to '/tmp/token'.
* requestOptions - Options passed to the underlying [Request library](https://github.com/request/request). The options can be overriden on a per-request basis by passing an optional final parameter to any of the service or client methods. This will be used to set up TLS.#### Mount vs Namespace
The mount is the underlying Vault path at which secrets are stored. By default this is `secret`. So all of your secrets would be stored at an address like: `http://localhost:8200/secret/`. This can be configured differently per Vault instance.
The namespace is an addition on this path to organize your secrets. Your service may share a Vault instance with other services. The namespace could then be your service name. All your secrets would be stored at: `http://localhost:8200/secret//`.
#### Data Formatting
When a secret is written to Vault the value you set will be wrapped in an object of this form:
```typescript
{
"value": value
}
```When reading values with VaultClient objects of this form are assumed. If there is no value property an exception will be raised. When performing a get only the value of the value key will be returned. This allows get and set methods to operate on primitive values.
#### Example
```typescript
import { IHVConfig, VaultClient } from '@creditkarma/vault-client'const options: IHVConfig = {
apiVersion: 'v1',
protocol: 'http',
destination: 'localhost:8200',
mount: 'secret',
namespace: '',
tokenPath: '/tmp/token',
requestOptions: {
headers: {
host: 'localhost'
}
}
}
const client: VaultClient = new VaultClient(options)// Because we set a namespace this is actually written to 'secret/key'
client.set('key', 'value').then(() => {
// value successfully written
client.get('key').then((val: string) => {
// val = 'value'
})
})
```### VaultService
VaultService provides more direct access to the raw Vault HTTP API. Method arguments and method return types conform to the [HTTP Vault API](https://www.vaultproject.io/api/).
#### Options
VaultService accepts a sub-set of the options that VaultClient accepts:
* apiVersion
* protocol
* destination
* requestOptions#### Example
Like VaultClient all methods return Promises.
```typescript
import { IServiceConfig, VaultService } from '@creditkarma/vault-client'const options: IServiceConfig = {
apiVersion: 'v1',
protocol: 'http',
destination: 'localhost:8200',
requestOptions: {
headers: {
host: 'localhost'
}
}
}
const service: VaultService = new VaultService(options)service.status()
service.init({ secret_shares: 1, secret_threshold: 1 })
service.unseal({ key: 'key', reset: true })
service.read(path, token)
service.write(path, value, token)
```## Running Tests
The good ol' `npm test` will work. However, running tests requires a running Vault server. This is done with [docker](https://www.docker.com/). If you don't have `docker-compose` on your system you will be unable to run tests. Make sure you have docker.
```sh
$ npm test
```You can spin up the Vault server without running tests:
```sh
$ npm run build && npm run docker
```## Contributing
For more information about contributing new features and bug fixes, see our [Contribution Guidelines](https://github.com/creditkarma/CONTRIBUTING.md).
External contributors must sign Contributor License Agreement (CLA)## License
This project is licensed under [Apache License Version 2.0](./LICENSE)