Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/designtesbrot/moleculer-vault

🔑A Moleculer Service for HashiCorp's Vault 🔑
https://github.com/designtesbrot/moleculer-vault

moleculer

Last synced: 3 months ago
JSON representation

🔑A Moleculer Service for HashiCorp's Vault 🔑

Awesome Lists containing this project

README 

        
[![Moleculer logo](http://moleculer.services/images/banner.png)](https://github.com/moleculerjs/moleculer)

[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fdesigntesbrot%2Fmoleculer-vault.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fdesigntesbrot%2Fmoleculer-vault?ref=badge_shield)



[![Build Status](https://travis-ci.com/designtesbrot/moleculer-vault.svg?branch=master)](https://travis-ci.com/designtesbrot/moleculer-vault)

[![Coverage Status](https://coveralls.io/repos/github/designtesbrot/moleculer-vault/badge.svg?branch=master)](https://coveralls.io/github/designtesbrot/moleculer-vault?branch=master)

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/eebf58adbe2c4d21b274092a802191da)](https://www.codacy.com/app/designtesbrot/moleculer-vault?utm_source=github.com&utm_medium=referral&utm_content=designtesbrot/moleculer-vault&utm_campaign=Badge_Grade)

[![Maintainability](https://api.codeclimate.com/v1/badges/df5f0f2c69ec9361d793/maintainability)](https://codeclimate.com/github/designtesbrot/moleculer-vault/maintainability)

[![Known Vulnerabilities](https://snyk.io/test/github/designtesbrot/moleculer-vault/badge.svg)](https://snyk.io/test/github/designtesbrot/moleculer-vault)

[![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/3351a0953a3bfcf7b64a)

[![npm version](https://badge.fury.io/js/moleculer-vault.svg)](https://badge.fury.io/js/moleculer-vault)



# Vault Service for the Moleculer framework



This Services provides actions for communicating with a [Vault Server](https://www.vaultproject.io/). Vault is a tool for 

securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, 

or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

The goal of this package is to provide actions for accessing and managing secrets using a connected vault server.



## Features



The following List details which features are implemented



- Connect to the Vault on startup

- Obtain the health status of the Vault

- Mount Management

- Write, Read and Delete Secrets from the Vault



## Roadmap



The following List details which features will potentially be implemented



- Seal and Unseal the Vault

- Audit Management

- Auth Management

- Policy Management



## Install



This package is available in the npm-registry. In order to use it simply install it with yarn (or npm):



```bash

yarn add moleculer-vault

```



## Usage



To make use of this Service, simply require it and create a new service:



```js

let { ServiceBroker } = require("moleculer");

let VaultService = require("moleculer-vault");



let broker = new ServiceBroker({ logger: console });



// Create a service

broker.createService({

    mixins: VaultService,

    settings: {

        endpoint: "http://my-vault:8200",

    }

});



// Start server

broker.start().then(() => broker.call('vault.health'));

```



For a more indepth example checkout out the `examples folder`. It includes a docker-compose file, running `docker-compose up` will boot a broker with a vault service and a vault server.

All vault service actions are exposed on the API (which you should never do in real live!!!). You can run `curl http://localhost:3000/vault/health` for example.

This project includes a [published postman collection](https://app.getpostman.com/run-collection/3351a0953a3bfcf7b64a) enabling you to quickly explore the service in your local environment.



## Settings



| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `apiVersion` | `String` | **required** | Which API Version of the Vault to use. |

| `endpoint` | `String` | **required** | Where to find the Vault. |

| `token` | `String` | `null` | Which token to use for authenticating against the Vault |

| `waitForInitializationAttempts` | `Number` | **required** | When starting, the service will connect to the Vault. When the Vault is not initialized, it will by default request the initialization status up to 5 times |

| `waitForInitializationInterval` | `Number` | **required** | When starting, the service will connect to the Vault. When the Vault is not initialized, it will by wait for 1 second before requesting the initialization status again |



## Actions



## `health` 



Obtain the Vaults Health.



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

*No input parameters.*



### Results

**Type:** `Object`



The Vaults Health Status.



## `mounts` 



Obtain all mounts of the Vault



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

*No input parameters.*



### Results

**Type:** `Array.`



## `mount` 



Mount a new secret store at a given path



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `mount_point` | `String` | **required** | Specifies the path where the secrets engine will be mounted. |

| `type` | `String` | **required** | Specifies the type of the backend, such as "aws". |

| `description` | `String` | - | Specifies the human-friendly description of the mount. |

| `config` | `Object` | - | Specifies configuration options for this mount. |

| `options` | `Object` | - | Specifies mount type specific options that are passed to the backend. |

| `local` | `Boolean` | `false` | ENTERPRISE ONLY: Specifies if the secrets engine is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication. |

| `seal_wrap` | `Boolean` | `false` | ENTERPRISE ONLY: Enable seal wrapping for the mount. |



### Results

**Type:** `undefined`



## `remount` 



Remount a mount to a different Path



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `from` | `String` | **required** | Specifies the previous mount point. |

| `to` | `String` | **required** | Specifies the new destination mount point. |



### Results

**Type:** `undefined`



## `unmount` 



Unmount a mount from a path



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `mount_point` | `String` | **required** | Specifies the path where the secrets engine will be mounted. |



### Results

**Type:** `undefined`



## `write` 



Write data to a Vault Backend



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `path` | `String` | **required** | Specifies the path to write to |

| `data` | `Object` | **required** | The data to write. Schema of this object

        depends on the backend that is mounted at the given path |

| `requestOptions` | `Object` | - | Additional request Options that

        are passed to the request-promise-native underneath |



### Results

**Type:** `Object`



Schema depends on the backend that is mounted at

        the given path



## `read` 



Write data from a Vault Backend



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `path` | `String` | **required** | Specifies which data to read |

| `requestOptions` | `Object` | - | Additional request Options that

        are passed to the request-promise-native underneath |



### Results

**Type:** `Object`



Schema depends on the backend that is mounted at

        the given path



## `list` 



List data from a Vault Backend



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `path` | `String` | **required** | Specifies which data to list |

| `requestOptions` | `Object` | - | Additional request Options that

        are passed to the request-promise-native underneath |



### Results

**Type:** `Object`



Schema depends on the backend that is mounted at

        the given path



## `delete` 



Delete data from a Vault Backend



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `path` | `String` | **required** | Specifies which data to read |

| `requestOptions` | `Object` | - | Additional request Options that

        are passed to the request-promise-native underneath |



### Results

**Type:** `Object`



Schema depends on the backend that is mounted at

        the given path



## `help` 



Obtain help from a Vault Backend



### Parameters

| Property | Type | Default | Description |

| -------- | ---- | ------- | ----------- |

| `path` | `String` | **required** | Specifies for what to obtain help |

| `requestOptions` | `Object` | - | Additional request Options that

        are passed to the request-promise-native underneath |



### Results

**Type:** `Object`



Schema depends on the backend that is mounted at

        the given path



## Test

```

$ docker-compose exec package yarn test

```



In development with watching



```

$ docker-compose up

```



## License

moleculer-vault is available under the [MIT license](https://tldrlegal.com/license/mit-license).



[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fdesigntesbrot%2Fmoleculer-vault.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fdesigntesbrot%2Fmoleculer-vault?ref=badge_large)