https://github.com/faradayio/credentials_to_env

Downloads credentials from Hashicorp's Vault, and writes them to env vars and/or files before executing another process.
https://github.com/faradayio/credentials_to_env

Last synced: 10 months ago
JSON representation

Downloads credentials from Hashicorp's Vault, and writes them to env vars and/or files before executing another process.

• Host: GitHub
• URL: https://github.com/faradayio/credentials_to_env
• Owner: faradayio
• License: apache-2.0
• Created: 2016-03-23T09:41:08.000Z (about 10 years ago)
• Default Branch: master
• Last Pushed: 2019-02-28T02:52:24.000Z (over 7 years ago)
• Last Synced: 2025-05-27T07:12:57.448Z (about 1 year ago)
• Language: Rust
• Homepage:
• Size: 63.5 KB
• Stars: 38
• Watchers: 6
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE-APACHE.txt

Awesome Lists containing this project

README

          
# `credentials-to-env`: Fetch secrets from Hashicorp's vault or elsewhere before `exec`ing a program

[![Latest version](https://img.shields.io/crates/v/credentials_to_env.svg)](https://crates.io/crates/credentials_to_env) [![License](https://img.shields.io/crates/l/credentials_to_env.svg)](http://www.apache.org/licenses/LICENSE-2.0) [![Build Status](https://travis-ci.org/faradayio/credentials_to_env.svg?branch=master)](https://travis-ci.org/faradayio/credentials_to_env)

[Static binary releases](https://github.com/faradayio/credentials_to_env/releases)

Do you have a pre-existing program that assumes that it will receive

secrets in either environment variables or files on disk?  Would you like

to convert that program to work with Hashicorp's [Vault][]?

First run:

```sh

cargo install credentials_to_env

```

Then create a file named `Secretfile` explaining where in Vault the

individual secrets can be found:

    # Set environment variables based on Vault secrets.

    DOCKER_HUB_USER secret/docker_hub:user

    DOCKER_HUB_PASSWORD secret/docker_hub:password

    DOCKER_HUB_EMAIL secret/docker_hub:email

    # Create SSL key files based on Vault secrets.

    >$HOME/.docker/ca.pem secret/docker:ca_pem

    >$HOME/.docker/cert.pem secret/docker:cert_pem

    >$HOME/.docker/key.pem secret/docker:key_pem

Finally, prefix the invocation of your program with `credentials-to-env`:

```sh

credentials-to-env myprogram arg1 arg2

```

This will automatically fetch secrets from Vault (or any other backend

supported by [credentials][]) and write them to the specified environment

variables or files.

You can also override `credentials-to-env` by passing in the secrets

yourself, which is handy if you call `credentials-to-env` inside a Docker

container, but want to temporarily override the secrets you'd get from

Vault.

## Development notes

Pull requests are welcome!  If you're not sure whether your idea would fit

into the project's vision, please feel free to file an issue and ask us.

**To build, you'll need to set up your OpenSSL paths first,** as described

by the [Rust OpenSSL](https://github.com/sfackler/rust-openssl#osx)

project.

**To make an official release,** you need to be a maintainer, and you need

to have `cargo publish` permissions.  If this is the case, first edit

`Cargo.toml` to bump the version number, then regenerate `Cargo.lock`

using:

```sh

cargo build

```

Commit the release, using a commit message of the format:

```txt

v: 

```

Then run:

```

git tag v$VERSION

git push; git push --tags

cargo publish

```

This will rebuild the official binaries using Travis CI, and upload a new version of

the crate to [crates.io](https://crates.io/).

[Vault]: https://www.vaultproject.io/

[credentials]: http://docs.randomhacks.net/credentials/