https://github.com/ktsstudio/yamlvault
Get Vault values to YAML documents
https://github.com/ktsstudio/yamlvault
Last synced: about 1 year ago
JSON representation
Get Vault values to YAML documents
- Host: GitHub
- URL: https://github.com/ktsstudio/yamlvault
- Owner: ktsstudio
- License: mit
- Created: 2022-03-10T19:20:47.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2022-04-02T15:06:03.000Z (about 4 years ago)
- Last Synced: 2025-03-25T03:34:44.417Z (about 1 year ago)
- Language: Go
- Homepage:
- Size: 42 KB
- Stars: 7
- Watchers: 5
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# yamlvault
Utility to transform yaml document containing references to secrets in
HashiCorp Vault by their respective values and generate a new yaml document.
Possible usages include transforming of Helm values.
## Syntax
If you want a value to be replaced it must be of the following format:
```yaml
key: vault::
```
It also can be an array element:
```yaml
some_array_key:
- value1
- vault::
- value3
```
where `vault_path` is the path where secret can be fetched and `vault_key` -
key in the Vault secret
## Usage
### Decrypt
```text
Usage:
yamlvault decrypt [flags]
Flags:
-h, --help help for decrypt
-i, --input string Input file (default "-")
-o, --output string Output file (default "-")
```
values.yaml:
```yaml
env:
POSTGRES_USER: vault:/secret/data/myapp/pg:username
POSTGRES_PASSWORD: vault:/secret/data/myapp/pg:password
POSTGRES_DATABASE: vault:/secret/data/myapp/pg:db
MONGO_USER: vault:/mongodb/creds/mymongo:username
MONGO_PASSWORD: vault:/mongodb/creds/mymongo:password
```
Command:
```bash
% export VAULT_TOKEN="your-vault-token"
$ yamlvault decrypt --input ./vaules.yaml --output ./values.yaml.dec
```
You can also read directly from stdin and write to stdout (which is actually a default behaviour):
```bash
$ cat values.yaml | yamlvault decrypt > values.yaml.dec
```
values.yaml.dec:
```yaml
env:
POSTGRES_USER: myapp_user
POSTGRES_PASSWORD: superpaswword
POSTGRES_DATABASE: myapp
MONGO_USER: v-approle-mymongo-we1PN0hdcx3JcLT-16489110
MONGO_PASSWORD: E-OrMjjgln...
```
As you can see you can also use dynamic secrets (`MONGO_USER` & `MONGO_PASSWORD`)
## Docker
Also available as a docker image:
```bash
$ docker run ktshub/yamlvault
```