Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/samhammerag/vault-client-sag
Supports loading configurations from hashicorp vault for JS projects of Samhammer.
https://github.com/samhammerag/vault-client-sag
Last synced: 23 days ago
JSON representation
Supports loading configurations from hashicorp vault for JS projects of Samhammer.
- Host: GitHub
- URL: https://github.com/samhammerag/vault-client-sag
- Owner: SamhammerAG
- License: mit
- Created: 2023-04-11T11:08:53.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-08-30T13:42:17.000Z (4 months ago)
- Last Synced: 2024-09-29T05:59:16.898Z (3 months ago)
- Language: TypeScript
- Homepage:
- Size: 501 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vault-client-sag
This library can be used if you want to load specific keys from vault, but works only for interal usage of Samhammer.
It uses specific authentication logic:
- Locally: Uses the url and token returned by sagctl
- Kubernetes: Does a kubernetes role auth## Prerequirements:
### Locally
Sagctl has to be installed: https://samhammer.atlassian.net/wiki/spaces/K8S/pages/158793743/How+to+use+sagctl
### In the cluster
Use following environment variables for this configuration:
- VaultUrl: With the url to vault (required)
- VaultKubernetesRole: The vault role of the application (required)### With AppRole (e.g. for github actions)
Use following environment variables for this configuration:
- VaultUrl: With the url to vault (required)
- VaultAppRoleId: The vault role id of the application (required)
- VaultAppRoleSecretId: The vault secret id (password) of the application (required)## How to add:
- add this package to package.json of your project: https://www.npmjs.com/package/@samhammer/vault-client-sag
## How to use:
Sample with Javascript:
```js
const { getVault } = require("@samhammer/vault-client-sag");const vaultMap = {
[`VaultKey--kv-v2/data/MySecret/Username`]: "UserName",
[`VaultKey--kv-v2/data/MySecret/Password`]: "Password",
};getVault()
.then(vault => vault.loadSecretsToEnv(vaultMap));
.then(() => console.log(`Username: ${process.env.UserName} Password: ${process.env.Password}`);
```Sample with Typescript:
```ts
import { getVault } from "@samhammer/vault-client-sag";const vaultMap = {
[`VaultKey--kv-v2/data/MySecret/Username`]: "UserName",
[`VaultKey--kv-v2/data/MySecret/Password`]: "Password"
};const vault = await getVault();
await vault.loadSecretsToEnv(vaultMap);
console.log(`Username: ${process.env.UserName} Password: ${process.env.Password}`);
```## Configuration:
Available Options:
- Timeout in milliseconds (default: 3000 )
- as param `getVault({ timeout: 5000 })`
- as env variable `VaultTimeout = 5000`## How to publish
- Increase version by 'yarn version' command on local machine. This updates package.json and creates tag
- Check github action to validated, that package was released to npm registry.