Skip to content
/ vault-admin Public

A utility for configuring Vault audit devices, auth methods, policies, and secrets engines as code

License

MIT license
12 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PremiereGlobal/vault-admin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
docs/secrets-engines
docs/secrets-engines
 
 
examples
examples
 
 
pkg
pkg
 
 
scripts
scripts
 
 
test
test
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
audit_devices.go
audit_devices.go
 
 
auth_methods.go
auth_methods.go
 
 
auth_methods_jwt.go
auth_methods_jwt.go
 
 
auth_methods_ldap.go
auth_methods_ldap.go
 
 
auth_methods_userpass.go
auth_methods_userpass.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
policies.go
policies.go
 
 
rotate-creds.go
rotate-creds.go
 
 
secrets-engines-aws.go
secrets-engines-aws.go
 
 
secrets-engines-database.go
secrets-engines-database.go
 
 
secrets-engines-identity.go
secrets-engines-identity.go
 
 
secrets-engines.go
secrets-engines.go
 
 
task.go
task.go
 
 
types.go
types.go
 
 
utils.go
utils.go
 
 

Repository files navigation

Vault Admin Build Status

This utility configures Vault audit devices, auth methods, policies and secrets engines by syncing with a set of standard JSON configuration files.

Installation

This utility can be used via Docker or the CLI.

CLI

Download and extract the latest binary for your OS on the releases page

Run vadmin <flags>. See below for a description of the command line flags.

Docker

The Docker container must be run in interactive mode with the -it parameter because it prompts for things like policy deletion, etc.

docker run \
  --rm \
	-it \
	-e VAULT_ADDR=https://vault.mysite.com:8200 \
	-e VAULT_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
	-v $(pwd)/config:/config
	premiereglobal/vault-admin:latest

Map wherever you have your Vault Admin configuration files to /config within the container.

Options

All options can be set via environment variables or command line options

Environment Variable Command Line Flags Description
CONFIGURATION_PATH --configuration-path, -c Path to the configuration files
VAULT_ADDR --vault-addr, -a Vault address (example: https://vault.mysite.com:8200)
VAULT_TOKEN --vault-token, -t Vault token to use
VAULT_SKIP_VERIFY --vault-skip-verify, -K Skip Vault TLS certificate verification
VAULT_SECRET_BASE_PATH --vault-secret-base-path, -s Base secret path, in Vault, to pull secrets for substitution. Defaults to secret/vault-admin
--rotate-creds, -r Perform key rotation on AWS secret engines
DEBUG --debug, -d Turn on debug logging
--version, -v Show version information

Configuration Files

The configuration files are what drive how Vault is configured. See the examples/ directory for more information on how to set up the configuration.

About

A utility for configuring Vault audit devices, auth methods, policies, and secrets engines as code

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

12 stars

Watchers

7 watching

Forks

4 forks
Report repository

Releases 12

0.5.0 Latest
May 13, 2020
+ 11 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages