Skip to content
/ vaultex Public
forked from findmypast/vaultex

Read only HashiCorp Vault client for Elixir.

0 stars 38 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

paywithcurl/vaultex

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
config
config
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 
run_tests.sh
run_tests.sh
 
 

Repository files navigation

Vaultex

Client for Vault

Installation

The package can be installed as:

  1. Add vaultex to your list of dependencies in mix.exs:
def deps do
  [{:vaultex, "~> 0.4.0"}]
end
  1. Ensure vaultex is started before your application:
def application do
  [applications: [:vaultex]]
end

Configuration

The vault endpoint can be specified with environment variables:

  • VAUL_ADDR
  • Or a specify individual parts of the url
    • VAULT_HOST
    • VAULT_PORT
    • VAULT_SCHEME

Or application variables:

  • :vaultex, :host
  • :vaultex, :port
  • :vaultex, :scheme

These default to localhost, 8200, http respectively.

Usage

To read a secret you must provide the path to the secret and the authentication backend and credentials you will use to login. See the Vaultex.Client.auth/2 docs for supported auth backends.

...
Vault.read("secret/foo", :userpass, {username, password}) #returns {:ok, %{"value" => bar"}}

Supported operations

Authentication

The following authentication methods are supported

  • :app_id {app_id, role_id}
  • :token {token}
  • :userpass {user, pass}
  • :ec2 {role} You need to also configure the vault nonce via VAULT_NONCE or the :vaultex, :nonce config.

Operations

Each operation has 2 interfaces, with and without auth information. The ones taking auth information will try to do the operation and authenticate and retry on failure. The others assume the client is already authenticated.

Read

Vaultex.Client.read(path, auth_method, auth_options)
Vaultex.Client.read(path)

Vaultex.Client.read(path, :userpass, {"username", "password"})
Vaultex.Client.read(path)

Write

Vaultex.Client.write(path, value, auth_method, auth_options)
Vaultex.Client.write(path, value)

Vaultex.Client.write(path, %{"test" => 123}, :token, {"1234-5678"})
Vaultex.Client.write(path, %{"test" => 123})

Token lookup

Vaultex.Client.token_lookup(token, auth_method, auth_options)
Vaultex.Client.token_lookup(token)

Token self lookup

Vaultex.Client.token_lookup_self(auth_method, auth_options)
Vaultex.Client.token_lookup_self()

Token renew

Vaultex.Client.token_renew(token, auth_method, auth_options)
Vaultex.Client.token_renew(token)

Token self renew

Vaultex.Client.token_renew_self(auth_method, auth_options)
Vaultex.Client.token_renew_self()

Get the token used by Vaultex

Vaultex.Client.client_token

Create a new token

Vaultex.Client.token_create(data, auth_method, auth_options)
Vaultex.Client.token_create(data)

KV Put

Vaultex.Client.kv_put(path, data, options, auth_method, auth_options)
Vaultex.Client.kv_put(path, data, options)

The path should be mount/data/path, on vault 0.8.3 and up the secret/ mount is kv so secret/data/my/secret

KV Get

Vaultex.Client.kv_get(path, version, auth_method, auth_options)
Vaultex.Client.kv_get(path, version)

The path should be mount/data/path, on vault 0.8.3 and up the secret/ mount is kv so secret/data/my/secret If version is nil it will fetch the latest version

Running the tests

Install the required dependencies

Run the tests

./run_tests.sh

About

Read only HashiCorp Vault client for Elixir.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Elixir 92.3%
  • Shell 6.5%
  • HCL 1.2%