vault2env/README.md

[![Go Report Card](https://goreportcard.com/badge/github.com/Luzifer/vault2env)](https://goreportcard.com/report/github.com/Luzifer/vault2env)
![](https://badges.fyi/github/license/Luzifer/vault2env)
![](https://badges.fyi/github/downloads/Luzifer/vault2env)
![](https://badges.fyi/github/latest-release/Luzifer/vault2env)

# Luzifer / vault2env

`vault2env` is a really small utility to transfer fields of a key in [Vault](https://www.vaultproject.io/) into the environment. It uses the [`app-role`](https://www.vaultproject.io/docs/auth/approle.html) or simple [token authentication](https://www.vaultproject.io/docs/auth/token.html) to identify itself with the Vault server, fetches all fields in the specified keys and returns export directives for bash / zsh. That way you can do `eval` stuff and pull those fields into your ENV. If you don't want to use export directives you also can pass commands to `vault2env` to be executed using those environment variables.

## Usage

In general this program can either output your ENV variables to use with `eval` or similar or it can run a program with populated environment.

```console
$ vault2env --key=<secret path> <command>
<program is started, you see its output>

$ vault2env --export --key=<secret path>
export ...
```

In case you have a command with arguments you need to separate the command using double dashes, which is a feature of your shell:

```console
$ vault2env --key=<secret path> -- <command with arguments>
```

This prevents `vault2env` from interpreting and complaining about the arguments passed to the sub-command.

### Using evironment variables  
```bash
# export VAULT_ADDR="https://127.0.0.1:8200"
# export VAULT_ROLE_ID="29c8febe-49f5-4620-a177-20dff0fda2da"
# export VAULT_SECRET_ID="54d24f66-6ecb-4dcc-bdb7-0241a955f1df"
# vault2env --export --key=secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"

# eval $(vault2env --export --key=secret/my/path/with/keys)
# echo "${FIRST_KEY}"
firstvalue
```

### Using CLI parameters  

The command does differ only with its parameters specified for the different authentication mechanisms:

- When using AppRole you need to specify `--vault-role-id` and optionally `--vault-secret-id` if you're using the `bind_secret_id` flag for your AppRole
- When using Token auth only specify `--vault-token`

```bash
# vault2env --vault-addr="..." --vault-app-id="..." --vault-user-id="..." --key=secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"
```

Though it's possible to use CLI parameters I strongly recommend to stick to the ENV variant as it's possible under certain conditions to read CLI parameters on a shared system using for example `ps aux`.

----

![project status](https://d2o84fseuhwkxk.cloudfront.net/vault2env.svg)
First version 2016-05-28 23:35:17 +00:00			`[![Go Report Card](https://goreportcard.com/badge/github.com/Luzifer/vault2env)](https://goreportcard.com/report/github.com/Luzifer/vault2env)`
Adjust buttons in README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-09-25 19:55:22 +00:00			`![](https://badges.fyi/github/license/Luzifer/vault2env)`
			`![](https://badges.fyi/github/downloads/Luzifer/vault2env)`
			`![](https://badges.fyi/github/latest-release/Luzifer/vault2env)`
First version 2016-05-28 23:35:17 +00:00
			`# Luzifer / vault2env`

Update README for new version Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-21 19:50:31 +00:00			`vault2env` is a really small utility to transfer fields of a key in [Vault](https://www.vaultproject.io/) into the environment. It uses the [`app-role`](https://www.vaultproject.io/docs/auth/approle.html) or simple [token authentication](https://www.vaultproject.io/docs/auth/token.html) to identify itself with the Vault server, fetches all fields in the specified keys and returns export directives for bash / zsh. That way you can do `eval` stuff and pull those fields into your ENV. If you don't want to use export directives you also can pass commands to `vault2env` to be executed using those environment variables.
First version 2016-05-28 23:35:17 +00:00
			`## Usage`

Added command execution in addition to execution 2016-05-29 00:04:23 +00:00			In general this program can either output your ENV variables to use with `eval` or similar or it can run a program with populated environment.

Add docs for sub-commands with arguments closes #1 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-10-03 21:25:02 +00:00			```console
			`$ vault2env --key=<secret path> <command>`
Added command execution in addition to execution 2016-05-29 00:04:23 +00:00			`<program is started, you see its output>`

Add docs for sub-commands with arguments closes #1 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-10-03 21:25:02 +00:00			`$ vault2env --export --key=<secret path>`
Added command execution in addition to execution 2016-05-29 00:04:23 +00:00			`export ...`
			```
First version 2016-05-28 23:35:17 +00:00
Add docs for sub-commands with arguments closes #1 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2018-10-03 21:25:02 +00:00			`In case you have a command with arguments you need to separate the command using double dashes, which is a feature of your shell:`

			```console
			`$ vault2env --key=<secret path> -- <command with arguments>`
			```

			This prevents `vault2env` from interpreting and complaining about the arguments passed to the sub-command.

Fix: README looked wrong 2016-05-28 23:37:17 +00:00			`### Using evironment variables`
			```bash
First version 2016-05-28 23:35:17 +00:00			`# export VAULT_ADDR="https://127.0.0.1:8200"`
Update README for new version Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-21 19:50:31 +00:00			`# export VAULT_ROLE_ID="29c8febe-49f5-4620-a177-20dff0fda2da"`
			`# export VAULT_SECRET_ID="54d24f66-6ecb-4dcc-bdb7-0241a955f1df"`
			`# vault2env --export --key=secret/my/path/with/keys`
First version 2016-05-28 23:35:17 +00:00			`export FIRST_KEY="firstvalue"`
			`export SECOND_KEY="secondvalue"`
Update README for new version Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-21 19:50:31 +00:00
			`# eval $(vault2env --export --key=secret/my/path/with/keys)`
First version 2016-05-28 23:35:17 +00:00			`# echo "${FIRST_KEY}"`
			`firstvalue`
			```
Fix: README looked wrong 2016-05-28 23:37:17 +00:00
			`### Using CLI parameters`
Add support for AppRole authentication 2016-09-17 23:16:31 +00:00
			`The command does differ only with its parameters specified for the different authentication mechanisms:`

			- When using AppRole you need to specify `--vault-role-id` and optionally `--vault-secret-id` if you're using the `bind_secret_id` flag for your AppRole
			- When using Token auth only specify `--vault-token`

Fix: README looked wrong 2016-05-28 23:37:17 +00:00			```bash
Update README for new version Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-21 19:50:31 +00:00			`# vault2env --vault-addr="..." --vault-app-id="..." --vault-user-id="..." --key=secret/my/path/with/keys`
First version 2016-05-28 23:35:17 +00:00			`export FIRST_KEY="firstvalue"`
			`export SECOND_KEY="secondvalue"`
			```

			Though it's possible to use CLI parameters I strongly recommend to stick to the ENV variant as it's possible under certain conditions to read CLI parameters on a shared system using for example `ps aux`.
Embed project status into README Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-22 20:24:28 +00:00
			`----`

			`![project status](https://d2o84fseuhwkxk.cloudfront.net/vault2env.svg)`