1
0
Fork 0
mirror of https://github.com/Luzifer/vault2env.git synced 2024-12-20 12:11:19 +00:00
Small utility to transfer fields of a key in Vault into the environment
Find a file
Knut Ahlers e16c0b1650
Switch to go modules support
Squashed commit of the following:

commit a3551c66844d738ebcb18a43aac0d5f0d2715bc7
Author: Knut Ahlers <knut@ahlers.me>
Date:   Sun Oct 18 14:34:57 2020 +0200

    Update repo-runner config

    Signed-off-by: Knut Ahlers <knut@ahlers.me>

commit 14fc9758af2430b682ed92be2f07d4a22b682c92
Author: Knut Ahlers <knut@ahlers.me>
Date:   Sun Oct 18 14:33:57 2020 +0200

    Add go modules support

    Signed-off-by: Knut Ahlers <knut@ahlers.me>

commit 470a445ff7a9cbaa32cfdcc3440050e407e59e1e
Author: Knut Ahlers <knut@ahlers.me>
Date:   Sun Oct 18 14:33:39 2020 +0200

    Remove old Gopkg dep management

    Signed-off-by: Knut Ahlers <knut@ahlers.me>

commit d6f31b6d845aa26f860552bd7501f4f0f844f38b
Author: Knut Ahlers <knut@ahlers.me>
Date:   Sun Oct 18 14:25:49 2020 +0200

    Remove vendored libs

    Signed-off-by: Knut Ahlers <knut@ahlers.me>

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2020-10-18 14:37:22 +02:00
.gitignore First version 2016-05-29 01:35:17 +02:00
.repo-runner.yaml Switch to go modules support 2020-10-18 14:37:22 +02:00
go.mod Switch to go modules support 2020-10-18 14:37:22 +02:00
go.sum Switch to go modules support 2020-10-18 14:37:22 +02:00
History.md prepare release v2.0.0 2018-11-28 20:32:54 +01:00
LICENSE Fix license file 2018-11-28 20:31:10 +01:00
main.go Switch to go modules support 2020-10-18 14:37:22 +02:00
Makefile Add github publishing 2016-11-21 20:13:41 +01:00
obfuscator.go [#2] Implement obfuscation of secrets in output #3 2018-11-28 20:25:11 +01:00
README.md Link to usage examples in Wiki 2018-10-04 12:58:23 +02:00
transform_sets.go Add predefined transform sets 2018-01-18 21:17:19 +01:00

Go Report Card

Luzifer / vault2env

vault2env is a really small utility to transfer fields of a key in Vault into the environment. It uses the app-role or simple token authentication to identify itself with the Vault server, fetches all fields in the specified keys and returns export directives for bash / zsh. That way you can do eval stuff and pull those fields into your ENV. If you don't want to use export directives you also can pass commands to vault2env to be executed using those environment variables.

Usage

In general this program can either output your ENV variables to use with eval or similar or it can run a program with populated environment.

$ vault2env --key=<secret path> <command>
<program is started, you see its output>

$ vault2env --export --key=<secret path>
export ...

For further examples and "special cases" see the Wiki: Usage Examples

Using evironment variables

# export VAULT_ADDR="https://127.0.0.1:8200"
# export VAULT_ROLE_ID="29c8febe-49f5-4620-a177-20dff0fda2da"
# export VAULT_SECRET_ID="54d24f66-6ecb-4dcc-bdb7-0241a955f1df"
# vault2env --export --key=secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"

# eval $(vault2env --export --key=secret/my/path/with/keys)
# echo "${FIRST_KEY}"
firstvalue

Using CLI parameters

The command does differ only with its parameters specified for the different authentication mechanisms:

  • When using AppRole you need to specify --vault-role-id and optionally --vault-secret-id if you're using the bind_secret_id flag for your AppRole
  • When using Token auth only specify --vault-token
# vault2env --vault-addr="..." --vault-app-id="..." --vault-user-id="..." --key=secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"

Though it's possible to use CLI parameters I strongly recommend to stick to the ENV variant as it's possible under certain conditions to read CLI parameters on a shared system using for example ps aux.


project status