1
0
Fork 0
mirror of https://github.com/Luzifer/vault2env.git synced 2024-11-09 08:40:06 +00:00
Small utility to transfer fields of a key in Vault into the environment
Find a file
2016-05-29 02:23:32 +02:00
Godeps First version 2016-05-29 01:35:17 +02:00
vendor First version 2016-05-29 01:35:17 +02:00
.gitignore First version 2016-05-29 01:35:17 +02:00
History.md Prepared release v0.3.1 2016-05-29 02:23:32 +02:00
LICENSE First version 2016-05-29 01:35:17 +02:00
main.go Fix: Remove program name from program args 2016-05-29 02:23:19 +02:00
README.md Enable token auth 2016-05-29 02:17:04 +02:00

Download on GoBuilder License: Apache v2.0 Go Report Card

Luzifer / vault2env

vault2env is a really small utility to transfer fields of a key in Vault into the environment. It uses the app-id authentication mechanism or simple token authentication to identify itself with the Vault server, fetches all fields in the specified key and returns export directives for bash / zsh. That way you can do eval stuff and pull those fields into your ENV.

Usage

In general this program can either output your ENV variables to use with eval or similar or it can run a program with populated environment.

# vault2env [secret path] [command]
<program is started, you see its output>

# vault2env --export [secret path]
export ...

Using evironment variables

# export VAULT_ADDR="https://127.0.0.1:8200"
# export VAULT_APP_ID="29c8febe-49f5-4620-a177-20dff0fda2da"
# export VAULT_USER_ID="54d24f66-6ecb-4dcc-bdb7-0241a955f1df"
# vault2env secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"
# eval $(vault2env secret/my/path/with/keys)
# echo "${FIRST_KEY}"
firstvalue

Using CLI parameters

# vault2env --vault-addr="..." --vault-app-id="..." --vault-user-id="..." secret/my/path/with/keys
export FIRST_KEY="firstvalue"
export SECOND_KEY="secondvalue"

Though it's possible to use CLI parameters I strongly recommend to stick to the ENV variant as it's possible under certain conditions to read CLI parameters on a shared system using for example ps aux.

Using a token instead of app-id authentication

This is quite simple: Omit parameters --vault-app-id and --vault-user-id and their respective ENV variables but set VAULT_TOKEN or --vault-token.