envault

README

envault

A CLI tool that injects vault secrets into your application process.

The goal of this CLI is to inject those secrets into the application's enviornment variables, removing the overhead of managing them in CI/CD enviornment for example. The tool is very similar to the infisical CLI that can be found here. The difference is that infisical CLI interacts with a dedicated infisical platform.

How to use it?

Make sure that you have a vault instance running with secret engine in place. By design, the secret engine can be used as a environment for app secrets (dev, prod...). To enable a secret engine in vault, you can do the following:

vault secrets enable -path=dev-secrets kv

And in order to interact with this secret engine (puting and getting data), you can do:

Put

vault kv put dev-secrets/api_key sh.efefe65487sd4654b

Get

vault kv get dev-secrets/api_key

For more details about the secret engines, you can checkout the official documentation here.

envault

For now, envault has only one command which is the run command, which allows you to spin up application process with secrets injected in its environment.

Make sure that VAULT_ADDR and a valid VAULT_TOKEN variables are set, which point to vault api address and a valid vault token with valid access rights.

To spin a process, use the following

envault run --env=<env> --path=<secret-path> -- npm start

• env is the env to pull secrets from. It's the secret engine name in vault's terminology.
• <secret-path> is vault path to secrets data.