vaulter-white

command module

v0.2.1 Latest Latest Go to latest Published: Dec 10, 2018 License: MPL-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cosmonawt/vaulter-white

Links

Open Source Insights

README ¶

vaulter-white

A tool to pass Vault secrets to other processes via environment variables.

About

vaulter-white reads secrets from Vault and passes them into a newly spawned process using environment variables. It is particularly useful in containerized applications. For example it can be set as the ENTRYPOINT in a Docker container to retrieve production Keys for your App. After loading the secrets into the environment (while also including all existing variables) it will replace itself with a freshly spawned instance of the configurable process.

Note: At the moment only AppRole authentication is supported.

Configuration

vaulter-white is configured via vaulter-white.yaml which will be read from the current directory if not specified otherwise using the -c flag.

Example:

command: ["bash", "-c", "env"]         # Specifies the command to run after loading the secrets.
host: http://vault.rocks:8200          # Host of Vault server.
hostEnv: HOST                          # If "host" is not set, it will be read from this environment variable.
roleId: myAppRole                      # RoleID for AppRole Authentication in Vault.
roleIdEnv: ROLE_ID                     # If "roleId" is not set, it will be read from this environment variable.
secretId: mySuperSecretId              # SecretID for AppRole Authentication in Vault.
secretIdEnv: SECRET_ID                 # If "secretId" is not set, it will be read from this environment variable.
secretMount: /secret/appConfig/        # "secretMount" contains the path to the secret backend holding your keys in Vault.
secrets:                               # "secrets" is a collection of environment variable name overrides for each key.
  awsConfig:
    region: AWS_REGION
    access_key_id: AWS_KEY_ID
    secret_access_key: AWS_SECRET_KEY
  googleAPI:
    apiKey: GOOGLE_API_KEY

command is optional and can be passed as command line argument as well (for example: vaulter-white -c config.yaml bash -c env).
host will be read from the environment if not set (either by looking at hostEnv or using VAULT_HOST as a fallback). This makes it easy to include vaulter-white in Docker images that are built by CI.
secretId will also be read from the environment if not set (either by looking at secretIdEnv or using VAULT_SECRET_ID as a fallback).
roleId will also be read from the environment if not set (either by looking at roleIdEnv or using VAULT_ROLE_ID as a fallback).
secrets is optional as well. Any keys not listed there will be exported as SECRETNAME_KEY=value.

Note: Secret values should always store flat data types and no marshaled data (e.g JSON Objects). Values that are not strings will be exported as JSON.

Run

To pass the configuration use the -c flag: vaulter-white -c configuration.yaml If no command was specified in the configuration it should be passed as a commandline argument: vaulter-white -c config.yaml bash -c env

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
conf
vault

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL