GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → matthewoden → Libvault

matthewoden / Libvault

Licence: other
A flexible, configurable vault library.

Programming Languages

elixir
2628 projects

Labels

vault

Projects that are alternatives of or similar to Libvault

Chezmoi
Manage your dotfiles across multiple diverse machines, securely.
Stars: ✭ 5,590 (+16839.39%)
Mutual labels:  vault
Mt Aws Glacier
Perl Multithreaded Multipart sync to Amazon Glacier
Stars: ✭ 522 (+1481.82%)
Mutual labels:  vault
Vault2env
Small utility to transfer fields of a key in Vault into the environment
Stars: ✭ 6 (-81.82%)
Mutual labels:  vault
Vault
swiss army knife for hackers
Stars: ✭ 346 (+948.48%)
Mutual labels:  vault
Vault On Gke
Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform
Stars: ✭ 453 (+1272.73%)
Mutual labels:  vault
Konfig
Composable, observable and performant config handling for Go for the distributed processing era
Stars: ✭ 597 (+1709.09%)
Mutual labels:  vault
Cryptr
Cryptr: a GUI for Hashicorp's Vault
Stars: ✭ 324 (+881.82%)
Mutual labels:  vault
Datasafe
Datasafe - flexible and secure data storage and document sharing using cryptographic message syntax for data encryption
Stars: ✭ 32 (-3.03%)
Mutual labels:  vault
Testcontainers Spring Boot
Container auto-configurations for spring-boot based integration tests
Stars: ✭ 460 (+1293.94%)
Mutual labels:  vault
Fabio
Consul Load-Balancing made simple
Stars: ✭ 6,834 (+20609.09%)
Mutual labels:  vault
Node Vault
Client for HashiCorp's Vault
Stars: ✭ 391 (+1084.85%)
Mutual labels:  vault
Vault
A tool for secrets management, encryption as a service, and privileged access management
Stars: ✭ 22,383 (+67727.27%)
Mutual labels:  vault
Vault Guides
Example usage of HashiCorp Vault secrets management
Stars: ✭ 636 (+1827.27%)
Mutual labels:  vault
Certify
Automatic client and server certificate distribution and maintenance
Stars: ✭ 341 (+933.33%)
Mutual labels:  vault
Kaudit
Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (-30.3%)
Mutual labels:  vault
Ansible Vault
ansible lookup plugin for secrets stored in Vault(by HashiCorp)
Stars: ✭ 335 (+915.15%)
Mutual labels:  vault
Consul
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
Stars: ✭ 23,723 (+71787.88%)
Mutual labels:  vault
Kubernetes Vault
Use Vault to store secrets for Kubernetes!
Stars: ✭ 966 (+2827.27%)
Mutual labels:  vault
Hvac
🔒 Python 2.7/3.X client for HashiCorp Vault
Stars: ✭ 839 (+2442.42%)
Mutual labels:  vault
Vault Operator
Run and manage Vault on Kubernetes simply and securely
Stars: ✭ 750 (+2172.73%)
Mutual labels:  vault
View All Similar Projects ➔

libvault

travis-ci.com hex.pm hex.pm hex.pm github.com

Highly configurable library for HashiCorp's Vault which handles authentication for multiple backends, and reading, writing, listing, and deleting secrets for a variety of engines.

When possible, it tries to emulate the CLI, with read, write, list and delete and auth methods. An additional request method is provided when you need further flexibility with the API.

HTML docs can be found at https://hexdocs.pm/libvault.

API Preview

{:ok, vault} =
  Vault.new(
    engine: Vault.Engine.KVV2,
    auth: Vault.Auth.UserPass
  )
  |> Vault.auth(%{username: "username", password: "password"})

{:ok, db_pass} = Vault.read(vault, "secret/path/to/password")

{:ok, %{"version" => 1 }} = Vault.write(vault, "secret/path/to/creds", %{secret: "secrets!"})

Configuration / Adapters

Hashicorp's Vault is highly configurable. Rather than cover every possible option, this library strives to be flexible and adaptable. Auth backends, Secret Engines, and HTTP clients are all replaceable, and each behaviour asks for a minimal contract.

HTTP Adapters

The following HTTP Adapters are provided:

Be sure to add applications and dependencies to your mix file as needed.

JSON Adapters

Most JSON libraries provide the same methods, so no default adapter is needed. You can use Jason, JSX, Poison, or whatever encoder you want.

Defaults to Jason or Poison if present.

See Vault.JSON.Adapter for the full behaviour interface.

Auth Adapters

Adapters have been provided for the following auth backends:

In addition to the above, a generic backend is also provided (Vault.Auth.Generic). If support for auth provider is missing, you can still get up and running quickly, without writing a new adapter.

Secret Engine Adapters

Most of Vault's Secret Engines use a replaceable API. The Vault.Engine.Generic adapter should handle most use cases for secret fetching.

Vault's KV version 2 broke away from the standard REST convention. So KV has been given its own adapter:

Additional request methods

The core library only handles the basics around secret fetching. If you need to access additional API endpoints, this library also provides a Vault.request method. This should allow you to tap into the complete vault REST API, while still benefiting from token control, JSON parsing, and other HTTP client niceties.

Installation and Usage

Installation

Ensure that any adapter dependencies have been included as part of your application's dependencies:

def deps do
  [
    {:libvault, "~> 0.2.0"},

    # tesla, required for Vault.HTTP.Tesla
    {:tesla, "~> 1.3.0"},

    # pick your HTTP client - Mint, iBrowse or hackney
    {:mint, "~> 0.4.0"},
    {:castore, "~> 0.1.0"},

    # Pick your json parser - Jason or Poison
    {:jason, ">= 1.0.0"}
  ]
end

Usage

vault =
  Vault.new([
    engine: Vault.Engine.KVV2,
    auth: Vault.Auth.UserPass,
    json: Jason,
    credentials: %{username: "username", password: "password"}
  ])
  |> Vault.auth()

{:ok, db_pass} = Vault.read(vault, "secret/path/to/password")
{:ok, %{"version" => 1 }} = Vault.write(vault, "secret/path/to/creds", %{secret: "secrets!"})

You can configure the vault client up front, or change configuration on the fly.

  vault =
    Vault.new()
    |> Vault.set_auth(Vault.Auth.Approle)
    |> Vault.set_engine(Vault.Engine.Generic)
    |> Vault.auth(%{role_id: "role_id", secret_id: "secret_id"})

  {:ok, db_pass} = Vault.read(vault, "secret/path/to/password")

  vault = Vault.set_engine(Vault.Engine.KVV2) // switch to versioned secrets

  {:ok, db_pass} = Vault.write(vault, "kv/path/to/password", %{ password: "db_pass" })

See the full Vault client for additional methods.

Testing Locally

When possible, tests run against a local vault instance. Otherwise, tests run against the Vault Spec, using bypass to test to confirm the success case, and follows vault patterns for failure.

  1. Install the Vault Go CLI https://www.vaultproject.io/downloads.html

  2. In the current directory, set up a local dev server with sh scripts/setup-local-vault

  3. Vault (at this time) can't be run in the background without a docker instance. For now, set up the local secret engine paths with sh scripts/setup-engines.sh

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].