GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → vietanhduong → vault-converter

vietanhduong / vault-converter

Licence: Apache-2.0 license
Support converting Vault Secrets to diffrent formats.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

vaultterraformhashicorp-vault

Projects that are alternatives of or similar to vault-converter

vault-token-helper
@hashicorp Vault Token Helper for macOS, Linux and Windows with support for secure token storage and multiple Vault servers 🔐
Stars: ✭ 74 (+393.33%)
Mutual labels:  vault, hashicorp-vault
vault-puppet
Using @hashicorp Vault with Puppet
Stars: ✭ 36 (+140%)
Mutual labels:  vault, hashicorp-vault
vault-consul-swarm
Deploy Vault and Consul with Docker Swarm
Stars: ✭ 20 (+33.33%)
Mutual labels:  vault, hashicorp-vault
puppet-vault
Puppet module to manage Vault (https://vaultproject.io)
Stars: ✭ 41 (+173.33%)
Mutual labels:  vault, hashicorp-vault
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Stars: ✭ 107 (+613.33%)
Mutual labels:  vault, hashicorp-vault
rundeck-vault-plugin
Development continues here:
Stars: ✭ 17 (+13.33%)
Mutual labels:  vault, hashicorp-vault
vault-demo
Walkthroughs and scripts for my @hashicorp Vault talks
Stars: ✭ 67 (+346.67%)
Mutual labels:  vault, hashicorp-vault
vault-consul-docker
Vault + Consul + Docker
Stars: ✭ 75 (+400%)
Mutual labels:  vault, hashicorp-vault
breakglass
A command line tool to provide login credentials from Hashicorp Vault
Stars: ✭ 33 (+120%)
Mutual labels:  vault, hashicorp-vault
pico
A Git-driven task runner built to facilitate GitOps and Infrastructure-as-Code while securely passing secrets to tasks.
Stars: ✭ 51 (+240%)
Mutual labels:  vault, hashicorp-vault
hookpick
A tool to manage some operational concepts of Hashicorp Vault
Stars: ✭ 83 (+453.33%)
Mutual labels:  vault, hashicorp-vault
letsencrypt-to-vault
Renew or get Let's Encrypt certificates and send it to Hashicorp Vault
Stars: ✭ 84 (+460%)
Mutual labels:  vault, hashicorp-vault
secrets cli
CLI for storing and reading your secrets via vault
Stars: ✭ 24 (+60%)
Mutual labels:  vault, hashicorp-vault
teamcity-hashicorp-vault-plugin
TeamCity plugin to support HashiCorp Vault
Stars: ✭ 23 (+53.33%)
Mutual labels:  vault, hashicorp-vault
gke-vault-demo
This demo builds two GKE Clusters and guides you through using secrets in Vault, using Kubernetes authentication from within a pod to login to Vault, and fetching short-lived Google Service Account credentials on-demand from Vault within a pod.
Stars: ✭ 63 (+320%)
Mutual labels:  vault, hashicorp-vault
Goldfish
A HashiCorp Vault UI written with VueJS and Vault native Go API
Stars: ✭ 2,174 (+14393.33%)
Mutual labels:  vault, hashicorp-vault
Awesome Vault Tools
Awesome tools around HashiCorp Vault
Stars: ✭ 167 (+1013.33%)
Mutual labels:  vault
K8s Gitops
GitOps principles to define kubernetes cluster state via code. Community around [email protected] is on discord: https://discord.gg/7PbmHRK
Stars: ✭ 192 (+1180%)
Mutual labels:  vault
Tqvaultae
Extra bank space for Titan Quest Anniversary Edition
Stars: ✭ 159 (+960%)
Mutual labels:  vault
Vault Ethereum
A plugin that turns Vault into an Ethereum wallet.
Stars: ✭ 159 (+960%)
Mutual labels:  vault
View All Similar Projects ➔

Vault Converter

License CI

Support converting Vault Secrets to different formats.

vault-converter is a tool designed to synchronize variables from local to Vault and vice versa.

Supported extensions:

  • tfvars
  • env

vault-converter uses Vault authentication method as userpass with fixed path userpass/. But you still can authenticate with token method by create a file contain client token at "$HOME/.vault-token".

Secret Engine supports Key/Value Version 2 (kv2).

Installation

Binaries (recommended)

Download your preferred asset from the releases page and install manually.

Source code

# clone repo to some directory outside GOPATH
git clone https://github.com/vietanhduong/vault-converter

cd vault-converter

go mod download

go build .

Usage

Currently, vault-converter supports synchronize variables from Vault to local and vice versa.

$ vault-converter --help
Convert to file from Vault. Support multiple file format like '.tfvars', '.env'

Usage:
  vault-converter [flags]
  vault-converter [command]

Available Commands:
  auth        Authenticates users to Vault
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  pull        Pull secrets from Vault and convert to file
  push        Parse source file and push to Vault

Flags:
  -h, --help      help for vault-converter
  -v, --version   Print version information and exit. This flag is only available at the global level.

Use "vault-converter [command] --help" for more information about a command.

Authenticate

User authentication with Vault

$ vault-converter auth --help
Authenticates users to Vault using the provided arguments. 
Method using: 'userpass'. The path of 'userpass' should be 'userpass/'

Usage:
  vault-converter auth [flags]

Flags:
  -a, --address string    Address of the Vault server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help              help for auth
  -p, --password string   The user's password. This can also be specified via the VAULT_PASSWORD environment variables.
  -u, --username string   The username to authenticate with Vault server. This can also be specified via the VAULT_USER environment variables.

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from Vault to local

When you pull variables from Vault to local. vault-convert automatically override the content to the output file. Keep it in mind, if you don't want your variables to disappear.

$ vault-converter pull --help
Pull secrets from Vault with specified secret path and convert to file.
SECRET_PATH should be a absolute path at Vault and the values should be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter pull SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Vault server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -f, --format string    Output format (default "tfvars")
  -h, --help             help for pull
  -o, --output string    Output path. E.g: ~/data/variables.auto.tfvars (default "variables.auto.tfvars")

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from local to Vault

Sync variables from local to Vault. If the SECRET_PATH doesn't exist. vault-converter automatically create new path and push the content in there. But if the root path (secret engine path) does NOT exist, the request will be fail .

$ vault-converter push --help
Parse source file and push secrets to Vault.
Based on the extension of SOURCE_FILE to determine the file format. 
SECRET_PATH should be a absolute path at Vault and the values should 
be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter push SOURCE_FILE SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Vault server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help             help for push

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

List secret paths from Vault

List all secret paths from Vault. This feature will try to list all secret paths base on user permissions. If input path does not specify, it will return all secret.

You can list all secret paths by recursive by using -r or --recursive flags.

$ vault-converter ls --help
List all secret path in input [SECRET_PATH]. If the input [SECRET_PATH] is empty.
It will return all secret from 'root'. It will try to get all secret that current user
can 'read'.

Usage:
  vault-converter ls [SECRET_PATH] [flags]

Flags:
  -a, --address string   addr of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://127.0.0.1:8200")
  -h, --help             help for ls
  -r, --recursive        List secret recursive or not.

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].