merka-vault

merka-vault is a Rust library and CLI tool for bootstrapping HashiCorp Vault. It automates initialization (seal/unseal), configures a PKI secrets engine, and sets up various authentication methods. It integrates with the merka-core actor framework or works as a standalone tool.

Features

• Vault Initialization & Unsealing – Initialize and unseal Vault using Shamir's secret shares.
• PKI Setup – Enable Vault’s PKI engine and create a self-signed root CA or intermediate CA.
• AppRole Authentication – Enable AppRole and create roles for applications.
• Kubernetes Authentication – Use the Kubernetes auth method to trust service account tokens.
• CLI Tool – Command-line management for initialization, PKI, and auth configuration.
• Actor Integration – Asynchronous Vault management using VaultActor with Actix.

Usage (CLI)

1. Initialize and unseal Vault:

merka-vault init --secret-shares 3 --secret-threshold 2

2. Set up PKI and authentication:

merka-vault setup-pki --domain my-org.com --ttl 4380h
merka-vault auth approle --role-name myapp --policies default,my-policy

Usage (Rust)

• Build the project: just build
• Run tests: just test

Development

Example (macOS):

# Install Rust
curl https://sh.rustup.rs -sSf | sh

# Install Just
brew install just

# Run tests
just test

Contributing

Contributions are welcome! See CONTRIBUTING.md for details.

License

Licensed under MIT or Apache 2.0. See LICENSE for details.

Code of Conduct

This project adheres to a Contributor Code of Conduct. By contributing, you agree to abide by its terms.