Lib.rs

Database interfaces
#key-value-store #aws-kms #encryption-key #secret #s3 #cli

bin+lib nitor-vault

Encrypted AWS key-value storage utility

by kahlstrm, Esgrove. Co-owned by Pasi Niemi.

14 releases (5 breaking)

0.6.1 Apr 8, 2024
0.6.0 Mar 25, 2024
0.5.2 Mar 1, 2024
0.5.0 Jan 12, 2024
0.1.4 Mar 3, 2023

#402 in Database interfaces

Download history 33/week @ 2024-01-11 1/week @ 2024-02-08 104/week @ 2024-02-15 15/week @ 2024-02-22 194/week @ 2024-02-29 26/week @ 2024-03-07 80/week @ 2024-03-14 105/week @ 2024-03-21 30/week @ 2024-03-28 91/week @ 2024-04-04 21/week @ 2024-04-11

247 downloads per month

Apache-2.0

32KB
678 lines

nitor-vault

Rust CLI and library for encrypting keys and values using client-side encryption with AWS KMS keys.

Usage: vault [OPTIONS] [COMMAND]

Commands:
  delete, -d, --delete  Delete an existing key from the store
  describe, --describe  Describe CloudFormation stack parameters for current configuration
  exists, -e, --exists  Check if a key exists
  all, -a, --all        List available secrets
  lookup, -l, --lookup  Print secret value for given key
  store, -s, --store    Store a new key-value pair
  info, -i, --info      Print region and stack information
  help                  Print this message or the help of the given subcommand(s)

Options:
  -b, --bucket <BUCKET>            Override the bucket name [env: VAULT_BUCKET=]
  -k, --key-arn <KEY_ARN>          Override the KMS key arn for storing or looking up [env: VAULT_KEY=]
  -r, --region <REGION>            Specify AWS region for the bucket [env: AWS_REGION=]
      --vault-stack <VAULT_STACK>  Optional CloudFormation stack to lookup key and bucket [env: VAULT_STACK=]
  -h, --help                       Print help (see more with '--help')
  -V, --version                    Print version

ANSI color output can be disabled by setting the env variable NO_COLOR=1.

Build

Using the shell script:

./build.sh

Note: works on Windows too, use Git for Windows Bash to run it.

Manually from terminal:

# debug
cargo build
cargo run
# release
cargo build --release
cargo run --release
# pass arguments
cargo run --release -- --help

Depending on which build profile is used, Cargo will output the executable to either:

rust/target/debug/vault
rust/target/release/vault

Install

You can install a release binary locally using cargo install.

Use the shell script:

./install.sh

The script calls cargo install and checks for the binary in path. If you run the command directly, note that you need to specify the path to the directory containing Cargo.toml. From the repo root you would do:

cargo install --path rust/

Cargo will put the binary under $HOME/.cargo/bin by default, which you should add to PATH if you don't have it there, so the binaries installed through Cargo will be found.

If you still get another version when using vault, you will need to put the cargo binary path $HOME/.cargo/bin first in path.

Format code

Using rustfmt

cargo fmt

Lint code

Using Clippy

cargo clippy
cargo clippy --fix

Update dependencies

cargo update

Dependencies

~53MB
~720K SLoC