3 releases
| 0.0.4 | Mar 26, 2023 |
|---|---|
| 0.0.2 | Mar 19, 2023 |
| 0.0.1 | Mar 19, 2023 |
#849 in Authentication
169 downloads per month
21KB
360 lines
VERY Pre-Beta
This is a work in progress tool. Right now it doesn't do much except merge some yaml files together.
vault-vars
Vault-vars is a command line tool to allow you to read secrets from Hashicorp Vault and save them to a terraform auto.tfvars.json file.
Installation:
cargo install vault-vars
Usage:
By default, the tool will read as input any file that matches the name *vault-vars.yaml or *vault-vars.yml.
By default, the tool will output the merged json representation of all the input files to: vv.auto.tfvars.json
Work in progress:
The base goal:
The eventual goal is that the tool will be able to read entries like this:
appCreds:
username:
@vault:
path: secret/app/credentials
subpath: username
password:
@vault:
path: secret/app/credentials
subpath: password
and use the @vault config to read secrets from vault.
appCreds:
username: iamroot
password: password123
Shorthands:
There will be various shorthands as well. For example:
appCreds:
@vault: secret/app/credentials
Will read the secret at the given path and write every key value pair under it:
appCreds:
username: iamroot
password; password123
Stretch Goals:
- support both read and write operations (e.g.: when fetching a PKI cert from vault)
- support other secret engine sources
- AWS Vault
- Azure Vault
- Apple Keychain
Dependencies
~3–4.5MB
~85K SLoC