Crates.io | nitor-vault |
lib.rs | nitor-vault |
version | 2.0.0 |
source | src |
created_at | 2023-03-02 14:05:00.501125 |
updated_at | 2024-11-01 11:05:30.930819 |
description | Encrypted AWS key-value storage utility |
homepage | |
repository | https://github.com/nitorcreations/vault |
max_upload_size | |
id | 798905 |
size | 154,707 |
Rust CLI and library for encrypting keys and values using client-side encryption with AWS KMS keys.
Install the Rust vault CLI from crates.io with:
cargo install nitor-vault
You will need to have Rust installed for this to work.
See rustup.rs if you need to install Rust first.
By default, cargo puts the vault binary under ~/.cargo/bin/vault
.
Check with which -a vault
to see what vault version you have first in path.
Encrypted AWS key-value storage utility.
Usage: vault [OPTIONS] [COMMAND]
Commands:
all, -a, --all List available secrets
completion, --completion Generate shell completion
delete, -d, --delete Delete an existing key from the store
describe, --describe Describe CloudFormation stack parameters for current configuration
decrypt, -y, --decrypt Directly decrypt given value
encrypt, -e, --encrypt Directly encrypt given value
exists, --exists Check if a key exists
info, --info Print vault information
id, --id Print AWS user account information
status, --status Print vault stack information
init, -i, --init Initialize a new KMS key and S3 bucket
update, -u, --update Update the vault CloudFormation stack
lookup, -l, --lookup Output secret value for given key
store, -s, --store Store a new key-value pair
help Print this message or the help of the given subcommand(s)
Options:
-b, --bucket <BUCKET> Override the bucket name [env: VAULT_BUCKET=]
-k, --key-arn <ARN> Override the KMS key ARN [env: VAULT_KEY=]
-p, --prefix <PREFIX> Optional prefix for key name [env: VAULT_PREFIX=]
-r, --region <REGION> Specify AWS region for the bucket [env: AWS_REGION=]
--vault-stack <NAME> Specify CloudFormation stack name to use [env: VAULT_STACK=]
-q, --quiet Suppress additional output and error messages
-h, --help Print help (see more with '--help')
-V, --version Print version
ANSI color output can be disabled by setting the env variable NO_COLOR=1
.
The Nitor vault library can be used in other Rust projects directly. Add the crate to your project with:
cargo add nitor-vault
use nitor_vault::Vault;
fn main() -> anyhow::Result<()> {
let vault = Vault::default().await?;
let value = Box::pin(vault.lookup("secret-key")).await?;
println!("{value}");
Ok(())
}
Use the completion
command to generate auto-completion scripts.
Generate shell completion
Usage: vault {completion|--completion} [OPTIONS] <SHELL>
Arguments:
<SHELL> [possible values: bash, elvish, fish, powershell, zsh]
Options:
-i, --install Output completion directly to the correct directory instead of stdout
-h, --help Print help
If the ~/.oh-my-zsh/custom/plugins
dir is found when outputting for zsh
,
the completions will be outputted as a custom plugin called vault
.
Enable the completions by adding vault
to the plugin list in ~/.zshrc
config.
A completions
subdirectory will be created under the default profile directory path for the current user.
This will need to be loaded in the user profile, for example:
# Load all completions scripts in the completions directory
$completionScriptsPath = "$HOME/.config/powershell/completions/"
if (Test-Path $completionScriptsPath)
{
Get-ChildItem -Path $completionScriptsPath -Filter *.ps1 | ForEach-Object {
. $_.FullName
}
}
Using the shell script:
./build.sh
Note: works on Windows too, use Git for Windows Bash to run it.
Manually from terminal:
# debug
cargo build
cargo run
# release
cargo build --release
cargo run --release
# pass arguments
cargo run --release -- --help
Depending on which build profile is used, Cargo will output the executable to either:
rust/target/debug/vault
rust/target/release/vault
You can install a release binary locally using cargo install.
Use the shell script:
./install.sh
The script calls cargo install
and checks for the binary in path.
If you run the command directly,
note that you need to specify the path to the directory containing Cargo.toml.
From the repo root you would do:
cargo install --path rust/
Cargo will put the binary under $HOME/.cargo/bin
by default,
which you should add to PATH if you don't have it there,
so the binaries installed through Cargo will be found.
If you still get another version when using vault,
you will need to put the cargo binary path $HOME/.cargo/bin
first in path.
Using rustfmt
cargo fmt
Using Clippy
cargo clippy
cargo clippy --fix
cargo update
Go to crates.io/settings/tokens and create a new API token, unless you already have one that has not expired. Do not create a token with no expiration date, and prefer short expiration times.
Copy token and run cargo login <token>
.
If you need to publish an older version (that is not the current git HEAD commit), first checkout the version you want to publish.
Try publishing with cargo publish --dry-run
and then run with cargo publish
.