vault-vars
| Crates.io | vault-vars |
| lib.rs | vault-vars |
| version | 0.0.4 |
| source | src |
| created_at | 2023-03-19 01:56:04.139148 |
| updated_at | 2023-03-26 01:41:45.420014 |
| description | A tool to fetch secrets from Hashicorp Vault and inject them into variable files for hashicorp terraform |
| homepage | https://github.com/oliverisaac/vault-vars |
| repository | https://github.com/oliverisaac/vault-vars |
| max_upload_size | |
| id | 814094 |
| size | 61,807 |
Oliver (oliverisaac)
documentation
README
VERY Pre-Beta
This is a work in progress tool. Right now it doesn't do much except merge some yaml files together.
vault-vars
Vault-vars is a command line tool to allow you to read secrets from Hashicorp Vault and save them to a terraform auto.tfvars.json file.
Installation:
cargo install vault-vars
Usage:
By default, the tool will read as input any file that matches the name *vault-vars.yaml or *vault-vars.yml.
By default, the tool will output the merged json representation of all the input files to: vv.auto.tfvars.json
Work in progress:
The base goal:
The eventual goal is that the tool will be able to read entries like this:
appCreds:
username:
@vault:
path: secret/app/credentials
subpath: username
password:
@vault:
path: secret/app/credentials
subpath: password
and use the @vault config to read secrets from vault.
appCreds:
username: iamroot
password: password123
Shorthands:
There will be various shorthands as well. For example:
appCreds:
@vault: secret/app/credentials
Will read the secret at the given path and write every key value pair under it:
appCreds:
username: iamroot
password; password123
Stretch Goals:
- support both read and write operations (e.g.: when fetching a PKI cert from vault)
- support other secret engine sources
- AWS Vault
- Azure Vault
- Apple Keychain