# VERY Pre-Beta

This is a work in progress tool. Right now it doesn't do much except merge some yaml files together.

# vault-vars

Vault-vars is a command line tool to allow you to read secrets from Hashicorp Vault and save them to a terraform `auto.tfvars.json` file.

# Installation:

```
cargo install vault-vars
```

# Usage:

By default, the tool will read as input any file that matches the name `*vault-vars.yaml` or `*vault-vars.yml`. 

By default, the tool will output **the merged json representation** of all the input files to: `vv.auto.tfvars.json`

# Work in progress:

## The base goal:

The eventual goal is that the tool will be able to read entries like this:

```
appCreds:
    username:
        @vault:
        	path: secret/app/credentials
        	subpath: username
    password:
        @vault:
        	path: secret/app/credentials
        	subpath: password

```

and use the `@vault` config to read secrets from vault.

```
appCreds:
    username: iamroot
    password: password123
```


## Shorthands:

There will be various shorthands as well. For example:

```
appCreds:
  @vault: secret/app/credentials
```

Will read the secret at the given path and write every key value pair under it:

```
appCreds:
  username: iamroot
  password; password123
```

## Stretch Goals:

- support both read and write operations (e.g.: when fetching a PKI cert from vault)
- support other secret engine sources
    - AWS Vault
    - Azure Vault
    - Apple Keychain