Rust Library that fetch secrets from Vault and load them as environment variables. Inspired by Spring Cloud Vault.
We will assume that you want to retrieve some secrets from your local Vault Server.
This is the json secret located in secret/hello
(from Vault perspective, either by using the Vault UI or Vault CLI)
{
"my-key": "my-value",
"github.com": {
"api-key": "123456",
"base-url": "http://localhost:8080"
}
}
In your program you must provide the environment variables required to make a connection to the Vault Server and retrieve the token. You can use the .dotenv crate and put the variables in a .env file.
VAULT_ADDR=http://127.0.0.1:8200
VAULT_PATH=hello
VAULT_TYPE=approle
VAULT_ROLE_ID=9bf0581f-[...]-533ba207ec80
VAULT_SECRET_ID=55473ff2-[...]-0ab9ae6e499b
To use the vault_credentials crate in your program, import it and call the initialize
method.
use dotenv::dotenv;
#[tokio::main]
async fn main() {
dotenv().ok();
vault_credentials::initialize().await;
println!("{}", std::env::var("github.com.api-key").unwrap());
// Output: 123456
}
You can use other types of authentication by using VAULT_TYPE
. (default is set to token
)
Vault Type | Required environment variables |
---|---|
token |
VAULT_TOKEN |
approle |
VAULT_ROLE_ID ,VAULT_SECRET_ID |
kubernetes |
VAULT_K8S_AUTH_PATH ,VAULT_ROLE_NAME |
userpass ,ldap |
VAULT_USERNAME , VAULT_PASSWORD |
If you use a namespace, you can define it using the environment variable VAULT_NAMESPACE
.
This will add a header in the requests.