Skip to content

Rust library that retrieve secrets from Vault and inject them as environment variables.

Notifications You must be signed in to change notification settings

Mcfloy/vault-credentials

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Vault Credentials

Rust Library that fetch secrets from Vault and load them as environment variables. Inspired by Spring Cloud Vault.

Getting started

We will assume that you want to retrieve some secrets from your local Vault Server.

This is the json secret located in secret/hello (from Vault perspective, either by using the Vault UI or Vault CLI)

{
  "my-key": "my-value",
  "github.com": {
    "api-key": "123456",
    "base-url": "http://localhost:8080"
  }
}

In your program you must provide the environment variables required to make a connection to the Vault Server and retrieve the token. You can use the .dotenv crate and put the variables in a .env file.

VAULT_ADDR=http://127.0.0.1:8200
VAULT_PATH=hello
VAULT_TYPE=approle
VAULT_ROLE_ID=9bf0581f-[...]-533ba207ec80
VAULT_SECRET_ID=55473ff2-[...]-0ab9ae6e499b

To use the vault_credentials crate in your program, import it and call the initialize method.

use dotenv::dotenv;

#[tokio::main]
async fn main() {
    dotenv().ok();
    vault_credentials::initialize().await;

    println!("{}", std::env::var("github.com.api-key").unwrap());
    // Output: 123456
}

Authentication types

You can use other types of authentication by using VAULT_TYPE. (default is set to token)

Vault Type Required environment variables
token VAULT_TOKEN
approle VAULT_ROLE_ID,VAULT_SECRET_ID
kubernetes VAULT_K8S_AUTH_PATH,VAULT_ROLE_NAME
userpass,ldap VAULT_USERNAME, VAULT_PASSWORD

Namespace

If you use a namespace, you can define it using the environment variable VAULT_NAMESPACE. This will add a header in the requests.

About

Rust library that retrieve secrets from Vault and inject them as environment variables.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages