Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 440 Commits
.devcontainer		.devcontainer
.github		.github
example		example
scripts		scripts
src		src
test		test
.dockerignore		.dockerignore
.eslintignore		.eslintignore
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
.npmignore		.npmignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
docker-compose.yml		docker-compose.yml
features.md		features.md
index.d.ts		index.d.ts
package-lock.json		package-lock.json
package.json		package.json

Repository files navigation

node-vault

A client for the HTTP API of HashiCorp'sVault written for Node.js.

Install

Prerequisites:

NodeJS >=16.0.0

npm install -S node-vault

The year is 2023; If, for whatever reason, you need to use an older version of node.js (yet still>= 6.x), usenode-vault <= v0.10.0
Please note thatnode-vault <= v0.10.0 contains multiple vulnerabilities ☠️

Test

Run tests using docker-compose (includes vault, postgres and running the tests inside) with:

docker-compose up --force-recreatetest

Usage

Init and unseal

varoptions={apiVersion:'v1',// defaultendpoint:'http://127.0.0.1:8200',// defaulttoken:'MY_TOKEN'// optional client token; can be fetched after valid initialization of the server};// get new instance of the clientvarvault=require("node-vault")(options);// init vault servervault.init({secret_shares:1,secret_threshold:1}).then((result)=>{varkeys=result.keys;// set token for all following requestsvault.token=result.root_token;// unseal vault serverreturnvault.unseal({secret_shares:1,key:keys[0]})}).catch(console.error);

Write, read and delete secrets

vault.write('secret/hello',{value:'world',lease:'1s'}).then(()=>vault.read('secret/hello')).then(()=>vault.delete('secret/hello')).catch(console.error);

Kubernetes Auth Example

//if vault kubernets endpoint is /auth/example-cluster/login and role is example-role//read token from default token mount pathconsttoken=awaitfs.readFileSync('/var/run/secrets/kubernetes.io/serviceaccount/token',{encoding:'utf8'});vault.kubernetesLogin({role:'example-role',jwt:token,kubernetesPath:'example-cluster'})

Docs

Just generatedocco docs vianpm run docs.

Examples

Please have a look at theexamples and the generatedfeature list to see what is already implemented.

Instead of installing all the dependencies like vault itself, postgres and other stuff you canusedocker anddocker-compose to link and run multiple docker containers with all of its dependencies.

git clone git@github.com:nodevault/node-vault.gitcd node-vaultdocker-compose up vault

Now you can run the examples from another terminal window.

First of all you should initialize and unseal the vault:

node example/init.js

You should seeroot_token: followed by a long key in the response.Please copy that long key and export it as environment variable:

export VAULT_TOKEN=<insert long key here>

Now you are able to run all of the otherexamples:

node example/policies.js

Connecting to vault through a bastion host

To connect to a vault server in a private network with a bastion host, you'll need to first open a connection:

ssh -D<socks4Port> bastion.example.com

constSocksProxyAgent=require('socks-proxy-agent');constagent=newSocksProxyAgent(`socks://127.0.0.1:${socks4Port}`,true);constoptions={apiVersion:'v1',rpOptions:{    agent,},};constvault=require('node-vault')(options);