A client for the HTTP API of HashiCorp's Vault written for Node.js.
make sure to use node.js version >= 6
npm install node-vault Run tests inside docker to do also nice integration testing:
docker-compose up --force-recreate test This will create containers for vault, postgres and running the tests inside docker.
var options = { apiVersion: 'v1', // default endpoint: 'http://127.0.0.1:8200', // default token: '1234' // optional client token; can be fetched after valid initialization of the server }; // get new instance of the client var vault = require("node-vault")(options); // init vault server vault.init({ secret_shares: 1, secret_threshold: 1 }) .then( (result) => { var keys = result.keys; // set token for all following requests vault.token = result.root_token; // unseal vault server return vault.unseal({ secret_shares: 1, key: keys[0] }) }) .catch(console.error);vault.write('secret/hello', { value: 'world', lease: '1s' }) .then( () => vault.read('secret/hello')) .then( () => vault.delete('secret/hello')) .catch(console.error);Just generate docco docs via npm run docs.
Please have a look at the examples and the generated feature list to see what is already implemented.
Instead of installing all the dependencies like vault itself, postgres and other stuff you can use docker and docker-compose to link and run multiple docker containers with all of its dependencies.
git clone git@github.com:kr1sp1n/node-vault.git cd node-vault docker-compose up vaultNow you can run the examples from another terminal window.
First of all you should initialize and unseal the vault:
node example/init.jsYou should see root_token: followed by a long key in the response. Please copy that long key and export it as environment variable:
export VAULT_TOKEN=<insert long key here>Now you are able to run all of the other examples:
node example/policies.jsTo connect to a vault server in a private network with a bastion host, you'll need to first open a connection:
ssh -D <socks4Port> bastion.example.comconst SocksProxyAgent = require('socks-proxy-agent'); const agent = new SocksProxyAgent(`socks://127.0.0.1:${socks4Port}`, true); const options = { apiVersion: 'v1', rpOptions: { agent, }, }; const vault = require('node-vault')(options);