A client for the HTTP API of HashiCorp's Vault written for Node.js.
Prerequisites:
- NodeJS >=
16.0.0
npm install -S node-vaultThe year is 2023; If, for whatever reason, you need to use an older version of node.js (yet still
>= 6.x), usenode-vault <= v0.10.0Please note that
node-vault <= v0.10.0contains multiple vulnerabilities ☠️
Run tests using docker-compose (includes vault, postgres and running the tests inside) with:
docker-compose up --force-recreate testvar options = { apiVersion: 'v1', // default endpoint: 'http://127.0.0.1:8200', // default token: 'MY_TOKEN' // optional client token; can be fetched after valid initialization of the server }; // get new instance of the client var vault = require("node-vault")(options); // init vault server vault.init({ secret_shares: 1, secret_threshold: 1 }) .then( (result) => { var keys = result.keys; // set token for all following requests vault.token = result.root_token; // unseal vault server return vault.unseal({ secret_shares: 1, key: keys[0] }) }) .catch(console.error);vault.write('secret/hello', { value: 'world', lease: '1s' }) .then( () => vault.read('secret/hello')) .then( () => vault.delete('secret/hello')) .catch(console.error);//if vault kubernets endpoint is /auth/example-cluster/login and role is example-role //read token from default token mount path const token = await fs.readFileSync('/var/run/secrets/kubernetes.io/serviceaccount/token', { encoding: 'utf8' }); vault.kubernetesLogin({role: 'example-role' , jwt: token, kubernetesPath: 'example-cluster'})Just generate docco docs via npm run docs.
Please have a look at the examples and the generated feature list to see what is already implemented.
Instead of installing all the dependencies like vault itself, postgres and other stuff you can use docker and docker-compose to link and run multiple docker containers with all of its dependencies.
git clone git@github.com:nodevault/node-vault.git cd node-vault docker-compose up vaultNow you can run the examples from another terminal window.
First of all you should initialize and unseal the vault:
node example/init.jsYou should see root_token: followed by a long key in the response. Please copy that long key and export it as environment variable:
export VAULT_TOKEN=<insert long key here>Now you are able to run all of the other examples:
node example/policies.jsTo connect to a vault server in a private network with a bastion host, you'll need to first open a connection:
ssh -D <socks4Port> bastion.example.comconst SocksProxyAgent = require('socks-proxy-agent'); const agent = new SocksProxyAgent(`socks://127.0.0.1:${socks4Port}`, true); const options = { apiVersion: 'v1', rpOptions: { agent, }, }; const vault = require('node-vault')(options);