Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
Julian Lengelsen committed Mar 4, 2020
0 parents commit c5fdb7b
Show file tree
Hide file tree
Showing 6 changed files with 974 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
node_modules/
vault-to-docker-secret*
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# vault-to-docker-secret

## Build

In order to build the platform binaries run:

```
npx pkg -t latest-linux,latest-win,latest-mac .
```

## Create secret

Reads a secret from Vault and stores it as a Docker secret:

```
vault-to-docker-secret --approle-file=FILE --vault-endpoint=ENDPOINT --secret-path=PATH --secret-key=KEY
```

## Help

Usage instructions:

```
vault-to-docker-secret --help
```
40 changes: 40 additions & 0 deletions bin.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
const argv = require("yargs")
.option("approle-file", {
alias: "a",
demandOption: true,
description: "AppRole credentials file",
requiresArg: true,
type: "string"
})
.option("vault-endpoint", {
alias: "v",
demandOption: true,
description: "Vault endpoint URL",
requiresArg: true,
type: "string"
})
.option("secret-path", {
alias: "s",
demandOption: true,
description: "Vault secret path",
requiresArg: true,
type: "string"
})
.option("secret-key", {
alias: "k",
demandOption: true,
description: "Vault secret key",
requiresArg: true,
type: "string"
})
.usage(
"$0 --approle-file=FILE --vault-endpoint=ENDPOINT --secret-path=PATH --secret-key=KEY"
)
.help().argv;

require(".")(
argv.approleFile,
argv.vaultEndpoint,
argv.secretPath,
argv.secretKey
);
38 changes: 38 additions & 0 deletions main.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
const DOCKER = new require("dockerode")();
let vault;

module.exports = async (approleFile, vaultEndpoint, secretPath, secretKey) => {
const OPTIONS = { endpoint: vaultEndpoint };
vault = require("node-vault")(OPTIONS);
try {
const jsonString = await require("fs").promises.readFile(approleFile);
const approleJson = JSON.parse(jsonString);
const loginResponse = await vaultApproleLogin(approleJson);
const vaultSecret = await readVaultSecret(secretPath, loginResponse);
await createDockerSecretFromValue(secretKey, vaultSecret);
} catch (error) {
console.error(error);
}
};

async function vaultApproleLogin(approleJson) {
const APPROLE = {
role_id: approleJson.roleId,
secret_id: approleJson.secretId
};
return vault.approleLogin(APPROLE);
}

async function readVaultSecret(path, loginResponse) {
vault.token = loginResponse.auth.client_token;
return vault.read(path);
}

async function createDockerSecretFromValue(key, vaultSecret) {
const VALUE = Buffer.from(vaultSecret.data.data[key]).toString("base64");
const DOCKER_SECRET = {
name: key,
data: VALUE
};
return DOCKER.createSecret(DOCKER_SECRET);
}
Loading

0 comments on commit c5fdb7b

Please sign in to comment.