This module provides a set of functions to help JavaScript Developers working with HashiCorp Vault to authenticate and access API endpoints using JavaScript promises.
- NodeJs
- Minimum: v10.x
- Recommended: v12.x
- npm
- Tested on: v6.14.x
- HashiCorp Vault
- Minimum: v1.4.x
- Accepted: v1.5.x
- Recommended: v1.6.x
Note: Depending on your Windows setup windows-build-tools may need to be installed first. Also, for MacOS users, you should have xcode-select or entire Xcode App installed.
npm install hashi-vault-js --save
npm uninstall hashi-vault-js
-
0.3.22
- Updated development env to Vault server
1.6.1
- Updated development env to Vault server
-
0.3.21
- Re-fixed bug on
createToken
function related totypeof
never returningundefined
(Issue#5)
- Re-fixed bug on
{
// Indicates if the HTTP request to the Vault server should use
// HTTPS (secure) or HTTP (non-secure) protocol
https: true,
// If https is true, then provide client certificate, client key and
// the root CA cert
cert: './client.crt',
key: './client.key',
cacert: './ca.crt',
// Indicate the server name/IP, port and API version for the Vault,
// all paths are relative to this one
baseUrl: 'https://127.0.0.1:8200/v1',
// Sets the root path after the base URL, it translates to a
// partition inside the Vault where the secret engine was enabled
rootPath: 'secret',
// HTTP request timeout in milliseconds
timeout: 1000,
// If should use a proxy or not by the HTTP request
// Example:
// proxy: { host: proxy.ip, port: proxy.port }
proxy: false
}
Note: This package covers some auth methods and KV v2 secret engine. Check Limitations
section for more details.
const Vault = require('hashi-vault-js');
const vault = new Vault( {
https: true,
cert: './client.crt',
key: './client.key',
cacert: './ca.crt',
baseUrl: 'https://127.0.0.1:8200/v1',
rootPath: 'secret',
timeout: 2000,
proxy: false
});
Check health status of the Vault server:
const status = await vault.healthCheck();
Perform a login on the Vault with role-id/secret-id pair (AppRole login) and get a valid client token:
const token = await vault.loginWithAppRole(RoleId, SecretId).client_token;
Perform a login on the Vault with LDAP username/password pair and get a valid client token:
const token = await vault.loginWithLdap(Username, Password).client_token;
Perform a login on the Vault with Userpass username/password pair and get a valid client token:
const token = await vault.loginWithUserpass(Username, Password).client_token;
Define a function to return secret engine information from the Vault:
const secretEngineInfo = function(token) {
return vault.readKVEngineConfig(token).then(function(result){
return result;
}).catch(function(error){
return error;
});
};
Create a new secret in the Vault:
const Item={
name: "slack",
data: {
bot_token1: "xoxb-123456789012-1234567890123-1w1lln0tt3llmys3cr3tatm3",
bot_token2: "xoxb-123456789013-1234567890124-1w1lln0tt3llmys3cr3tatm3"
}
};
const data = await vault.createKVSecret(token, Item.name , Item.data);
Read a secret from the Vault:
const secrets = await vault.readKVSecret(token, Item.name);
Update secret version 1 in the Vault:
const data = await vault.updateKVSecret(token, Item.name , newData, 1);
Check below docs for more information on specific function groups.
System Backend API endpoints - General
System Backend API endpoints - SEAL operations
Token auth method API endpoints - /auth/token
LDAP auth method API endpoints - /auth/ldap
Userpass auth method API endpoints - /auth/userpass
AppRole auth method API endpoints - /auth/approle
PKI secret engine API endpoints
KV v2 secret engine API endpoints
The following HashiCorp Vault API endpoints are currently covered:
-
System Backend - Partially
-
Auth methods:
Method | Coverage status |
---|---|
AppRole | Partially |
LDAP | Most of them |
Userpass | All endpoints |
Token | Most of them |
- Secret engines:
Engine | Coverage status |
---|---|
KV Version 2 | All endpoints |
PKI | Most of them |
Follow the detailed instructions from this doc
If you want to contribute to the module and make it better, your help is very welcome. You can do so submitting a Pull Request. It will be reviewed and merged to main branch if accepted.
If you have found what you believe to be an issue with hashi-vault-js
please do not hesitate to file an issue on the GitHub repository here.
If you want to see new features or enhancements to the current ones, we would love to hear them. Please submit an issue on the GitHub repository here.
Written by Rod Anami rod.anami@br.ibm.com, June 2020.
Richard <richie765@>
This project is licensed under the Eclipse Public License 2.0.
HashiCorp Vault open source is licensed under the Mozilla Public License 2.0.