A very simple elixir client that authenticates, reads and writes secrets from HashiCorp's Vault. As listed on Vault Libraries.
The package can be installed as:
- Add vaultex to your list of dependencies in
mix.exs:
def deps do
[{:vaultex, "~> 0.5"}]
end- Ensure vaultex is started before your application:
def application do
[applications: [:vaultex]]
endYou can configure your vault endpoint with a single environment variable:
VAULT_ADDR
Or a single application variable:
:vaultex, :vault_addr
An example value for VAULT_ADDR is http://127.0.0.1:8200.
Alternatively the vault endpoint can be specified with environment variables:
VAULT_HOSTVAULT_PORTVAULT_SCHEME
Or application variables:
:vaultex, :host:vaultex, :port:vaultex, :scheme
These default to localhost, 8200, http respectively.
You can skip SSL certificate verification with :vaultex, vault_ssl_verify: true option
or VAULT_SSL_VERIFY=true environment variable.
To read a secret you must provide the path to the secret and the authentication backend and credentials you will use to login. See the Vaultex.Client.auth/2 docs for supported auth backends.
...
iex> Vaultex.Client.auth(:app_id, {app_id, user_id})
iex> Vaultex.Client.auth(:userpass, {username, password})
iex> Vaultex.Client.auth(:ldap, {username, password})
iex> Vaultex.Client.auth(:github, {github_token})
iex> Vaultex.Client.auth(:approle, {role_id, secret_id})
iex> Vaultex.Client.auth(:token, {token})
...
iex> Vaultex.Client.read "secret/bar", :github, {github_token} #returns {:ok, %{"value" => bar"}}
...
iex> Vaultex.Client.write "secret/foo", %{"value" => "bar"}, :app_id, {app_id, user_id}To release you need to bump the version and add some changes to the change log, you can do this with:
mix eliver.bump