moleculer-vault
TypeScript icon, indicating that this package has built-in type declarations

0.1.0 • Public • Published

Moleculer logo

Build Status Coverage Status Codacy Badge Maintainability Known Vulnerabilities Run in Postman npm version

Vault Service for the Moleculer framework

This Services provides actions for communicating with a Vault Server. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. The goal of this package is to provide actions for accessing and managing secrets using a connected vault server.

Features

The following List details which features are implemented

  • Connect to the Vault on startup
  • Obtain the health status of the Vault
  • Mount Management
  • Write, Read and Delete Secrets from the Vault

Roadmap

The following List details which features will potentially be implemented

  • Seal and Unseal the Vault
  • Audit Management
  • Auth Management
  • Policy Management

Install

This package is available in the npm-registry. In order to use it simply install it with yarn (or npm):

yarn add moleculer-vault

Usage

To make use of this Service, simply require it and create a new service:

let { ServiceBroker } = require("moleculer");
let VaultService = require("moleculer-vault");
 
let broker = new ServiceBroker({ logger: console });
 
// Create a service
broker.createService({
    mixins: VaultService,
    settings: {
        endpoint: "http://my-vault:8200",
    }
});
 
// Start server
broker.start().then(() => broker.call('vault.health'));

For a more indepth example checkout out the examples folder. It includes a docker-compose file, running docker-compose up will boot a broker with a vault service and a vault server. All vault service actions are exposed on the API (which you should never do in real live!!!). You can run curl http://localhost:3000/vault/health for example. This project includes a published postman collection enabling you to quickly explore the service in your local environment.

Settings

Property Type Default Description
apiVersion String required Which API Version of the Vault to use.
endpoint String required Where to find the Vault.
token String null Which token to use for authenticating against the Vault
waitForInitializationAttempts Number required When starting, the service will connect to the Vault. When the Vault is not initialized, it will by default request the initialization status up to 5 times
waitForInitializationInterval Number required When starting, the service will connect to the Vault. When the Vault is not initialized, it will by wait for 1 second before requesting the initialization status again

Actions

health

Obtain the Vaults Health.

Parameters

Property Type Default Description

No input parameters.

Results

Type: Object

The Vaults Health Status.

mounts

Obtain all mounts of the Vault

Parameters

Property Type Default Description

No input parameters.

Results

Type: Array.<Object>

mount

Mount a new secret store at a given path

Parameters

Property Type Default Description
mount_point String required Specifies the path where the secrets engine will be mounted.
type String required Specifies the type of the backend, such as "aws".
description String - Specifies the human-friendly description of the mount.
config Object - Specifies configuration options for this mount.
options Object - Specifies mount type specific options that are passed to the backend.
local Boolean false ENTERPRISE ONLY: Specifies if the secrets engine is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.
seal_wrap Boolean false ENTERPRISE ONLY: Enable seal wrapping for the mount.

Results

Type: undefined

remount

Remount a mount to a different Path

Parameters

Property Type Default Description
from String required Specifies the previous mount point.
to String required Specifies the new destination mount point.

Results

Type: undefined

unmount

Unmount a mount from a path

Parameters

Property Type Default Description
mount_point String required Specifies the path where the secrets engine will be mounted.

Results

Type: undefined

write

Write data to a Vault Backend

Parameters

Property Type Default Description
path String required Specifies the path to write to
data Object required The data to write. Schema of this object
    depends on the backend that is mounted at the given path |

| requestOptions | Object | - | Additional request Options that are passed to the request-promise-native underneath |

Results

Type: Object

Schema depends on the backend that is mounted at the given path

read

Write data from a Vault Backend

Parameters

Property Type Default Description
path String required Specifies which data to read
requestOptions Object - Additional request Options that
    are passed to the request-promise-native underneath |

Results

Type: Object

Schema depends on the backend that is mounted at the given path

list

List data from a Vault Backend

Parameters

Property Type Default Description
path String required Specifies which data to list
requestOptions Object - Additional request Options that
    are passed to the request-promise-native underneath |

Results

Type: Object

Schema depends on the backend that is mounted at the given path

delete

Delete data from a Vault Backend

Parameters

Property Type Default Description
path String required Specifies which data to read
requestOptions Object - Additional request Options that
    are passed to the request-promise-native underneath |

Results

Type: Object

Schema depends on the backend that is mounted at the given path

help

Obtain help from a Vault Backend

Parameters

Property Type Default Description
path String required Specifies for what to obtain help
requestOptions Object - Additional request Options that
    are passed to the request-promise-native underneath |

Results

Type: Object

Schema depends on the backend that is mounted at the given path

Test

$ docker-compose exec package yarn test

In development with watching

$ docker-compose up

License

moleculer-vault is available under the MIT license.

Package Sidebar

Install

npm i moleculer-vault

Weekly Downloads

1

Version

0.1.0

License

MIT

Unpacked Size

49 kB

Total Files

48

Last publish

Collaborators

  • designtesbrot