fastify-secrets-vault
v1.1.1
Published
Fastify secrets plugin for HashiCorp's Vault
Downloads
9
Maintainers
Readme
Fastify Secrets Vault
Fastify secrets plugin for HashiCorp's Vault.
Install
npm install --save fastify-secrets-vault
Usage
You can register the plugin in your fastify instance and provide options for vault
.
const fastify = require('fastify')();
const secretsPlugin = require('fastify-secrets-vault');
...
fastify.register(secretsPlugin, {
secrets: {
mongo_password: '/path/to/secret',
redis_password: {
path: 'path/to/secret',
key: 'master-key' // it can support and array of keys ['key1','key2']
}
},
vaultOptions: {
token: '*****', //optional token for authenticating requests to vault
endpoint: 'http://127.0.0.1:8200'
}
});
await fastify.ready();
...
API
Register options
namespace
: (optional) The plugin will add the secret values tofastify.secrets[namespace]
concurrency
: (optional) How many concurrent secrets you can retrieve. Default value:5
secrets
: (required) An object representing a map of secret keys and references. It can be either in the form of:redis_password: '/path/to/secret'
or
- If you want only a specific key
redis_password: { path: '/path/to/secret/', key: 'main_token' }
or
- If you want to get multiple keys
redis_password: { path: '/path/to/secret/', key: ['main_token','secondary_token'] }
Then you can access your secrets with
fastify.secrets.main_token
.vaultOptions
secretsEngineVersion
: (optional) Vault KV Secrets Engine can operate in two modesv1
andv2
. Default value:v2
.endpoint
: (optional) Endpoint for reaching vault server. Default value:http://127.0.0.1:8200
.token
: (optional) Token to authenticate requests with.authentication
: (optional) This can be provided instead of token. It's a way of retrieving a token. Currently supportedldap
.
Authentication
Ldap
{
method: 'ldap',
credentials: {
password: '*****',
username: 'username'
}
}
Approle
{
method: 'approle',
credentials: {
roleId: 'xxxxx-xxxxxx-xxxxxx-xxxxxx',
secretId: 'xxxxxx-xxxxxx-xxxxxxx-xxxxxx'
}
}
Typescript
In order to use this plugin you need to enable the flag "esModuleInterop": true
in tsconfig.json
.
then you can import it
import secretsPlugin from 'fastify-secrets-vault';
If you want to have the secrets values into fastify (e.g. fastify.secrets.main_token
) you can create a types.ts
containing
import 'fastify';
declare module 'fastify' {
interface FastifyInstance {
secrets: {
mongo_password: string;
redis_password: string;
};
}
}
and then import './types.'
to your server.
Acknowledgements
This package follows the structure of fastify-secrets-core. There is another package for Vault published in Nearform, fastify-secrets-hashicorp.
Example
You can also check an example usage.
Issues
For any issues.
License
MIT License