@litehex/node-vault

node-vault

A modern JavaScript client for HashiCorp's Vault with a focus on ease-of-use.

Notable features

• Mostly type-safe
• Highly extendable and configurable

Installation

npm install @litehex/node-vault

Usage

Init and unseal vault

import { Client } from '@litehex/node-vault';

// Get a new instance of the client
const vc = new Client({
  apiVersion: 'v1', // default
  endpoint: 'http://127.0.0.1:8200', // default
  token: 'hv.xxxxxxxxxxxxxxxxxxxxx' // Optional in case you want to initialize the vault
});

// Init vault
const init = await vc.init({ secret_shares: 1, secret_threshold: 1 });
console.log(init); // { keys: [ ... ], keys_base64: [ ... ], ... }

// Set token
const { keys, root_token } = init;
vc.token = root_token;

const unsealed = await vc.unseal({ key: keys[0] });

console.log(unsealed); // { type: 'shamir', initialized: true, sealed: false, ... }

Create KV2 engine

const success = await vc.mount({
  mountPath: 'my-secret',
  type: 'kv-v2'
});

console.log(success); // true

const info = await vc.mountInfo({ mountPath: 'my-secret' });

console.log(info); // { type: 'kv', options: { version: '2' }, ... }

Write, read and delete secrets

const write = await vc.write({
  path: 'my-secret/data/hello',
  data: { foo: 'bar' }
});
console.log(write); // { request_id: '...', lease_id: '...', ... }

const read = await vc.read({ path: 'my-secret/data/hello' });
console.log(read); // { request_id: '...', lease_id: '...', ... }

const deleted = await vc.delete({ path: 'my-secret/data/hello' });
console.log(deleted); // true

Check out the examples and tests directory for more examples.

Documentation

For all configuration options, please see the API docs.

Contributing

You can contribute to this project by opening an issue or a pull request on GitHub. Feel free to contribute, we care about your ideas and suggestions.

Relevant

• HashiCorp's Vault API docs
• Minimal CLI for K/V V2 engine

License

GPL-3.0 © Shahrad Elahi