fastify-secrets-hashicorp
Advanced tools
Readme
Fastify secrets plugin for HashiCorp Vault. The plugin supports both KV Secrets Engine - Version 2 (default) and KV Secrets Engine - Version 1 (need to enable via useKVv1 flag).
npm install --save fastify-secrets-hashicorp
const Fastify = require('fastify')
const FastifySecretsHashiCorp = require('fastify-secrets-hashicorp')
const fastify = Fastify()
// Add plugin to your fastify instance
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'secret-name',
key: 'value'
}
},
clientOptions: {
vaultOptions: {
token: 'example-token',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'example-mount'
}
})
// Access your secrets
fastify.ready().then(() => {
console.log(fastify.secrets.dbPassword) // content of 'example-mount/secret-name'
})
Assuming a secret has been written using the vault CLI like this:
VAULT_ADDR='http://127.0.0.1:8200' vault write myproject/database password=mysecret
The plugin can be initialised to read this secret as follows:
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'database',
key: 'password'
}
},
clientOptions: {
vaultOptions: {
token: '<TOKEN>',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'myproject'
}
})
The path to the secrets engine. Defaults to 'secret'.
If this flag is set to true, will read from the Vault using KV Secrets Engine - Version 1. Defaults to false.
How to use the plugin with kv-v1:
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'database',
key: 'password'
}
},
clientOptions: {
vaultOptions: {
token: '<TOKEN>',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'myproject',
useKVv1: true
}
})
Initialisation options that are sent to node-vault, typed as VaultOptions.
The most important being:
secrets/ (or at the provided mountPoint in options) and us using either KV Secrets Engine - Version 2 or KV Secrets Engine - Version 1 (with useKVv1 option set to true)We assume that the kv-v2 secrets engine is being used. If vault is started in dev mode (vault server -dev) it defaults to the kv-v2 engine, mounted at secrets/. In order to use the dev server, with kv-v1, you need to remove it and mount a kv-v1 secrets provider instead:
VAULT_ADDR='http://127.0.0.1:8200' vault secrets disable secret
VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -version=1 -path=secret kv
Or alternatively, mount kvv1 on a different path, without removing the kv-v2 engine.
VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -version=1 -path=kvv1 kv
See CONTRIBUTING.md
Copyright NearForm Ltd 2021. Licensed under the Apache-2.0 license.
FAQs
Fastify secrets plugin for HashiCorp Vault
The npm package fastify-secrets-hashicorp receives a total of 9 weekly downloads. As such, fastify-secrets-hashicorp popularity was classified as not popular.
We found that fastify-secrets-hashicorp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.