fastify-secrets-hashicorp
Advanced tools
Fastify secrets plugin for HashiCorp Vault. The plugin supports both KV Secrets Engine - Version 2 (default) and KV Secrets Engine - Version 1 (need to enable via useKVv1 flag).
npm install --save fastify-secrets-hashicorp
const Fastify = require('fastify')
const FastifySecretsHashiCorp = require('fastify-secrets-hashicorp')
const fastify = Fastify()
// Add plugin to your fastify instance
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'secret-name',
key: 'value'
}
},
clientOptions: {
vaultOptions: {
token: 'example-token',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'example-mount'
}
})
// Access your secrets
fastify.ready().then(() => {
console.log(fastify.secrets.dbPassword) // content of 'example-mount/secret-name'
})
Assuming a secret has been written using the vault CLI like this:
VAULT_ADDR='http://127.0.0.1:8200' vault write myproject/database password=mysecret
The plugin can be initialised to read this secret as follows:
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'database',
key: 'password'
}
},
clientOptions: {
vaultOptions: {
token: '<TOKEN>',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'myproject'
}
})
The path to the secrets engine. Defaults to 'secret'.
If this flag is set to true, will read from the Vault using KV Secrets Engine - Version 1. Defaults to false.
How to use the plugin with kv-v1:
fastify.register(FastifySecretsHashiCorp, {
secrets: {
dbPassword: {
name: 'database',
key: 'password'
}
},
clientOptions: {
vaultOptions: {
token: '<TOKEN>',
endpoint: 'http://127.0.0.1:8200'
},
mountPoint: 'myproject',
useKVv1: true
}
})
Initialisation options that are sent to node-vault, typed as VaultOptions.
The most important being:
secrets/ (or at the provided mountPoint in options) and us using either KV Secrets Engine - Version 2 or KV Secrets Engine - Version 1 (with useKVv1 option set to true)We assume that the kv-v2 secrets engine is being used. If vault is started in dev mode (vault server -dev) it defaults to the kv-v2 engine, mounted at secrets/. In order to use the dev server, with kv-v1, you need to remove it and mount a kv-v1 secrets provider instead:
VAULT_ADDR='http://127.0.0.1:8200' vault secrets disable secret
VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -version=1 -path=secret kv
Or alternatively, mount kvv1 on a different path, without removing the kv-v2 engine.
VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -version=1 -path=kvv1 kv
See CONTRIBUTING.md
Copyright NearForm Ltd 2021. Licensed under the Apache-2.0 license.
FAQs
Fastify secrets plugin for HashiCorp Vault
The npm package fastify-secrets-hashicorp receives a total of 2 weekly downloads. As such, fastify-secrets-hashicorp popularity was classified as not popular.
We found that fastify-secrets-hashicorp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.