node-vault
Advanced tools
The node-vault npm package is a client library for interacting with HashiCorp's Vault, a tool for securely accessing secrets. It allows developers to programmatically manage secrets, encryption keys, and other sensitive data.
Authentication
This feature allows you to authenticate with the Vault server. The code sample demonstrates how to list all the authentication methods enabled in Vault.
const vault = require('node-vault')({ endpoint: 'http://127.0.0.1:8200' });
vault.auths().then((result) => {
console.log(result);
}).catch(console.error);Secrets Management
This feature allows you to store and retrieve secrets. The code sample demonstrates how to write a secret to the Vault.
const vault = require('node-vault')({ endpoint: 'http://127.0.0.1:8200', token: 'my-token' });
vault.write('secret/data/mysecret', { data: { key: 'value' } }).then((result) => {
console.log(result);
}).catch(console.error);Dynamic Secrets
This feature allows you to generate dynamic secrets, such as database credentials. The code sample demonstrates how to read dynamic database credentials from Vault.
const vault = require('node-vault')({ endpoint: 'http://127.0.0.1:8200', token: 'my-token' });
vault.read('database/creds/my-role').then((result) => {
console.log(result);
}).catch(console.error);Encryption as a Service
This feature allows you to use Vault's encryption capabilities. The code sample demonstrates how to encrypt data using a named encryption key in Vault.
const vault = require('node-vault')({ endpoint: 'http://127.0.0.1:8200', token: 'my-token' });
vault.encryptData({ name: 'my-key', plaintext: Buffer.from('my-secret').toString('base64') }).then((result) => {
console.log(result);
}).catch(console.error);The aws-sdk package is the official AWS SDK for JavaScript, which includes support for AWS Secrets Manager. It allows you to store, retrieve, and manage secrets in AWS. Compared to node-vault, aws-sdk is more focused on AWS services and offers a broader range of functionalities beyond secrets management.
The azure-keyvault package is a client library for Azure Key Vault, which provides secure storage of secrets, keys, and certificates. It offers similar functionalities to node-vault but is specific to the Azure ecosystem. It is ideal for developers working within the Azure cloud environment.
A client for the HTTP API of HashiCorp's Vault written for Node.js.
npm install node-vault
vault = require("node-vault")();
vault.init({ secret_shares: 1, secret_threshold: 1 }, function(err, result) {
var keys = result.keys;
vault.token = result.root_token;
vault.unseal({ secret_shares: 1, key: keys[0] }, function(err, result) {
// Done
});
});
vault.write('secret/hello', { value: 'world', lease: '1s' }, function(err, result) {
vault.read('secret/hello', function(err, result) {
vault.delete('secret/hello', function(err, result) {
});
});
});
Please have a look at the examples for a list of implemented features.
git clone git@github.com:kr1sp1n/node-vault.git
cd node-vault
npm install
Instead of installing all the dependencies like vault itself, postgres and other stuff you can use docker and docker-compose to link and run multiple docker containers with all of its dependencies.
The setup for node-vault is defined in a single file: docker-compose.yml. To run the examples you need to install the docker toolbox first.
A best practice is to add the dockerhost to /etc/hosts:
echo "$(docker-machine ip default) dockerhost" | sudo tee -a /etc/hosts
and to add the env variables of the docker machine via:
eval "$(docker-machine env default)"
This line could also be added to you local .bashrc or whatever shell you are using.
Please set the endpoint of the vault server to the dockerhost:
export VAULT_ADDR=http://dockerhost:8200
To start just run:
docker-compose up
First of all you should initialize and unseal the vault:
$(npm bin)/coffee example/init.coffee
You should see root_token: followed by a long key in the response.
Please copy that long key and export it as environment variable:
export VAULT_TOKEN=<insert long key here>
Now you are able to run all of the other examples:
$(npm bin)/coffee example/policies.coffee
FAQs
Javascript client for HashiCorp's Vault
The npm package node-vault receives a total of 137,169 weekly downloads. As such, node-vault popularity was classified as popular.
We found that node-vault demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.