@financial-times/vaultenv

a script to sync vault variables

Stats

StarsIssuesVersionUpdatedCreatedSize
@financial-times/vaultenv
0.3.3a year ago3 years agoMinified + gzip package size for @financial-times/vaultenv in KB

Readme

vaultenv

Load vars from Vault straight into process.env

  1. Get started with Vault
  2. npm i -D @financial-times/vaultenv

FYI: use vaultenv for dev and ip-vault-sync for prod

Two ways of skinning a cat

1. Sync

Sync requires all configuration to be in the environment before the call to Vault is made.

Put this in your "dev script" in your package.json:
VAULT_PATH=secret/teams/<your team>/<your thing>/<environment> node --require @financial-times/vaultenv
If you want to physically see your env vars printing out
  • add DEBUG=* at the beginning and
  • -pe 'console.log()' at the end of your "dev script"
Required variables:
  • VAULT_ADDR - the address of the vault instance
  • VAULT_AUTH_GITHUB_TOKEN - your github personal token
  • VAULT_PATH - the full path to the secrets in vault (e.g. secret/teams/ateam/murdoch/production)
    • Without VAULT_PATH, the path is made up of npm_package_team, npm_package_name and the environment is derived from CI and NODE_ENV
      • When CI is true, the env will be continuous-integration
      • When NODE_ENV is set, then its value will be used, otherwise it's development
The vars below are for appRole auth and can be used instead of GitHub auth:
  • VAULT_AUTH_ROLE_ID - a role id for approle authentication
  • VAULT_AUTH_SECRET_ID - a secret id for approle authentication
Optional variables:
  • VAULT_OVERRIDE_EXISTING - can be set in the environment or within the secrets in vault
    • When VAULT_OVERRIDE_EXISTING is true, vault will override the existing environment variables
    • When VAULT_OVERRIDE_EXISTING is false (default), vault will not override the existing environment variables

2. Async

This can be used during start up or while an app is running:
const vault = require('@financial-times/vaultenv/async');
const start = async () => {
  const vars = await vault('https://vault.instance', 'github token', '/path/to/secrets');
  console.log(`env loaded: ${vars}`);
};
start();

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.