Node.js Vault Client
A Vault Client implemented in pure javascript for HashiCorp Vault. It supports variety of Auth Backends and performs lease renewal for issued auth token.
Install
npm install --save node-vault-clientExample
const VaultClient = require('node-vault-client');
const vaultClient = VaultClient.boot('main', {
api: { url: 'https://vault.example.com:8200/' },
auth: {
type: 'appRole', // or 'token', 'iam'
config: { role_id: '637c065f-c644-5e12-d3d1-e9fa4363af61' }
},
});
vaultClient.read('secret/tst').then(v => {
console.log(v);
}).catch(e => console.error(e));Supported Auth Backends
API
VaultClient
- VaultClient
- new VaultClient(options)
- instance
- .fillNodeConfig()
- .read(path) ⇒
Promise.<Lease> - .list(path) ⇒
Promise.<Lease> - .write(path, data) ⇒
Promise.<(T|never)>
- static
new VaultClient(options)
Client constructor function.
| Param | Type | Default | Description | |
|---|---|---|---|---|
| options | Object |
|||
| options.api | Object |
|||
| options.api.url | String |
the url of the vault server | ||
| [options.api.apiVersion] | String |
v1 |
||
| options.auth | Object |
|||
| options.auth.type | String |
|||
| options.auth.config | Object |
auth configuration variables | ||
| options.logger | Object |
false |
Logger that supports "error", "info", "warn", "trace", "debug" methods. Uses console by default. Pass false to disable logging. |
vaultClient.fillNodeConfig()
Populates Vault's values to NPM "config" module
Kind: instance method of VaultClient
vaultClient.read(path) ⇒ Promise.<Lease>
Read secret from Vault
Kind: instance method of VaultClient
| Param | Type | Description |
|---|---|---|
| path | string |
path to the secret |
vaultClient.list(path) ⇒ Promise.<Lease>
Retrieves secrets list
Kind: instance method of VaultClient
| Param | Type | Description |
|---|---|---|
| path | string |
path to the secret |
vaultClient.write(path, data) ⇒ Promise.<(T|never)>
Writes data to Vault
Kind: instance method of VaultClient
| Param | Type | Description |
|---|---|---|
| path | path used to write data | |
| data | object |
data to write |
VaultClient.boot(name, [options]) ⇒
Boot an instance of Vault
The instance will be stored in a local hash. Calling Vault.boot multiple times with the same name will return the same instance.
Kind: static method of VaultClient
Returns: Vault
| Param | Type | Description |
|---|---|---|
| name | String |
Vault instance name |
| [options] | Object |
options for Vault#constructor. |
VaultClient.get(name) ⇒
Get an instance of Vault
The instance will be stored in a local hash. Calling Vault.pop multiple times with the same name will return the same instance.
Kind: static method of VaultClient
Returns: Vault
| Param | Type | Description |
|---|---|---|
| name | String |
Vault instance name |
VaultClient.clear([name])
Clear named Vault instance
If no name passed all named instances will be cleared.
Kind: static method of VaultClient
| Param | Type | Description |
|---|---|---|
| [name] | String |
Vault instance name, all instances will be cleared if no name were passed |