Code Monkey home page Code Monkey logo

vaultsecretstool's Introduction

Vault Secrets Tool

Overview

The tool can be used to write secrets from a local file to the dev, staging and production HC Vault store.

Secrets will be stored in a lastpass entry as properly formatted text and will be copied manually from lastpass to the local file.

Usage

Run the tool by executing the following command from the base directory:

dotnet run --project .\src\VaultSecretsTool

Prerequisites

Access to the selected HC Vault server is required by the tool. This needs to be provided by the person running the tool.

The secrets is meant to be a json containing one top level object with arbitrary number of string properties. This object is internally mapped to a Dictionary<string,string> to ensure consistency.

Configuration

Application is configured using global appsettings.json and optional personalized appsettings.Local.json, which can be created out of the template appsettings.Local.json.template.

Configurable custom options:

  • used environment
  • username
  • password
  • local secrets json file path

Scenario

The tool authenticates the user. If the personalized configuration is not available, user is asked to input required configuration, i.e. used HC Vault environment (Development, Staging or Production) and LDAP user credentials (username and password).

In the next step, the tool loads json file containing credentials to be written. The file to be loaded is selected using the following procedure:

  • if the secrets local file path is configured, load the file defined by the configured location
  • otherwise list all json files from the working directory and let the user choose which one to select, or
  • optionally let the user enter the full file path to the json file with secrets

Secrets are then written to the HC Vault.

Finally, the used configuration options are saved to the copy of appsettings.Local.json, which is used the next time the program is started. Prior saving the config, the user is asked whether to save password along with another configuration options.

If some custom option is configured when executing the tool, its value is printed on input request and the user can confirm the value by hitting Enter without re-entering the value.

Architecture

  • .NET 5 CLI application
  • connecting to the HC Vault REST API
  • defaults for all inputs can be configured in the local application config (i.e. appsettings.Local.json)

vaultsecretstool's People

Watchers

Miroslav Šimko avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.