npm
Sign UpSign In

@financial-times/vaultenv

2.0.0 • Public • Published

vaultenv CircleCI

Load vars from Vault straight into process.env

  1. Get started with Vault
  2. npm i -D @financial-times/vaultenv

FYI: use vaultenv for dev and ip-vault-sync for prod

Two ways of skinning a cat

1. Sync

Sync requires all configuration to be in the environment before the call to Vault is made.

Put this in your "dev script" in your package.json
VAULT_PATH=secret/teams/<your team>/<your thing>/<environment> node --require @financial-times/vaultenv
If you want to physically see your env vars printing out
  • add DEBUG=* at the beginning and
  • -pe 'console.log()' at the end of your "dev script"
Required variables
  • VAULT_ADDR - the address of the vault instance
  • VAULT_AUTH_GITHUB_TOKEN - your github personal token
  • VAULT_PATH - the full path to the secrets in vault (e.g. secret/teams/ateam/murdoch/production)
    • Without VAULT_PATH, the path is made up of npm_package_team, npm_package_name and the environment is derived from CI and NODE_ENV
      • When CI is true, the env will be continuous-integration
      • When NODE_ENV is set, then its value will be used, otherwise it's development
The vars below are for appRole auth and can be used instead of GitHub auth
  • VAULT_AUTH_ROLE_ID - a role id for approle authentication
  • VAULT_AUTH_SECRET_ID - a secret id for approle authentication
Optional variables
  • VAULT_OVERRIDE_EXISTING - can be set in the environment or within the secrets in vault
    • When VAULT_OVERRIDE_EXISTING is true, vault will override the existing environment variables
    • When VAULT_OVERRIDE_EXISTING is false (default), vault will not override the existing environment variables

2. Async

This can be used during start up or while an app is running
const vault = require('@financial-times/vaultenv/async');
const start = async () => {
  const vars = await vault('https://vault.instance', 'github token', '/path/to/secrets');
  console.log(`env loaded: ${vars}`);
};
start();

Development

vaultenv is an npm package, which is published whenever a tagged commit is created.

The easiest way to do this is to create a PR, make your changes and once approved:

  • Merge the PR to the main branch.
  • Draft a new release in GitHub.
  • Click choose a tag then create a new tag, for example:
    • v1.0.3
  • Give your release a title and description of the changes.
  • Click publish release.

This will automatically trigger a publish in CircleCI, which will use the version of your release as the package version in NPM.

Readme

Keywords

none

Package Sidebar

Install

npm i @financial-times/vaultenv

Repository

github.com/financial-times/vaultenv

Homepage

github.com/financial-times/vaultenv#readme

Weekly Downloads

13

Version

2.0.0

License

MIT

Unpacked Size

14.1 kB

Total Files

11

Last publish

Collaborators

  • robertboulton
  • seraph2000
  • hamza.samih
  • notlee
  • emmalewis
  • aendra
  • the-ft
  • rowanmanning
  • chee
  • alexwilson
Try on RunKit
Report malware