Kenshi Vault Helpers
This library wraps the node-vault
Node.js library, adding a few useful functions
to make life easier inside the Kenshi aws flow.
Install
Install with
npm i -S @kenshi.io/aws-vault
Environment Variables
The following environment variables are availabe for configuration:
-
VAULT_ADDR
: Address of the vault -
VAULT_IAM_ROLE
: AWS IAM role to use for auth -
AWS_ACCESS_KEY_ID
: AWS access key (Available by default on Lambda, not needed on EC2) -
AWS_SECRET_ACCESS_KEY
: AWS secret access key (Available by default on Lambda, not needed on EC2) -
AWS_SESSION_TOKEN
: AWS session (Available by default on Lambda, not needed on EC2)
Methods
The following methods are available:
-
lib/auth/ec2.js/default
: Login function to be used on EC2 instances. -
lib/auth/iam.js/default
: Login function to be used on Lambda or other resources with IAM. -
lib/auth/approle.js/default
: Login function to be used with approle credentials. -
lib/auth/approle.js/wrapped
: Login function to be used with wrapped approle credentials. -
lib/auth/approle.js/unwrapped
: Login function to be used with unwrapped approle credentials. -
lib/wrap.js/getWrappedApproleSecretId
: Get a Cubbyhole wrapped token for an Approle secret id. -
lib/wrap.js/getWrappedApproleRoleId
: Get a Cubbyhole wrapped token for an Approle role id.
Read the function definitions for available options.
Other exports
-
index.js/vault
: A Vault instance already intialized, that works with the above methods.