Have ideas to improve npm?Join in the discussion! »

    moleculer-vault
    TypeScript icon, indicating that this package has built-in type declarations

    0.1.0 • Public • Published

    Moleculer logo

    Build Status Coverage Status Codacy Badge Maintainability Known Vulnerabilities Run in Postman npm version

    Vault Service for the Moleculer framework

    This Services provides actions for communicating with a Vault Server. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. The goal of this package is to provide actions for accessing and managing secrets using a connected vault server.

    Features

    The following List details which features are implemented

    • Connect to the Vault on startup
    • Obtain the health status of the Vault
    • Mount Management
    • Write, Read and Delete Secrets from the Vault

    Roadmap

    The following List details which features will potentially be implemented

    • Seal and Unseal the Vault
    • Audit Management
    • Auth Management
    • Policy Management

    Install

    This package is available in the npm-registry. In order to use it simply install it with yarn (or npm):

    yarn add moleculer-vault

    Usage

    To make use of this Service, simply require it and create a new service:

    let { ServiceBroker } = require("moleculer");
    let VaultService = require("moleculer-vault");
     
    let broker = new ServiceBroker({ logger: console });
     
    // Create a service
    broker.createService({
        mixins: VaultService,
        settings: {
            endpoint: "http://my-vault:8200",
        }
    });
     
    // Start server
    broker.start().then(() => broker.call('vault.health'));

    For a more indepth example checkout out the examples folder. It includes a docker-compose file, running docker-compose up will boot a broker with a vault service and a vault server. All vault service actions are exposed on the API (which you should never do in real live!!!). You can run curl http://localhost:3000/vault/health for example. This project includes a published postman collection enabling you to quickly explore the service in your local environment.

    Settings

    Property Type Default Description
    apiVersion String required Which API Version of the Vault to use.
    endpoint String required Where to find the Vault.
    token String null Which token to use for authenticating against the Vault
    waitForInitializationAttempts Number required When starting, the service will connect to the Vault. When the Vault is not initialized, it will by default request the initialization status up to 5 times
    waitForInitializationInterval Number required When starting, the service will connect to the Vault. When the Vault is not initialized, it will by wait for 1 second before requesting the initialization status again

    Actions

    health

    Obtain the Vaults Health.

    Parameters

    Property Type Default Description

    No input parameters.

    Results

    Type: Object

    The Vaults Health Status.

    mounts

    Obtain all mounts of the Vault

    Parameters

    Property Type Default Description

    No input parameters.

    Results

    Type: Array.<Object>

    mount

    Mount a new secret store at a given path

    Parameters

    Property Type Default Description
    mount_point String required Specifies the path where the secrets engine will be mounted.
    type String required Specifies the type of the backend, such as "aws".
    description String - Specifies the human-friendly description of the mount.
    config Object - Specifies configuration options for this mount.
    options Object - Specifies mount type specific options that are passed to the backend.
    local Boolean false ENTERPRISE ONLY: Specifies if the secrets engine is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.
    seal_wrap Boolean false ENTERPRISE ONLY: Enable seal wrapping for the mount.

    Results

    Type: undefined

    remount

    Remount a mount to a different Path

    Parameters

    Property Type Default Description
    from String required Specifies the previous mount point.
    to String required Specifies the new destination mount point.

    Results

    Type: undefined

    unmount

    Unmount a mount from a path

    Parameters

    Property Type Default Description
    mount_point String required Specifies the path where the secrets engine will be mounted.

    Results

    Type: undefined

    write

    Write data to a Vault Backend

    Parameters

    Property Type Default Description
    path String required Specifies the path to write to
    data Object required The data to write. Schema of this object
        depends on the backend that is mounted at the given path |
    

    | requestOptions | Object | - | Additional request Options that are passed to the request-promise-native underneath |

    Results

    Type: Object

    Schema depends on the backend that is mounted at the given path

    read

    Write data from a Vault Backend

    Parameters

    Property Type Default Description
    path String required Specifies which data to read
    requestOptions Object - Additional request Options that
        are passed to the request-promise-native underneath |
    

    Results

    Type: Object

    Schema depends on the backend that is mounted at the given path

    list

    List data from a Vault Backend

    Parameters

    Property Type Default Description
    path String required Specifies which data to list
    requestOptions Object - Additional request Options that
        are passed to the request-promise-native underneath |
    

    Results

    Type: Object

    Schema depends on the backend that is mounted at the given path

    delete

    Delete data from a Vault Backend

    Parameters

    Property Type Default Description
    path String required Specifies which data to read
    requestOptions Object - Additional request Options that
        are passed to the request-promise-native underneath |
    

    Results

    Type: Object

    Schema depends on the backend that is mounted at the given path

    help

    Obtain help from a Vault Backend

    Parameters

    Property Type Default Description
    path String required Specifies for what to obtain help
    requestOptions Object - Additional request Options that
        are passed to the request-promise-native underneath |
    

    Results

    Type: Object

    Schema depends on the backend that is mounted at the given path

    Test

    $ docker-compose exec package yarn test
    

    In development with watching

    $ docker-compose up
    

    License

    moleculer-vault is available under the MIT license.

    Install

    npm i moleculer-vault

    DownloadsWeekly Downloads

    2

    Version

    0.1.0

    License

    MIT

    Unpacked Size

    49 kB

    Total Files

    48

    Last publish

    Collaborators

    • avatar