inextensodigital / vault-parameter-resolver
Resolve vault parameter in files.
Installs: 6
Dependents: 0
Suggesters: 0
Security: 0
Stars: 21
Watchers: 4
Forks: 2
Open Issues: 1
Type:standalone
Requires
- php: >=5.5
- guzzlehttp/guzzle: ~6.2
- symfony/config: ~3.2
- symfony/console: ~3.2
- symfony/finder: ~3.2
- symfony/yaml: ~3.2
This package is not auto-updated.
Last update: 2020-01-24 16:40:36 UTC
README
Vault by HashiCorp parameter resolver. A tool for managing secrets.
This application will resolve your vault parameters in files.
%vault(secret/mynamespace#myfield)%
will be replaced by the content of this command: vault read -field=myfield secret/mynamespace
Installation
wget --no-check-certificate https://github.com/inextensodigital/vault-parameter-resolver/raw/master/vault-parameter-resolver.phar
or
curl -O -sL https://github.com/inextensodigital/vault-parameter-resolver/raw/master/vault-parameter-resolver.phar
via composer
composer global require "inextensodigital/vault-parameter-resolver=~1.0"
VaultParameterResolver binary path: ~/.composer/vendor/bin/vault-parameter-resolver
Move it to bin
Required for deployment:
chmod +x vault-parameter-resolver.phar
mv vault-parameter-resolver.phar /usr/local/bin/vault-parameter-resolver
Commands
$ ./vault-parameter-resolver.phar resolve -f myfile.yml -f myfile2.txt # You can specify a configuration file $ ./vault-parameter-resolver.phar resolve -f myfile.yml -f myfile2.txt -c /path/to/my-config-file.yml # You can enter value when they are not exist. $ ./vault-parameter-resolver.phar resolve -f myfile.yml -f myfile2.txt --ask-if-not-found # You can check if all value is defined in vault or enter ir if missing. $ ./vault-parameter-resolver.phar check -f myfile.yml -f myfile2.txt
Configuration
If you don't define configuration, it'll use env variables VAULT_TOKEN
and VAULT_ADDR
.
You can use other backends via configuration file:
vault: host: "http://127.0.0.1:8200" auth: app_role: role_id: "%env(VAULT_ROLE_ID)%" secret_id: "%env(VAULT_SECRET_ID)%"
Backend auth supporteds:
- app_role
- ... please contribute.