Introduction to node-vault
Node-vault is a client module for the popular HashiCorp Vault, designed to work seamlessly with Node.js applications. It enables developers to interact with Vault programmatically, offering a vast API to manage secrets, encryption keys, and other secure data. Below you’ll find a comprehensive guide to using node-vault, complete with API examples and an application showcasing the introduced APIs.
Getting Started
To get started, first install node-vault via npm:
npm install node-vault --save
Then, require the module in your application:
const vault = require('node-vault')();
API Examples
1. Initialization
Initializing the vault client with custom options:
const options = {
apiVersion: 'v1', // default
endpoint: 'http://127.0.0.1:8200', // default
token: 'my-vault-token', // optional client token
};
const vault = require('node-vault')(options);
2. Writing a Secret
Write a secret to Vault:
vault.write('secret/hello', { value: 'world', lease: 3600 })
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
3. Reading a Secret
Read a secret from Vault:
vault.read('secret/hello')
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
4. Deleting a Secret
Delete a secret from Vault:
vault.delete('secret/hello')
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
5. Listing Secrets
List secrets in a specific path:
vault.list('secret')
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
6. Creating and Accessing Policies
Create a new policy:
const policy = {
rules: `
path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
`
};
vault.addPolicy('my-policy', policy)
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
Retrieve an existing policy:
vault.getPolicy('my-policy')
.then((result) => {
console.log(result);
})
.catch((err) => console.error(err));
Complete Application Example
Here’s a simple application that uses several Vault APIs:
const vault = require('node-vault')({
endpoint: 'http://127.0.0.1:8200',
token: 'my-vault-token',
});
async function run() {
try {
// Write a secret
await vault.write('secret/hello', { value: 'world' });
console.log('Secret written.');
// Read the secret
const secret = await vault.read('secret/hello');
console.log('Secret read:', secret);
// List secrets
const secretsList = await vault.list('secret');
console.log('Secrets list:', secretsList);
// Delete the secret
await vault.delete('secret/hello');
console.log('Secret deleted.');
// Add a policy
const policy = {
rules: `
path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
`
};
await vault.addPolicy('my-policy', policy);
console.log('Policy created.');
// Retrieve the policy
const retrievedPolicy = await vault.getPolicy('my-policy');
console.log('Policy retrieved:', retrievedPolicy);
} catch (err) {
console.error('Error:', err);
}
}
run();
Conclusion
Node-vault is a powerful tool for integrating HashiCorp Vault with your Node.js applications. By following this guide, you can manage secrets, policies, and other secure data programmatically, allowing for automated and secure handling of sensitive information. Implement these practices to enhance the security and flexibility of your applications.
Hash: 6375fe81144c3e401879b6bca1912f55cc7e4b8499c7fbd2ffb2b172c10011f1
