node-vault

A modern JavaScript client for HashiCorp's Vault with a focus on ease-of-use.

Notable features

• Mostly type-safe
• Highly extendable and configurable

📦 Installation

npm install @litehex/node-vault

📖 Usage

Init and unseal vault

import { Client } from '@litehex/node-vault';

// Get a new instance of the client
const vc = new Client({
  apiVersion: 'v1', // default
  endpoint: 'http://127.0.0.1:8200', // default
  token: 'hv.xxxxxxxxxxxxxxxxxxxxx' // Optional in case you want to initialize the vault
});

// Init vault
const init = await vc.init({ secret_shares: 1, secret_threshold: 1 });
console.log(init); // { keys: [ ... ], keys_base64: [ ... ], ... }

// Set token
const { keys, root_token } = init;
vc.token = root_token;

const unsealed = await vc.unseal({ key: keys[0] });

console.log(unsealed); // { type: 'shamir', initialized: true, sealed: false, ... }

Create Key/Value V2 engine

const mounted = await vc.mount({
  mountPath: 'my-secret',
  type: 'kv-v2'
});

console.log(mounted); // true

const info = await vc.engineInfo({ mountPath: 'my-secret' });

console.log(info); // { type: 'kv', options: { version: '2' }, ... }

Write, read and delete secrets

const mountPath = 'my-secret';
const path = 'hello';

const write = await vc.kv2.write({
  mountPath,
  path,
  data: { foo: 'bar' }
});
console.log(write); // { request_id: '...', lease_id: '...', ... }

const read = await vc.kv2.read({ mountPath, path });
console.log(read); // { request_id: '...', lease_id: '...', ... }

const deleted = await vc.kv2.deleteLatest({ mountPath, path });
console.log(deleted); // true

Check out the examples and tests directory for more examples.

📚 Documentation

For all configuration options, please see the API docs.

🤝 Contributing

You can contribute to this project by opening an issue or a pull request on GitHub. Feel free to contribute, we care about your ideas and suggestions.

Relevant

• HashiCorp's Vault API docs
• Minimal CLI for K/V V2 engine

License

GPL-3.0 © Shahrad Elahi