Support converting Vault Secrets to diffrent formats.

Related tags

Utilities vault terraform hashicorp-vault
Overview

Vault Converter

License CI

Support converting Vault Secrets to different formats.

vault-converter is a tool designed to synchronize variables from local to Vault and vice versa.

Currently, vault-converter only supports files with the extension tfvars.

vault-converter uses Vault authentication method as userpass with fixed path userpass/. But you still can authenticate with token method by create a file contain client token at "$HOME/.vault_converter/token".

Secret Engine supports Key/Value Version 2 (kv2).

Installation

Binaries (recommended)

Download your preferred asset from the releases page and install manually.

Source code

# clone repo to some directory outside GOPATH
git clone https://github.com/vietanhduong/vault-converter

cd vault-converter

go mod download

go build .

Usage

Currently, vault-converter supports synchronize variables from Vault to local and vice versa.

$ vault-converter --help
Convert to file from Vault. Support multiple file format like '.tfvars', '.env'

Usage:
  vault-converter [flags]
  vault-converter [command]

Available Commands:
  auth        Authenticates users to Vault
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  pull        Pull secrets from Vault and convert to file
  push        Parse source file and push to Vault

Flags:
  -h, --help      help for vault-converter
  -v, --version   Print version information and exit. This flag is only available at the global level.

Use "vault-converter [command] --help" for more information about a command.

Authenticate

User authentication with Vault

$ vault-converter auth --help
Authenticates users to Vault using the provided arguments. 
Method using: 'userpass'. The path of 'userpass' should be 'userpass/'

Usage:
  vault-converter auth [flags]

Flags:
  -a, --address string    Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help              help for auth
  -p, --password string   The user's password. This can also be specified via the VAULT_PASSWORD environment variables.
  -u, --username string   The username to authenticate with Auth server. This can also be specified via the VAULT_USER environment variables.

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from Vault to local

When you pull variables from Vault to local. vault-convert automatically override the content to the output file. Keep it in mind, if you don't want your variables to disappear.

$ vault-converter pull --help
Pull secrets from Vault with specified secret path and convert to file.
SECRET_PATH should be a absolute path at Vault and the values should be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter pull SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -f, --format string    Output format (default "tfvars")
  -h, --help             help for pull
  -o, --output string    Output path. E.g: ~/data/variables.auto.tfvars (default "variables.auto.tfvars")

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from local to Vault

Sync variables from local to Vault. If the SECRET_PATH doesn't exist. vault-converter automatically create new path and push the content in there. But if the root path (secret engine path) does NOT exist, the request will be fail .

$ vault-converter push --help
Parse source file and push secrets to Vault.
Based on the extension of SOURCE_FILE to determine the file format. 
SECRET_PATH should be a absolute path at Vault and the values should 
be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter push SOURCE_FILE SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help             help for push

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.
You might also like...
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Opstree Container Kit 111 Oct 15, 2022
Sidecar container for injecting secrets into configuration files from Hashicorp Vault

talebearer noun A person who spreads scandal or tells secrets; gossip Note This code is not being actively developed, and has not seen substantial cha

Alex Forbes 0 Nov 1, 2021
Copy your HashiCorp Vault secrets to a file

Vault Backup ⚠️ Check the oficial way to backup your HashiCorp Vault. Create a backup file of all HashiCorp Vault kv2 secrets. ./vault-backup -help

Leonardo Comelli 7 Dec 20, 2022
Vaku is a CLI and API for running path- and folder-based operations on the Vault Key/Value secrets engine.
Vaku is a CLI and API for running path- and folder-based operations on the Vault Key/Value secrets engine.

Vaku Vaku is a CLI and API for running path- and folder-based operations on the Vault Key/Value secrets engine. Vaku extends the existing Vault CLI an

Sean Lingren 141 Nov 28, 2022
VaultOperator provides a CRD to interact securely and indirectly with secrets stored in Hashicorp Vault.

vault-operator The vault-operator provides several CRDs to interact securely and indirectly with secrets. Details Currently only stage 1 is implemente

finleap connect 3 Mar 12, 2022
:triangular_ruler:gofmtmd formats go source code block in Markdown. detects fenced code & formats code using gofmt.
:triangular_ruler:gofmtmd formats go source code block in Markdown. detects fenced code & formats code using gofmt.

gofmtmd gofmtmd formats go source code block in Markdown. detects fenced code & formats code using gofmt. Installation $ go get github.com/po3rin/gofm

po3rin 91 Oct 31, 2022
Formats discord tokens to different formats.
Formats discord tokens to different formats.

token_formatter Formats discord tokens to different formats. Features Format your current tokens to a new format! Every tool uses a different format f

post 14 Nov 3, 2022
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.6k Dec 23, 2022
Simplify Kubernetes Secrets Management with Dockhand Secrets Operator

dockhand-secrets-operator Secrets management with GitOps can be challenging in Kubernetes environments. Often engineers resort to manual secret creati

BoxBoat 15 Sep 28, 2022
Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Tit Petric 20 May 6, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

null 2 Sep 30, 2022
An operator to support Haschicorp Vault configuration workflows from within Kubernetes
An operator to support Haschicorp Vault configuration workflows from within Kubernetes

Vault Config Operator This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets

Red Hat Communities of Practice 48 Dec 19, 2022
Fast and secure standalone server for resizing and converting remote images

imgproxy imgproxy is a fast and secure standalone server for resizing and converting remote images. The main principles of imgproxy are simplicity, sp

imgproxy 6.8k Jan 1, 2023
go-jsonc provides a way to work with commented json by converting it to plain json.

JSON with comments for GO Decodes a "commented json" to "json". Provided, the input must be a valid jsonc document. Supports io.Reader With this, we c

Akshay Bharambe 9 Apr 6, 2022
A Go package converting a monochrome 1-bit bitmap image into a set of vector paths.
A Go package converting a monochrome 1-bit bitmap image into a set of vector paths.

go-bmppath Overview Package bmppath converts a monochrome 1-bit bitmap image into a set of vector paths. Note that this package is by no means a sophi

tunabay 2 Mar 22, 2022
A command line tool for quickly converting Unix timestamps to human readable form.

stamp A command line tool to quickly format a Unix timestamp in a human-readable form. Installation Go is required to build this software. To just bui

Ricco Førgaard 1 Oct 30, 2021
Golang library for converting Markdown to HTML. Good documentation is included.

md2html is a golang library for converting Markdown to HTML. Install go get github.com/wallblog/md2html Example package main import( "github.com/wa

null 0 Jan 11, 2022
An excellent tool for converting json files to structs or classes in any programming language.
An excellent tool for converting json files to structs or classes in any programming language.

Explore Usage » Report Bug · Request Feature Table of Contents About The Project Supported Languages Getting Started Usage Parameters Set Up Your Own

ez4o 14 Dec 10, 2022
BuildKit - A toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner
BuildKit - A toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner

BuildKit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: Automati

CrazyMax 5 Feb 19, 2022
Comments
  • Fix convert HCL to JSON in HCL v1 library

    Fix convert HCL to JSON in HCL v1 library

    There is an issue exist on HCL v1 when you convert HCL to JSON.

    # Input tfvars
default_user = {
  username = "username"
  password = "password"
}

    Expected output

    {
  "default_user": {
    "username": "username",
    "password": "password"
  }
}

    Actual output

    {
  "default_user": [{
    "username": "username",
    "password": "password"
  }]
}

    That issue was fixed by switch to HCL v2 library.

    opened by vietanhduong 0
  • Support ENV format

    Support ENV format

    Support env format

    • The secrets should be in flat format (string, number, boolean).
    • By default, if the value contains special characters, it will be place in double quote.
    • The input file should be ended with .env
    opened by vietanhduong 0
Releases(v0.3.1)
Owner
Viet-Anh Duong
The Techlead... in future
Viet-Anh Duong
GitHub
An API that provides a small but well-thought service converting Euro to US Dollar and vice-versa

Currency Converter ###Problem An API that provides a small but well-thought service converting Euro to US Dollar and vice-versa. That API should only

Akshay Nambiar 0 Jan 30, 2022
go-sundheit:A library built to provide support for defining service health for golang services

A library built to provide support for defining service health for golang services. It allows you to register async health checks for your dependencies and the service itself, and provides a health endpoint that exposes their status.

AppsFlyer 505 Dec 27, 2022
simple i18n support that relies on standard go libraries

The i18n package mainly includes a set of methods for managing the data. Start by creating a en.json file.

Alvaro Jose Lobaton Restrepo 4 Jun 29, 2021
A comphrehensive tool for converting between data table formats

tblconv A simple tool for converting one "table" format into another. Supported Formats CSV source output Excel source output SQL source output CLI Fe

null 0 May 30, 2022
A Go package for converting RGB and other color formats/colorspaces into DMC thread colors (DMC color name and floss number)

go-c2dmc A Go package for converting RGB and other color formats/colorspaces into DMC thread colors (DMC color name and floss number). Implemented as

null 6 Jul 25, 2022
vault-init is a small utility for automating the initialization and unsealing of HashiCorp Vault.

vault-init vault-init is a small utility for automating the initialization and unsealing of HashiCorp Vault. It draws inspiration from kelseyhightower

Jace Tan 27 Aug 17, 2022
vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

Mike McRill 6 Jul 5, 2021
vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault.

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

null 0 Jul 30, 2021
Vault mock - Mock of Hashicorp Vault used for unit testing

vault_mock Mock of Hashicorp Vault used for unit testing Notice This is a person

Elliot Rotenstein 0 Jan 19, 2022
sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. (demo)

Mozilla 11.7k Jan 9, 2023