Support converting Vault Secrets to diffrent formats.

Overview

Vault Converter

License CI

Support converting Vault Secrets to different formats.

vault-converter is a tool designed to synchronize variables from local to Vault and vice versa.

Currently, vault-converter only supports files with the extension tfvars.

vault-converter uses Vault authentication method as userpass with fixed path userpass/. But you still can authenticate with token method by create a file contain client token at "$HOME/.vault_converter/token".

Secret Engine supports Key/Value Version 2 (kv2).

Installation

Binaries (recommended)

Download your preferred asset from the releases page and install manually.

Source code

# clone repo to some directory outside GOPATH
git clone https://github.com/vietanhduong/vault-converter

cd vault-converter

go mod download

go build . 

Usage

Currently, vault-converter supports synchronize variables from Vault to local and vice versa.

$ vault-converter --help
Convert to file from Vault. Support multiple file format like '.tfvars', '.env'

Usage:
  vault-converter [flags]
  vault-converter [command]

Available Commands:
  auth        Authenticates users to Vault
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  pull        Pull secrets from Vault and convert to file
  push        Parse source file and push to Vault

Flags:
  -h, --help      help for vault-converter
  -v, --version   Print version information and exit. This flag is only available at the global level.

Use "vault-converter [command] --help" for more information about a command.

Authenticate

User authentication with Vault

$ vault-converter auth --help
Authenticates users to Vault using the provided arguments. 
Method using: 'userpass'. The path of 'userpass' should be 'userpass/'

Usage:
  vault-converter auth [flags]

Flags:
  -a, --address string    Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help              help for auth
  -p, --password string   The user's password. This can also be specified via the VAULT_PASSWORD environment variables.
  -u, --username string   The username to authenticate with Auth server. This can also be specified via the VAULT_USER environment variables.

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from Vault to local

When you pull variables from Vault to local. vault-convert automatically override the content to the output file. Keep it in mind, if you don't want your variables to disappear.

$ vault-converter pull --help
Pull secrets from Vault with specified secret path and convert to file.
SECRET_PATH should be a absolute path at Vault and the values should be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter pull SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -f, --format string    Output format (default "tfvars")
  -h, --help             help for pull
  -o, --output string    Output path. E.g: ~/data/variables.auto.tfvars (default "variables.auto.tfvars")

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.

Sync variables from local to Vault

Sync variables from local to Vault. If the SECRET_PATH doesn't exist. vault-converter automatically create new path and push the content in there. But if the root path (secret engine path) does NOT exist, the request will be fail .

$ vault-converter push --help
Parse source file and push secrets to Vault.
Based on the extension of SOURCE_FILE to determine the file format. 
SECRET_PATH should be a absolute path at Vault and the values should 
be in JSON format.
Supports the following formats: "tfvars"

Usage:
  vault-converter push SOURCE_FILE SECRET_PATH [flags]

Flags:
  -a, --address string   Address of the Auth server. This can also be specified via the VAULT_ADDR environment variable. (default "https://dev-vault.knstats.com")
  -h, --help             help for push

Global Flags:
  -v, --version   Print version information and exit. This flag is only available at the global level.
Issues
  • Support ENV format

    Support ENV format

    Support env format

    • The secrets should be in flat format (string, number, boolean).
    • By default, if the value contains special characters, it will be place in double quote.
    • The input file should be ended with .env
    opened by vietanhduong 0
Releases(0.2.0)
Owner
Viet-Anh Duong
The Techlead... in future
Viet-Anh Duong
Split multiple Kubernetes files into smaller files with ease. Split multi-YAML files into individual files.

Split multiple Kubernetes files into smaller files with ease. Split multi-YAML files into individual files.

Patrick D'appollonio 0 Oct 21, 2021
Split multiple Kubernetes files into smaller files with ease. Split multi-YAML files into individual files.

kubectl-slice: split Kubernetes YAMLs into files kubectl-slice is a neat tool that allows you to split a single multi-YAML Kubernetes manifest into mu

Patrick D'appollonio 12 Oct 25, 2021
Utility functions for work with the Kubernetes Go-Client

go-k8s-utils This repository contains utils for the work with Kubernetes, in specific with the go-client library. Testing This package contains utils

Christoph Stäbler 0 Oct 6, 2021
EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

Edgeless Systems GmbH 182 Oct 14, 2021
A full-featured license tool to check and fix license headers and resolve dependencies' licenses.

SkyWalking Eyes A full-featured license tool to check and fix license headers and resolve dependencies' licenses. Usage You can use License-Eye in Git

The Apache Software Foundation 54 Oct 23, 2021
Cross-platform Bluetooth API for Go and TinyGo.

Go Bluetooth is a cross-platform package for using Bluetooth Low Energy hardware from the Go programming language.

TinyGo 309 Oct 21, 2021
simple GitHub action to parse Markdown Links into a .yaml file for Hugo

Obsidian Link Scrapper Used by Quartz This repository comes to you in two parts. GitHub Action (scrapes links into a .yml file) Hugo Partial (turns .y

Jacky Zhao 10 Oct 6, 2021
⚖️ A tool for transpiling C to Go.

A tool for converting C to Go. The goals of this project are: To create a generic tool that can convert C to Go. To be cross platform (linux and mac)

Elliot Chance 1.7k Oct 17, 2021
Localizer: convenient localization for Go

Localizer: convenient localization for Go Localizer intends to make it easy for you to work with locales in Go. It was inspired by many good tools tha

Jon 27 Sep 29, 2021
.NET LINQ capabilities in Go

go-linq A powerful language integrated query (LINQ) library for Go. Written in vanilla Go, no dependencies! Complete lazy evaluation with iterator pat

Ahmet Alp Balkan 2.7k Oct 17, 2021
Code generation tools for Go.

interfaces Code generation tools for Go's interfaces. Tools available in this repository: cmd/interfacer cmd/structer cmd/interfacer Generates an inte

Rafal Jeczalik 309 Oct 16, 2021
a tool for creating exploited media files for discord

Discord-Exploits A program for creating exploited media files for discord written in Go. Usage discord-exploits is a command line utility, meaning you

schmenn 213 Oct 20, 2021
Vex is a variable-length, lexicographically-sortable hex format for uint64 values

Vex is a variable-length, lexicographically-sortable hex format for uint64 values. It can be used instead of fmt.Sprintf("%016x", v) for shorter s

Ben Johnson 14 Mar 22, 2021
safe and easy casting from one type to another in Go

cast Easy and safe casting from one type to another in Go Don’t Panic! ... Cast What is Cast? Cast is a library to convert between different go types

Steve Francia 1.8k Oct 19, 2021
Go library for decoding generic map values into native Go structures and vice versa.

mapstructure mapstructure is a Go library for decoding generic map values to structures and vice versa, while providing helpful error handling. This l

Mitchell Hashimoto 5k Oct 22, 2021
Go package to generate and manage color palettes & schemes 🎨

Go package to generate and manage color palettes & schemes

Christian Muehlhaeuser 443 Oct 23, 2021
GoLang port of Google's libphonenumber library

phonenumbers golang port of Google's libphonenumber, forked from libphonenumber from ttacon which in turn is a port of the original Java library. You

null 549 Oct 13, 2021
Collection of unusual generics usecases in Go

Unusual Generics Type parameters or Generics in Go designed to reduce boilerplate for container data types like lists, graphs, etc. and functions like

Vladimir Stolyarov 39 Oct 15, 2021
Gene parsing package for Axie Infinity

agp Package agp is a gene parsing package for Axie Infinity. The name agp stands for "Axie Gene Parser" which decodes the hex representation of an Axi

Shane Maglangit 16 Oct 15, 2021