Coder Social home page Coder Social logo

ibice / vault-init-aws-raft Goto Github PK

View Code? Open in Web Editor NEW

This project forked from caquino/vault-init-aws

0.0 0.0 0.0 2.62 MB

Automate the initialization and unsealing of HashiCorp Vault with Raft storage on Amazon Web Services.

License: Apache License 2.0

Go 73.99% Dockerfile 1.99% HCL 24.02%

vault-init-aws-raft's Introduction

vault-init-aws-raft

This is a modified version of vault-init-aws to store the Vault secret configuration in an AWS Secrets Manager secret. The project has also been moderized to use Go modules and aws-sdk-go-v2 and support Vault running in Raft mode.

The vault-init service automates the process of initializing and unsealing HashiCorp Vault instances running on Amazon Web Services.

After vault-init initializes a Vault server it stores master keys and root tokens, encrypted using AWS Key Management Service, to a user defined Amazon S3 bucket.

Usage

The vault-init service is designed to be run alongside a Vault server and communicate over local host.

See the example Terraform project for a complete example including required IAM policies.

Configuration

The vault-init service supports the following environment variables for configuration:

Env Description
LOG_LEVEL Application log level. Set to -4 to see debug messages.
SECRETSMANAGER_SECRET_ID AWS Secrets Manager secret ARN to store information. It must exist, the application does not create it automatically.
CHECK_INTERVAL Interval between status check requests to Vault (with units). Defaults to 10s.
VAULT_SECRET_SHARES Vault secret shares for initialization, defaults to 5.
VAULT_SECRET_THRESHOLD Vault secret threshold for unsealing, defaults to 3.
RAFT_LEADER_API_ADDR URL of the Vault leader to bootstrap Raft followers (e.g. http://vault-0.vault.svc).
RAFT_LEADER_CA_CERT Raft leader CA cert if TLS is used. To read from a file, use the format @<file-path>.
RAFT_LEADER_CLIENT_CERT Raft leader client cert if TLS is used. To read from a file, use the format @<file-path>.
RAFT_LEADER_CLIENT_KEY Raft leader client key if TLS is used. To read from a file, use the format @<file-path>.

The AWS SDK client can be configured using environment variables. See:

The HashiCorp Vault API client can be configured using environment variables. See:

vault-init-aws-raft's People

Contributors

ibice avatar caquino avatar artemu avatar arecker avatar kelseyhightower avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.