UNPKG

hashi-vault-js

Version:

A node.js module to interact with the Hashicorp Vault API.

github.com/rod4n4m1/hashi-vault-js

rod4n4m1/hashi-vault-js

144 lines (135 loc) 5.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
//Simple test // source process.env // node Token-smoke-test.js const ClientCert = process.env.CLIENT_CERT; const ClientKey = process.env.CLIENT_KEY; const CACert = process.env.CA_CERT; const VaultUrl = process.env.VAULT_URL; const RootPath = process.env.ROOT_PATH; const ProvToken = process.env.VAULT_PROV_TOKEN; const Metadata = { tag1: "knight-vault", tag2: "smoke-test" }; const Vault = require('../Vault'); const vault = new Vault( { https: true, cert: ClientCert, key: ClientKey, cacert: CACert, baseUrl: VaultUrl, rootPath: RootPath, timeout: 1000, proxy: false }); let token= ''; let accessor = ''; vault.listAccessors(ProvToken).then(function(data){ console.log('> listAccessors output: \n', data); }).catch(function(accessorError){ console.error('listAccessors error: \n',accessorError); }); vault.lookupToken(ProvToken, ProvToken).then(function(data){ console.log('> ProvToken - lookupToken output: \n', data); }).catch(function(lookupError){ console.error('lookupToken error: \n',lookupError); }); vault.createToken(ProvToken, { role_name: 'knight', meta: Metadata, ttl: '1h', type: 'batch', policies: 'default', }).then(function(data){ console.log('> Batch Token - createToken output: \n', data); token=data.client_token; accessor=data.accessor; vault.lookupAccessor(ProvToken, accessor).then(function(data){ console.log('>> Batch Token - lookupAccessor output: \n', data); vault.renewAccessor(ProvToken, accessor).then(function(data){ console.log('>>> Batch Token - renewAccessor output: \n', data); vault.revokeAccessor(ProvToken, accessor).then(function(data){ console.log('>>>> Batch Token - revokeAccessor output: \n', data); }).catch(function(revokeError){ console.error('>>>> Batch Token - revokeAccessor error: \n',revokeError); }); }).catch(function(renewError){ console.error('>>> Batch Token - renewAccessor error: \n',renewError); }); }).catch(function(accessorError){ console.error('>> Batch Token - lookupAccessor error: \n',accessorError); }); }).catch(function(createError){ console.error('> Batch Token - createToken error: \n',createError); }); vault.createToken(ProvToken, { role_name: 'knight', meta: Metadata, ttl: '1h', policies: 'default', }).then(function(data){ console.log('Service Token - createToken output: \n', data); token=data.client_token; vault.lookupSelfToken(token).then(function(data){ console.log('> Service Token - lookupSelfToken output: \n', data); vault.revokeSelfToken(token).then(function(data){ console.log('>> Service Token - revokeSelfToken output: \n', data); }).catch(function(revokeError){ console.error('>>> Service Token - revokeSelfToken error: \n',revokeError); }); }).catch(function(lookupError){ console.error('>> Service Token - lookupSelfToken error: \n',lookupError); }); }).catch(function(createError){ console.error('> Service Token - createToken error: \n',createError); }); vault.createToken(ProvToken, { no_parent: true, ttl: '1h', policies: ['knight-vault'], }).then(function(data){ console.log('> Orphan Service Token - createToken output: \n', data); token=data.client_token; vault.lookupSelfToken(token).then(function(data){ console.log('>> Orphan Service Token - lookupSelfToken output: \n', data); vault.renewToken(ProvToken, token, '1h').then(function(data){ console.log('>>> Orphan Service Token - renewToken output: \n', data); vault.revokeToken(ProvToken, token).then(function(data){ console.log('>>>> Orphan Service Token - revokeToken output: \n', data); }).catch(function(revokeError){ console.error('>>>> Orphan Service Token - revokeToken error: \n',revokeError); }); }).catch(function(renewError){ console.error('>>> Orphan Service Token - renewToken error: \n',renewError); }); }).catch(function(lookupError){ console.error('>> Orphan Service Token - lookupSelfToken error: \n',lookupError); }); }).catch(function(createError){ console.error('> Orphan Service Token - createOrphanSToken - error: \n',createError); }); vault.createToken(ProvToken, { no_parent: true, ttl: '24h', type: 'batch', policies: ['knight-vault'], }).then(function(data){ console.log('> Orphan Batch Token - createToken output: \n', data); token=data.client_token; vault.lookupSelfToken(token).then(function(data){ console.log('>> Orphan Batch Token - lookupSelfToken output: \n', data); vault.revokeToken(ProvToken, token).then(function(data){ console.log('>>> Orphan Batch Token - revokeToken output: \n', data); }).catch(function(revokeError){ console.error('>>> Orphan Batch Token - revokeToken error: \n',revokeError); }); }).catch(function(lookupError){ console.error('>> Orphan Batch Token - lookupSelfToken error: \n',lookupError); }); }).catch(function(createError){ console.error('> Orphan Batch Token - createOrphanBToken error: \n',createError); });