UNPKG

hashi-vault-js

Version:

A node.js module to interact with the Hashicorp Vault API.

github.com/kyndryl-open-source/hashi-vault-js

kyndryl-open-source/hashi-vault-js

67 lines (62 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
//Simple smoke test // AppRole auth method // This test will login to the AppRole auth method using a role-id and secret-id. // This test will create a new AppRole role, create a new AppRole secret-id, read the secret-id, and then destroy the secret-id. // source process.env // node AppRole-smoke-test.js // # Check role-id // vault read auth/approle/role/knight/role-id // # Create new secret-id // vault write -f auth/approle/role/knight/secret-id import Vault from '../src/Vault.js'; const RoleId = process.env.ROLE_ID; const SecretId = process.env.SECRET_ID; const ClientCert = process.env.CLIENT_CERT; const ClientKey = process.env.CLIENT_KEY; const CACert = process.env.CA_CERT; const VaultUrl = process.env.VAULT_URL; const AppRole = process.env.APPROLE; const Metadata = { tag1: "knight-vault", tag2: "smoke-test" }; const vault = new Vault( { https: true, cert: ClientCert, key: ClientKey, cacert: CACert, baseUrl: VaultUrl, timeout: 1000, proxy: false }); let token = null; vault.healthCheck().then(function(data) { console.log('> healthCheck output: \n',data); if (!data.sealed) { vault.loginWithAppRole(RoleId, SecretId, 'auth/approle').then(function(data){ token = data.client_token; console.log('>> loginWithAppRole output: \n',data); vault.readAppRoleSecretId(data.client_token, AppRole, SecretId).then(function(data){ console.log('>>> readAppRoleSecretId output: \n',data); }).catch(function(readError){ console.error('>>> readAppRoleSecretId error: \n',readError); }); vault.generateAppRoleSecretId(token, AppRole, JSON.stringify(Metadata)).then(function(data){ console.log('>>> generateNewAppRoleSecretId output: \n',data); let newSecretId = data.secret_id; vault.destroyAppRoleSecretId(token, AppRole, newSecretId).then(function(data) { console.log('>>>> destroyAppRoleSecretId output: \n',data); }).catch(function(destroyError) { console.error('>>>> destroyAppRoleSecretId error: \n',destroyError); }); }).catch(function(generateError) { console.error('>>> generateNewAppRoleSecretId error: \n',generateError); }); }).catch(function(loginError){ console.error('>> loginWithAppRole error: \n',loginError); console.error('>> loginWithAppRole error: \n',loginError.response.data); }); } }).catch(function(healthError){ console.error('> healthCheck error: \n',healthError); });