UNPKG

hashi-vault-js

Version:

A node.js module to interact with the Hashicorp Vault API.

github.com/kyndryl-open-source/hashi-vault-js

kyndryl-open-source/hashi-vault-js

106 lines (101 loc) 3.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
//Simple smoke test // PKI secret engine -- roles // This test will create a new PKI role, read the PKI role, update the PKI role, delete the PKI role, and then read the PKI role. // source process.env // node PKI-roles-smoke-test.js import Vault from '../src/Vault.js'; const ClientCert = process.env.CLIENT_CERT; const ClientKey = process.env.CLIENT_KEY; const CACert = process.env.CA_CERT; const VaultUrl = process.env.VAULT_URL; const RootToken = process.env.VAULT_ROOT_TOKEN; const vault = new Vault( { https: true, cert: ClientCert, key: ClientKey, cacert: CACert, baseUrl: VaultUrl, rootPath: 'pki', timeout: 10000, proxy: false }); let roleParams = { name: "dummy", ttl: "8760h", maxTtl: "43800h", allowLocalhost: true, allowedDomains: ["dummy.com", "acme.com"], allowedDomainsTemplate: false, allowBareDomains: false, allowSubdomains: true, allowGlobDomains: false, allowAnyName: false, enforceHostnames: true, allowIpSans: true, allowedUriSans: "https://dummy.com,https://acme.com", allowedOtherSans: null, serverFlag: true, clientFlag: false, codeSigningFlag: false, emailProtectionFlag: false, keyType: "rsa", keyBits: 4096, keyUsage: ["DigitalSignature", "KeyAgreement", "KeyEncipherment"], externalKeyUsage: null, extKeyUsageOids: null, useCsrCommonName: true, useCsrSans: true, ou: "vault", organization: "acme", country: "br", locality: "campinas", province: "sp", streetAddress: "", postalCode: "", serialNumber: "", generateLease: false, noStore: false, requireCn: true, policyIdentifiers: null, basicConstraintsValidForNonCa: false, notBeforeDuration: "5m" } vault.healthCheck().then(function(data) { console.log('1> healthCheck output: \n',data); if (!data.sealed) { vault.createPkiRole(RootToken, roleParams, 'pki').then(function(data){ console.log('2> createPkiRole output: \n',data); roleParams.codeSigningFlag = true; roleParams.notBeforeDuration = "1m"; vault.updatePkiRole(RootToken, roleParams, 'pki').then(function(data){ console.log('3> updatePkiRole output: \n',data); vault.readPkiRole(RootToken, roleParams.name).then(function(data){ console.log('4> readPkiRole output: \n',data); vault.deletePkiRole(RootToken, roleParams.name).then(function(data){ console.log('5> deletePkiRole output: \n',data); vault.readPkiRole(RootToken, roleParams.name).then(function(data){ console.log('6> readPkiRole output: \n',data); }).catch(function(readError){ console.error('6> readPkiRole error: \n',readError); }); }).catch(function(deleteError){ console.error('5> deletePkiRole error: \n',deleteError); }); vault.listPkiRoles(RootToken).then(function(data){ console.log('5> listPkiRoles output: \n',data); }).catch(function(listError){ console.error('5> listPkiRoles error: \n',listError); }); }).catch(function(readError){ console.error('4> readPkiRole error: \n',readError); }); }).catch(function(updateError){ console.error('3> updatePkiRole error: \n',updateError); }); }).catch(function(createError){ console.error('2> createPkiRole error: \n',createError); }); } }).catch(function(healthError){ console.error('> healthCheck error: \n',healthError); });