vault

command module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2024 License: MIT Imports: 8 Imported by: 0

README

Vault is a project to have a light-weight, secure and multi-tenant solution for encrypted password storage. It provides a simple Rest API where you can manage your environments and tokens. It uses a MongoDB database as the storage backend.

This project is a work in progress, do not use in production until v1.0.0 is available

Release:

Release Version

Last build:

Last build

Last publish:

Last publish

Environments

Security is key in the project. You can create separate environments for your projects or customers. All environments use unique encryption keys, which are never stored in the database and are only available to the customer. At the first start of the application, the Master Admin token will be logged as output once. Save it, it will never be shown again.

If you missed the token after the first start, you need to remove the collections (environment, token, secret) from the database and restart the application. None of the tokens are recoverable.

The MasterAdmin token can create an Environment. As a response to this call an EnvironmentAdmin token is returned once. This type of token can be used to create ReadWrite or ReadOnly tokens. Read the section Tokens for more detailed view of the different token types.

Tokens

There are 4 types of tokens, each having its own purpose.

MasterAdmin EnvironmentAdmin ReadWrite ReadOnly
Create MasterAdmin token
Create EnvironmentAdmin token
Create ReadWrite/ReadOnly token
Manage environments
Manage secrets
Get decrypted secret

Getting started

Vault can be run as a stand-alone application on a server, or run as a container in Docker or Kubernetes.

Make sure you always run the latest release version.

The entire application is built stateless and supports multiple replicas for load balancing and high-availability purposes.

Networking

Vault itself does not handle TLS traffic. The service that exposes the application has to handle and forward to the application port.

Configuration

The application can be configured using environment variables for the database connection.

Parameter Description Default
PORT Port for the REST API endpoints 8080
MONGODB_URI MongoDB connect URI to connect to the database
Example: mongodb+srv://username:password@database-host/database-name?retryWrites=true&w=majority&appName=Vault
MONGODB_DATABASE Database name if not provided in the connect URI
Example: vault

Kubernetes deployment

kustomize build https://github.com/gkwmiddelkamp/vault/manifests | kubectl apply -f -

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
handlers
interceptors
models
responses
services
views

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.