vaulted

README

vaulted

Spawn environments from securely stored secrets.

With so many secrets floating around in our modern lives, it's a wonder we're able to keep track of any of them!

vaulted allows you to create vaults of related secrets and then spawn environments with these secrets. Vaults can contain secure environment variables, AWS credentials, or SSH keys (RSA, DSA, & ECDSA).

vaulted also attempts to insulate spawned environments from other environments on the system. Temporary AWS credentials are created for each spawned environment as well as a new SSH agent. The SSH agent still allows access keys in the parent environment's SSH agent, but any keys added inside the environment are only available in the spawned environment.

Installation

macOS

The easiest way to install vaulted on macOS is through Homebrew.

brew install vaulted

Manual

Installation on other platforms should be simple enough through go get as long as you have a proper Go environment setup:

go get -u github.com/miquella/vaulted

Don't forget to add $GOPATH/bin to your $PATH!

Getting Started

vaulted is oriented around vaults of secrets that are used to spawn environments. To get started, add a new vault:

vaulted add my-vault

This will start an interactive editing mode that will help you create your first vault. AWS keys, SSH keys, and arbitrary environment variables can be added to the vault. Once you have your vault arranged how you would like, use q to exit the interactive mode and save the vault to disk.

While editing a vault, Ctrl+C may be used to discard changes to the vault.

Now that your vault has been saved, the list of vaults will reflect your newly saved vault:

vaulted ls

And you can use vaulted to spawn a command in an environment generated from the secrets stored in the vault:

vaulted -n my-vault -- aws s3 ls

Sometimes it is useful to be able to issue multiple commands that require the vault's secrets. In this case, you can spawn an interactive shell:

vaulted shell my-vault

Warning! Leaving interactive shells with your credentials loaded can be dangerous as you may inadvertently provide credentials to an application you didn't intend!

Going Further

While vaulted supports basic modification methods like copying, editing, and removing, more advanced methods such as JSON-formatted dumping and loading are also available. An environment can even be loaded into a running shell! See vaulted --help for available commands.

Spawned Environment

In addition to secrets, spawned environments also include the name of the vault that was used to spawn the environment in the VAULTED_ENV environment variable. This is particularly useful if you would like to indicate the spawned environment in your shell prompt.