vtp

README

vtp

Vault Transpose (vtp) is a tool for interpolating vault secrets into any file regardless of its type. It will loop through a file and replace any instances of ((path:key)) with the value of the key defined at the path in vault.

vtp is meant for replacing key/value secrets and will not handle properly indenting multi-line secrets (such as certs) into YAML files. It will simply replace any tokens it finds with the values it fetches from vault and is not file-type dependent.

Token

vtp will try to replace anything within (( )) blocks within your code. The proper syntax for vault secrets is: (( /path/to/secret:key )). If no key is provided then vtp will default to using value as the key.

Usage

Usage: vtp [--inplace] [--debug] FILES [FILES ...]

Positional arguments:
  FILES                  List of files to run against

Options:
  --inplace, -i          Overwrite input files
  --quiet, -q            Suppress output (useful when writing files in place)
  --debug, -d            Enable debug logging [default: false]
  --help, -h             display this help and exit

The VAULT_ params needed to make a call to the CLI must be set to be able to interpolate values with vtp. At a minimum you will need to set VAULT_ADDR and VAULT_TOKEN.

By default vtp will output to the screen, but you can suppress the output with the --quiet flag. This is most useful when paired with the --inplace flag when using with fluxcd and kustomize.