Skip to content

guaychou/coult

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Coult

A simple, async Vault client in Rust using Hyper v1, hyper-rustls, and Tokio for secure communication with HashiCorp Vault.

Features

  • Supports Vault HTTP API v1 (health check, secrets retrieval)
  • Compatible with Vault secret engines v1 and v2
  • TLS support with hyper-rustls and WebPKI roots
  • Async and efficient using hyper-util and tokio
  • Customizable Vault connection options (address, port, token, protocol)
  • Error handling with detailed Vault status codes

Usage

use coult::{Config, Vault};
use serde::Deserialize;
#[derive(Debug, Deserialize)]
struct Secret {
    password: String,
}

#[tokio::main]
async fn main() {
    tracing_subscriber::fmt::init();
    let vault = Vault::new()
        .address("localhost")
        .protocol("http")
        .token("imtokenbro")
        .port(8200)
        .secret_path("kv/data/test")
        .build().await.unwrap();
    let data = vault.get_secret::<Secret>().await.unwrap();
    println!("{:?}", data)
}

Replace YourSecretStruct with your custom struct that implements serde::Deserialize.

API

VaultBuilder

  • address(String): Set Vault server address (default: 127.0.0.1)
  • port(u16): Set Vault server port (default: 8200)
  • token(String): Set Vault token for authentication
  • secret_path(String): Set the Vault secret path to retrieve
  • https(): Use HTTPS protocol (default: http)
  • protocol(String): Set protocol (http or https)
  • build(): Build and return a Vault instance asynchronously

Vault

  • health_check(): Check Vault health status
  • get_secret(): Get secret from Vault using secret engine v1
  • get_secret_v2(): Get secret from Vault using secret engine v2

Error Handling

The client returns detailed errors based on Vault HTTP status codes, such as:

  • VaultSealed (503)
  • VaultInvalidPath (404)
  • VaultNotInitialized (501)
  • VaultActiveDRsecondaryNode (472)
  • VaultStandbyPerformanceNode (473)
  • Other Vault-specific errors

Environment Variables

If values are not explicitly set in the builder, these environment variables will be used as defaults:

  • VAULT_ADDRESS - Vault server address
  • VAULT_PORT - Vault server port
  • VAULT_TOKEN - Vault authentication token
  • VAULT_SECRET_PATH - Vault secret path
  • VAULT_PROTOCOL - Protocol (http or https)

Contributing

Contributions are welcome! Please open issues or submit pull requests.

About

Coult, is crate to getting from hashicorp vault

Topics

kubernetes rust consul vault tokio kubernets axum

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages