Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.

Caiyeon/goldfish

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
7 branches 25 tags
Code

Latest commit

@Caiyeon
Caiyeon Add missing screenshots
87e23e9 Sep 5, 2018
Add missing screenshots
87e23e9

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
config
 
 
docker
 
 
frontend
 
 
github
 
 
handlers
 
 
request
 
 
screenshots
 
 
server
 
 
slack
 
 
terraform
 
 
vagrant
 
 
vault
 
 
vendor
 
 
.gitattributes
 
 
.gitignore
 
 
CONTRIBUTING.md
 
 
ISSUE_TEMPLATE.md
 
 
LICENSE
 
 
README.md
 
 
build.sh
 
 
circle.yml
 
 
server.go
 
 
Goldfish Vault UI - Live Demo Share this repo with your colleagues! What is this? Deploy goldfish in production in minutes! Features Major features: See wiki for more Screenshots Developing Goldfish Running locally Using a VM Compiling Development Components Design Sponsored by Why 'Goldfish'?

README.md

Goldfish Vault UI - Live Demo

Donation
Share this repo with your colleagues!

What is this?

Goldfish - A HashiCorp Vault UI and workflow tool. pic.twitter.com/uVWLuQEBMi

— Kelsey Hightower (@kelseyhightower) August 21, 2017

Goldfish answers many auditing and administration questions that Vault API can't:

  • Right now, are there any root tokens in Vault?
  • Which policies, users, and tokens can access this particular secret path?
  • The unseal admins are working from home, but we need a policy changed.
    • How do we generate a root token only for this change, and make sure it's revoked after?
  • I store my policies on a Github repo. Can I deploy all my policies in one go? See more
  • If I remove this secret/policy, will anybody's workflow break?

Deploy goldfish in production in minutes!

Seriously, the instructions fit on one screen!

Features

  • Hot-loadable server settings from a provided vault endpoint
  • Displaying a vault endpoint as a 'bulletin board' in homepage
  • Logging in with token, userpass, github, or LDAP
  • Secret Reading/editing/creating/listing
  • Auth Searching/creating/listing/deleting
  • Mounts Listing
  • Policies Searching/Listing
  • Encrypting and decrypting arbitrary strings using transit backend

Major features: See wiki for more

  • DONE! Searching tokens by policy walkthrough
    • E.g. Display all tokens that have the policy 'admins'
  • DONE! Searching policy by rule walkthrough
    • E.g. Display all policies that can access 'secret/data*'
  • DONE! Request & approval based policy changes walkthrough
    • Users can place a policy change request in vault
    • Admins must then provide unseal tokens for that specific request
    • Upon reaching a set number, goldfish generates a root token, performs edit, and revokes the root token
  • DONE! Terraform your vault walkthrough
    • Fetch a folder of policies from a commit in github
    • Admins can enter their unseal tokens for approval to set vault policies according to policies found
    • Change dozens of policies in one go!
  • DONE! Resource dependency chain
    • E.g. Will removing a particular policy affect current users?
    • Will removing a mount or secret path affect current users?

Screenshots

Developing Goldfish

Running locally

You'll need go (v1.9), nodejs (v8.2), and npm (v5)

# hashicorp vault ui

# clone goldfish
go get github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish

# running goldfish server in -dev will spin up a local vault instance for you
go run server.go -dev

# running goldfish frontend in dev mode will allow for hot-reload of frontend files
cd frontend
sudo npm install -g cross-env
npm install
npm run dev

# a browser window/tab should open, pointing directly to goldfish

Using a VM

A vagrantfile is available as well

You'll need Vagrant and VirtualBox. On Windows, a restart after installation is needed.

# if you wish to launch goldfish in a VM:
git clone https://github.com/Caiyeon/goldfish.git
cd goldfish/vagrant

# this will take awhile
vagrant up --provision

# go to localhost:8080 on your local machine and login with token 'goldfish'

# changes to frontend .vue files will be hot-reloaded
# to force a full reload for the frontend, ssh into the machine and run
#     `sudo systemctl restart goldfish_frontend.service`
# to recompile and re-run the backend, ssh into the machine and run
#     `sudo systemctl restart goldfish.service`

Compiling

You'll need Go(v1.9), Nodejs (v8.2.0), Npm (v5)

Note that using different versions (of nodeJS, especially) will cause differences in the final binary.

# download the source code
go get -d github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish

# resetting to a tagged version is recommended
# no support will be given to arbitrary commits on the master branch
git fetch --all --tags --prune
git checkout tags/<version> # version could be, for example, v0.8.0

# compile the binary
sh build.sh

Development

Goldfish is in very active development.

Pull requests and feature requests are welcome. Feel free to suggest new workflows by opening issues.

Components

Frontend:

  • VueJS
  • Bulma CSS
  • Vue Admin

Backend:

Design

See: Architecture

Sponsored by

Why 'Goldfish'?

This server should behave as a goldfish, forgetting everything immediately after a request is completed. That, and other inside-joke reasons.

Credits for the goldfish icon goes to Laurel Chan

About

A HashiCorp Vault UI written with VueJS and Vault native Go API

vault-ui.io

Topics

go golang vuejs vault bulma-css vault-ui hashicorp-vault vue-admin

Resources

Readme

License

MPL-2.0 license

Stars

2.2k stars

Watchers

70 watching

Forks

168 forks

Releases 21

v0.9.0 Latest
Feb 24, 2018
+ 20 releases

Packages

No packages published

Contributors 16

+ 5 contributors

Languages