Skip to content
Render templated config files with secrets from HashiCorp Vault.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
mocks/api
pkg
.dockerignore
.gitignore
Dockerfile
Gopkg.lock
Gopkg.toml
LICENSE
Readme.md
generate-mocks.sh
main.go

Readme.md

vault-template

Render templated config files with secrets from HashiCorp Vault. Inspired by vaultenv.

  • Define a template for your config file which contains secrets at development time.
  • Use vault-template to render your config file template by fetching secrets from Vault at runtime.

Usage

Usage of ./vault-template:
  -o, --output string             The output file.
                                  Also configurable via OUTPUT_FILE.
  -t, --template string           The template file to render.
                                  Also configurable via TEMPLATE_FILE.
  -v, --vault string              Vault API endpoint.
                                  Also configurable via VAULT_ADDR.
                                  (default "http://127.0.0.1:8200")
  -f, --vault-token-file string   The file which contains the vault token.
                                  Also configurable via VAULT_TOKEN_FILE.

A docker image is availabe on Dockerhub.

Template

The templates will be rendered using the Go template mechanism. vault-env provides a special function for specifying secrets in the template:

mySecretName = {{ vault "secret/mySecret" "name" }}
mySecretPassword = {{ vault "secret/mySecret" "password" }}

The vault function takes two string parameters which specify the path to the secret and the field inside to return.

If the secret was created with vault write secret/mySecret name=john password=secret the resulting file would be:

mySecretName = john
mySecretPassword = secret
You can’t perform that action at this time.