v0.8.0 - "Mountain Rescue"

(The filenames above are weird. GitHub has a bug in their uploader, but it's better than nothing)

Vaultenv is a CLI utility that fetches secrets from HashiCorp Vault and makes them available under environment variables.

The binaries on this page are provided for convenience. If you encounter any linking issues, you might need to build from source. Please refer to the README for instructions. One user reported problems with the latest glibc version.

Specify mount points

Vaultenv 0.8.0 now supports configuration of the mountpoint it fetches secrets in Vault from. Prior to this release, Vaultenv defaulted to secret/ for this.

In particular, this allows users to use Vaultenv for the dynamic secret engines that Vault supports.

The secret file format has changed to accommodate for the configuration of this information. However, the changes in this release are fully backwards compatible as far back to to and including 0.6.0.

Secret format upgrade guide

Version 1 of the format won't go anytime soon. However, upgrading is easy!

Let's say you have the following secrets file:

third-party#foo
another-party#bar

You can upgrade to Version 2 of the format by changing this to:

VERSION 2

MOUNT secret
third-party#foo
another-party#bar

This has exactly the same behavior.

Backwards incompatible changes

Vaultenv now exits with a nonzero exit code on network and parsing errors. This may break or change the behavior of existing scripts (or systemd service files) that use Vaultenv's exit code for their operation.