Skip to content
Experiment in using vault tooling with credhub
Go Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ci
vendor
.gitignore
CODE_OF_CONDUCT.md
README.md
go.mod
go.sum
main.go
vault-credhub-proxy

README.md

A Vault API compatible proxy for Credhub

This project is an attempt to implement the basic CRUD operations of the Key Value API of Vault.

Staring proxy

export CREDHUB_SERVER=...
export CREDHUB_CA_CERT=path_to_ca.pem
go run main.go

Use with safe

Make sure to install the safe cli

safe target http://127.0.0.1:8200 dev
echo "${CREDHUB_CLIENT}:${CREDHUB_SECRET}" | safe auth token
safe tree /

By default safe tree will look up /secret tree, which is a common Vault root tree. Explicitly using safe tree / will look up the entire directory within Credhub. For example:

$ safe tree /
.
└──
    ├── /concourse/main/bucc_version
    ├── /concourse/main/concourse_worker_key
    ├── /concourse/main/concourse_tsa_host_key
    ├── /concourse/main/concourse_tsa_host
    ├── /concourse/main/concourse_ca_cert
    ├── /concourse/main/concourse_password
    ├── /concourse/main/concourse_username
    ├── /concourse/main/concourse_url
    ├── /concourse/main/credhub_ca_cert
    ├── /concourse/main/credhub_password
    ├── /concourse/main/credhub_username
    ├── /concourse/main/credhub_url
    ├── /concourse/main/bosh_stemcell
    ├── /concourse/main/bosh_cpi
    ├── /concourse/main/bosh_ssh_username
    ├── /concourse/main/bosh_ssh_private_key
    ├── /concourse/main/bosh_client
    ├── /concourse/main/bosh_client_secret
    ├── /concourse/main/bosh_ca_cert
    ├── /concourse/main/bosh_environment
    └── /concourse/main/bosh_name
You can’t perform that action at this time.