Categorygithub.com/rajatsharma94/vc
modulepackage
0.0.0-20200914125258-c975236215f4
Repository: https://github.com/rajatsharma94/vc.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
28
Dependents
0
Files
2.3k SLOC

# README

vc

GoDoc Build Status GitHub downloads GitHub tag

Vault Command Line (CLI) Client for manipulating secrets inside Vault

Environment Variables

vc respects the following environment settings:

  • VAULT_ADDR Vault server address
  • VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
  • VAULT_CAPATH Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If VAULT_CACERT is specified, its value will take precedence.
  • VAULT_TOKEN Vault access token
  • VAULT_TOKEN_FILE Vault access token file

If no VAULT_TOKEN is set, VAULT_TOKEN_FILE will try:

$HOME/.vault-token
/etc/vault-client/token

Commands

Command cat

Show the contents of a secret.

Usage: vc cat [<options>] <secret path>

Options:
 -k string
   	key (default __TYPE__)
 -m string
   	output mode (default 0600)
 -o string
   	output (default: stdout)

Command edit

Open an interactive editor for manipulating secrets or creating new secrets.

Usage: vc edit <secret path>

Command file

Store or retrieve files.

Usage: vc file <get|put> <secret path> <file path>

Options:
  -f	force overwrite
  -i	ignore missing key
  -m string
    	output mode (for put) (default 0600)

In get mode, if the file at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

In put mode, if the secret at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

The actual secret is stored in base64 encoding, and it will have the magic type marker (__TYPE__) of "file".

Command ls

List secrets.

Usage: vc [<options>] ls [<secret path>]

Options:
  -1	list in compact format
  -R	recursively list subdirectories encountered
  -l	list in long format

Command mv

Move secrets.

Usage: vc [<options>] mv <source secret> <target secret>

Options:
  -f	force overwrite

If the secret at the destination path exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

Command rm

Remove secrets.

Usage: vc rm <secret path>

Options:
  -f	force removal

Command template

Render a template containing Vault secrets. The default render engine is text/template, see https://golang.org/pkg/text/template/

Usage: vc template [<options>] <file>

Options:
  -m string
    	output mode (default 0600)
  -o string
    	output (default: stdout)

The render engine will first evaluate the template file and retrieve all desired secret paths and keys. Next, it will contact Vault and fetch the requested secrets. The render engine will report a fatal error if any of the secrets are missing or if there is an error contacting Vault.

Function decode

Retrieves an encoded secret stored in Vault.

Example:

We can have any {{decode "secret/test.json"}} type.

Function secret

Allows for looking up secret values stored in Vault. The function expects a path to a generic secret and a key.

Example:

The value for key foo at secret/test is: {{secret "secret/test" "foo"}}

Type key

Only partial support is implemented for the magic __TYPE__ key which allows for typed values.

Builtin types:

  • file Base64 encoded file in key "contents"
  • json Substructure is a key-value dictionary with JSON encoding
  • yaml Substructure is a key-value dictionary with YaML encoding

# Packages

No description provided by the author
No description provided by the author

# Functions

No description provided by the author
CodecFor returns a codec by name.
No description provided by the author
Debug is a debug message.
Debugf is a debug message with variadic formatting.
DefaultApp sets up a default CLI application.
DefaultCommands returns a map of default commands.
No description provided by the author
No description provided by the author
No description provided by the author
IsTerminal return true if the file descriptor is terminal.
No description provided by the author
No description provided by the author
NewClient builds a new Client.
RegisterCodec adds a new named codec.
ReplaceCodec replaces or adds a named codec.
SafeOutputWriter implements a io.WriteCloser that uses a temporary file in the same directory as the target file to write to, and then move the temporary file to the final name after closing.
No description provided by the author
No description provided by the author

# Constants

Return code constants.
Return code constants.
Return code constants.
Return code constants.
ShellHistoryFile is the file where readline history is recorded.
Return code constants.
Return code constants.
Return code constants.

# Variables

CodecTypeKey is the key that marks a named Codec.
DebugLogFunc is our debug log function, defaults to nil (no debug logging).
ErrMarshalingNotSupported returned by MarshalingNotSupported.
ErrUnmarshalingNotSupported returned by UnmarshalingNotSupported.

# Structs

CatCommand can display (structured) secrets.
Client for the Vault API.
CopyCommand can display (structured) secrets.
DeleteCommand can display (structured) secrets.
EditCommand opens Vault secrets in an interactive editor ($EDITOR).
FileCommand stores and retrieves raw files (blobs).
ListCommand can display (structured) secrets.
MarshalingNotSupported is a placeholder Marshaler that returns an error upon marshaling.
MoveCommand can display (structured) secrets.
ShellCommand is an interactive command line shell.
TemplateCommand renders (multiple) secret(s) into a templated file.
UnmarshalingNotSupported is a placeholder Unmarshaler that returns an error upon unmarshaling.

# Interfaces

Codec implements an Encoder and Decoder.
Marshaler can marshal a api.Secret.Data into a byte slice.
Unmarshaler can unmarshal a byte slice into api.Secret.Data.