Put your vault secrets in your process.env
Install the package
npm install --save vault-envWrite a Secretfile in your app directory
DATABASE_URL secrets/databases/main:url
Require vault-env and the environment variables are loaded
require('vault-env')
console.log(process.env.DATABASE_URL)
// => 'postgres://...'Provide your app with VAULT_ADDR and VAULT_TOKEN environment variables when
you run it.
VAULT_ADDR=https://localhost:8200 VAULT_TOKEN=12345 node ./app.jsRequire vault-env/rotate and vault-env will request new leases before your
secrets expire, keeping your environment variables up to date forever.
require('vault-env/rotate')
// check the database url
console.log(process.env.DATABASE_URL)
// => 'postgres://username:password@host/db'
// check again in six weeks
setTimeout(function () {
console.log(process.env.DATABASE_URL)
// => 'postgres://user:newpassword@host/db'
}, 1000 * 60 * 60 * 24 * 7 * 6)Watch for secret changes
var vaultEnv = require('vault-env/rotate')
vaultEnv.on('DATABASE_URL', function (newDB, oldDB) {
console.log('DATABASE_URL has changed to ' + newDB + ' from ' + oldDB)
})Require vault-env/local and vault-env will not set your environment
your variables will only be exported by the module as regular variables
var secret = require('vault-env/local')
console.log(secret.DATABASE_URL)
// => 'postgres://...'