Skip to content

Files

Latest commit

j00p34Tristan Davies
j00p34
and
Tristan Davies
add parameter to skip setting environment (faradayio#3)
Jan 23, 2017
2622f71 · Jan 23, 2017

History

History
68 lines (49 loc) · 1.58 KB

README.md

File metadata and controls

68 lines (49 loc) · 1.58 KB

vault-env-js

Put your vault secrets in your process.env

vault-env demo

Install the package

npm install --save vault-env

Write a Secretfile in your app directory

DATABASE_URL secrets/databases/main:url

Require vault-env and the environment variables are loaded

require('vault-env')

console.log(process.env.DATABASE_URL)
// => 'postgres://...'

Provide your app with VAULT_ADDR and VAULT_TOKEN environment variables when you run it.

VAULT_ADDR=https://localhost:8200 VAULT_TOKEN=12345 node ./app.js

Require vault-env/rotate and vault-env will request new leases before your secrets expire, keeping your environment variables up to date forever.

require('vault-env/rotate')

// check the database url
console.log(process.env.DATABASE_URL)
// => 'postgres://username:password@host/db'

// check again in six weeks
setTimeout(function () {
  console.log(process.env.DATABASE_URL)
  // => 'postgres://user:newpassword@host/db'
}, 1000 * 60 * 60 * 24 * 7 * 6)

Watch for secret changes

var vaultEnv = require('vault-env/rotate')

vaultEnv.on('DATABASE_URL', function (newDB, oldDB) {
  console.log('DATABASE_URL has changed to ' + newDB + ' from ' + oldDB)
})

Require vault-env/local and vault-env will not set your environment your variables will only be exported by the module as regular variables

var secret = require('vault-env/local')

console.log(secret.DATABASE_URL)
// => 'postgres://...'