vault-launchdarkly-secrets-engine

command module

v0.0.0-...-c7f0c11 Latest Latest Go to latest Published: Nov 4, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/intheclouddan/vault-launchdarkly-secrets-engine

README ¶

vault-launchdarkly-secret-engine

This plugin will allow you to create a secret backend that will use the LaunchDarkly API to generate dynamic LaunchDarkly tokens. Usage can be restricted using the highly customizable Vault ACL system.

Forked from: https://github.com/nytimes/vault-fastly-secret-engine

Setup

Most secrets engines must be configured in advance before they can perform their functions. These steps are usually completed by an operator or configuration management tool.

Register the plugin with the catalog

$ SHASUM=$(shasum -a 256 vault-launchdarkly-secret-engine | cut -d " " -f1)
$ vault write sys/plugins/catalog/vault-launchdarkly-secret-engine sha_256="$SHASUM" command="vault-launchdarkly-secret-engine"
Success! Data written to: sys/plugins/catalog/vault-launchdarkly-secret-engine

Enable the launchdarkly secrets engine:

$ vault secrets enable -path="launchdarkly" -plugin-name="vault-launchdarkly-secret-engine" plugin
Success! Enabled the vault-launchdarkly-secret-engine plugin at: launchdarkly/

By default, the secrets engine will mount at the name of the engine. To enable the secrets engine at a different path, use the -path argument.

Configure the backend with user credentials that will be able to interact with the LaunchDarkly API and create tokens.
```
$ vault write launchdarkly/config accessToken="123456789"
Success! Data written to: launchdarkly/config
```

Usage

After the secrets engine is configured and a user/machine has a Vault token with the proper permission, it can generate tokens.

Generate a new LaunchDarkly token by reading from the launchdarkly/role/<custom-role-key> endpoint:

$ vault read launchdarkly/role/<custom-role-key>"
Key      Value
---      -----
token    api-123456789

To read SDK keys for an Environment from the launchdarkly/project/<project-key>/<environment-key>:

$ vault read launchdarkly/project/test-project/development
Key         Value
---         -----
clientId    aaaabde7df99999900000
mobile      mob-826b0530-9999-0000-aed4-12345
sdk         sdk-65f59771-0000-9999-b567-12345

To reset a SDK or Mobile key you can read from: vault read launchdarkly/project/<project-key>/<environment-key>/reset/sdk where the final string can be sdk or mobile.

Local Development

Build the code

goreleaser build --snapshot --rm-dist
docker build -t vault-plugin .
docker run --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:1234' -p 1234:1234 vault-plugin

Configure the local vault

In a second terminal window...

export VAULT_ADDR='http://0.0.0.0:1234'
vault login myroot
SHASUM=$(shasum -a 256 dist/vault-launchdarkly-secrets-engine_linux_amd64/vault-launchdarkly-secrets-engine | cut -d " " -f1)
vault write sys/plugins/catalog/secret/vault-launchdarkly-secret-engine   sha_256="$SHASUM"   command="vault-launchdarkly-secrets-engine"
vault secrets enable -path="launchdarkly" -plugin-name="vault-launchdarkly-secrets-engine" plugin
vault write launchdarkly/config accessToken="123456789"

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
launchdarkly
version

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL