Skip to content

Bridge between Vault and password managers

License

Notifications You must be signed in to change notification settings

nlamirault/alan

Repository files navigation

Alan

License Apache 2 GitHub version

  • Master : pipeline status
  • Develop : pipeline status

Alan is a bridge between Hashicorp Vault and some password managers :

  • KeepassXC
  • 1password.com
  • Lastpass
  • Pwsafe

Installation

You can download the binaries :

Usage

  • CLI help:

      $ alan help
    

Local usage

  • Start a Vault development server :

      $ vault server -dev
    
  • Setup Vault :

      $ export VAULT_ADDR="http://localhost:8200"
      $ vault auth list
      Path      Type     Description
      ----      ----     -----------
      token/    token    token based credentials
    
      $ vault auth enable userpass
      Success! Enabled userpass auth method at: userpass/
    
      $ vault auth list
      Path         Type        Description
      ----         ----        -----------
      token/       token       token based credentials
      userpass/    userpass    n/a
    
      $ vault secrets list
      Path          Type         Description
      ----          ----         -----------
      cubbyhole/    cubbyhole    per-token private secret storage
      identity/     identity     identity store
      secret/       kv           key/value secret storage
      sys/          system       system endpoints used for control, policy and debugging
    
      $ vault policy write alan-policy -<<EOF
      path "secret/*" {
              capabilities = ["create", "read", "update", "delete", "list"]
      }
      EOF
    
      $ vault policy list
      alan-policy
      default
      root
    
      $ vault write auth/userpass/users/alan password=turing policies=alan-policy
      Success! Data written to: auth/userpass/users/alan
    
      $ vault login -method=userpass username=alan password=turing
      Success! You are now authenticated. The token information displayed below
      is already stored in the token helper. You do NOT need to run "vault login"
      again. Future Vault requests will automatically use this token.
    
      Key                    Value
      ---                    -----
      token                  15589767-1e25-6c44-e8c2-9b6c3ac13099
      token_accessor         5fefe9fe-6da7-b67b-a8f0-47583488057e
      token_duration         768h
      token_renewable        true
      token_policies         [alan-policy default]
      token_meta_username    foo
    
      $ vault write secret/foo value=yes
      Success! Data written to: secret/foo
      $ vault read secret/foo
      Key                 Value
      ---                 -----
      refresh_interval    768h
      value               yes
    
  • Display database entries :

      $ alan keepassxc show --database alan.kdbx
      Please input your password:
      Dev
      Github: foo https://github.com
      Gitlab: foo https://gitlab.com
      Social
      Twitter: alan https://twitter.com
      >>> foo https://fake.social
      Root
    
  • Import a KeepassXC database into the Vault:

      $ alan keepassxc import --database alan.kdbx
      Please input your password:
      Add secret: Dev/Github
      Add secret: Dev/Gitlab
      Add secret: Social/Twitter
    
  • Check entries :

      $ alan vault list
      - Dev/
      - Social/
    
      $ alan vault list --path Dev
      - Github
      - Gitlab
    
  • Retrieve a secret :

      $ alan vault get --path Dev/Github
      Username: foo
      Password: bar
      URL: https://github.com
    

Development

  • Initialize environment

      $ make init
    
  • Build tool :

      $ make build
    
  • Launch unit tests :

      $ make test
    

Contributing

See CONTRIBUTING.

License

See LICENSE for the complete license.

Changelog

A changelog is available

Contact

Nicolas Lamirault nicolas.lamirault@gmail.com

About

Bridge between Vault and password managers

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published