Skip to content

A sample code for Node.JS with Hashicorp involving Username and Password based Authentication

License

Notifications You must be signed in to change notification settings

pratikpc/Node.JS-Vault-Username-Password

Repository files navigation

A sample code for Node.JS Vault by Hashicorp involving Username and Password based Authentication. This ensures that all data is securely stored behind username-password based authentication.

In case a user, has no desire to store Secrets on the Vault, this code can also be used for User Authentication as well.

For further details regarding Password Based Auth, check out https://learn.hashicorp.com/vault/secrets-management/sm-static-secrets

This code also tries to ensure that One User cannot access data of another user present in the Vault.

Install with npm i node-vault-user-pass

CONFIGURATION

// process.env.DEBUG = 'node-vault'; // switch on debug mode
const { VaultAccess } = require("node-vault-user-pass");

Initialize

const Vault = new VaultAccess({
  Authority: ["create", "read", "update", "delete", "list", "sudo"],
  Path: "path",
  Policy: "auth_policy",
  EndPoint: "http://localhost:8200",
  UserName: "username",
  SecretMountPoint: "secret_zone",
  // Either Set this in Command Line as an Environment Variable
  // Use set VAULT_TOKEN or export VAULT_TOKEN depending
  // upon your OS
  // Or Provide it as String Here
  // This must be a Root Token
  // Or a token with substantial access
  Token: String(process.env.VAULT_TOKEN),
  // Yet to be Implemented
  CertificateMountPoint: "certificate"
});

RUNNING

async function run() {
  // In Order to run Setup, the user needs Root Token
  await Vault.Setup();
  await Vault.#("password" /*'username'*/);
  console.log("# Successfull");
  await Vault.SignIn("password" /*'username'*/);
  console.log("# Successfull");

  const value = {
    foo: "3",
    bar: "4"
  };
  await Vault.Write("key", value);
  console.log("Wrote Value", value, "successfully");
  const val = await Vault.Read("key");
  console.log("Read value is ", val);

  // Unmount is an admin action
  // As such, the user needs Root Token
  // Or At least access to /sys/mount provided
  await Vault.Unmount();
}

run().then(() => {
  console.log("done");
});

Reason for Creation

  1. To Ensure Secured Access to data
  2. To Ensure Secured Storage of Data
  3. This Project was mostly born out of a linkage with A Blockchain Based project where we needed to store Public and Private Keys in a secure manner

TODO

  1. Add Support for Certificates

DEPENDENCIES

  1. node-vault Library for API Calls to Vault

RUNNING Vault

You can run Vault via Docker. I have created a simple script to run Vault with Docker.

Contact Us

You could contact me via LinkedIn You could file issues or add features via Pull Requests on GitHub

About

A sample code for Node.JS with Hashicorp involving Username and Password based Authentication

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published