Skip to content

Latest commit

 

History

History
 
 

vault

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Vault Secret Service

This package implements platform.SecretService using vault.

Key layout

All secrets are stored in vault as key value pairs that can be found under the key /secret/data/:orgID.

For example

/secret/data/031c8cbefe101000 ->
  github_api_key: foo
  some_other_key: bar
  a_secret: key

Configuration

When a new secret service is instatiated with vault.NewSecretService() we read the environment for the standard vault environment variables.

It is expected that the vault provided is unsealed and that the VAULT_TOKEN has sufficient privileges to access the key space described above.

Test/Dev

The vault secret service may be used by starting a vault server

vault server -dev
VAULT_ADDR='<vault address>' VAULT_TOKEN='<vault token>' influxd --secret-store vault

Once the vault and influxdb servers have been started and initialized, you may test the service by executing the following:

curl --request GET \
  --url http://localhost:8086/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token>

# should return
#
#  {
#    "links": {
#      "org": "/api/v2/orgs/031c8cbefe101000",
#      "secrets": "/api/v2/orgs/031c8cbefe101000/secrets"
#    },
#    "secrets": []
#  }
curl --request PATCH \
  --url http://localhost:8086/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token> \
  --header 'content-type: application/json' \
  --data '{
	"foo": "bar",
	"hello": "world"
}'

# should return 204 no content
curl --request GET \
  --url http://localhost:8086/api/v2/orgs/<org id>/secrets \
  --header 'authorization: Token <authorization token>

# should return
#
#  {
#    "links": {
#      "org": "/api/v2/orgs/031c8cbefe101000",
#      "secrets": "/api/v2/orgs/031c8cbefe101000/secrets"
#    },
#    "secrets": [
#      "foo",
#      "hello"
#    ]
#  }