-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.js
44 lines (40 loc) · 1.22 KB
/
main.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
const DOCKER = new require('dockerode')();
let vault;
module.exports = async (
approleFile,
vaultEndpoint,
vaultPath,
vaultKey,
secretName
) => {
const OPTIONS = { endpoint: vaultEndpoint };
vault = require('node-vault')(OPTIONS);
try {
const jsonString = await require('fs').promises.readFile(approleFile);
const approleJson = JSON.parse(jsonString);
const loginResponse = await vaultApproleLogin(approleJson);
const vaultSecret = await readVaultSecret(vaultPath, loginResponse);
await createDockerSecretFromValue(vaultKey, vaultSecret, secretName);
} catch (error) {
console.error(error);
}
};
async function vaultApproleLogin(approleJson) {
const APPROLE = {
role_id: approleJson.role_id,
secret_id: approleJson.secret_id,
};
return vault.approleLogin(APPROLE);
}
async function readVaultSecret(vaultPath, loginResponse) {
vault.token = loginResponse.auth.client_token;
return vault.read(vaultPath);
}
async function createDockerSecretFromValue(vaultKey, vaultSecret, secretName) {
const VALUE = Buffer.from(vaultSecret.data.data[vaultKey]).toString('base64');
const DOCKER_SECRET = {
name: secretName,
data: VALUE,
};
return DOCKER.createSecret(DOCKER_SECRET);
}