Skip to content

Boostport/vault-plugin-secrets-backblazeb2

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.github/workflows
.github/workflows
 
 
cmd/vault-plugin-secrets-backblazeb2
cmd/vault-plugin-secrets-backblazeb2
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
b2_application_key.go
b2_application_key.go
 
 
b2_client.go
b2_client.go
 
 
backend.go
backend.go
 
 
backend_test.go
backend_test.go
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
path_config.go
path_config.go
 
 
path_config_rotate.go
path_config_rotate.go
 
 
path_config_rotate_test.go
path_config_rotate_test.go
 
 
path_config_test.go
path_config_test.go
 
 
path_credentials.go
path_credentials.go
 
 
path_credentials_test.go
path_credentials_test.go
 
 
path_roles.go
path_roles.go
 
 
path_roles_test.go
path_roles_test.go
 
 

Repository files navigation

Vault Plugin: Backblaze B2 Secrets Backend

Tests

This is a HashiCorp Vault plugin that generates application keys for Backblaze B2 Cloud Storage.

Download

Binary releases are available at https://github.com/Boostport/vault-plugin-secrets-backblazeb2/releases.

Verify Binaries

The checksum for the binaries are signed with cosign. To verify the binaries, download the following files (where ${VERSION} is the version of the release):

  • vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt
  • vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.pem
  • vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.sig

Then download the release binaries you need. Here, we just download the linux amd64 binary:

  • vault-plugin-secrets-backblazeb2_${VERSION}_linux_amd64

Then run the following commands to verify the checksums and signature:

# Verify checksum signature
$ cosign verify-blob --signature vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.sig --certificate vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt.pem vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt --certificate-identity "https://github.com/Boostport/vault-plugin-secrets-backblazeb2/.github/workflows/release.yml@refs/tags/v${VERSION}" --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

# Verify checksum with binaries
$ sha256sum -c vault-plugin-secrets-backblazeb2_${VERSION}_checksums.txt

Usage

  1. Once the plugin is registered with your vault instance, you can enable it on a particular path:
$ vault secrets enable -path=backblazeb2 vault-plugin-secrets-backblazeb2
  1. Configure the backend with your Backblaze B2 application key id and application key:
$ vault write backblazeb2/config application_key_id=<account id> application_key=<key id>
  1. Create a role:
$ vault write backblazeb2/roles/example capabilities=listBuckets,listFiles,readFiles
  1. Issue credentials:
$ vault read backblazeb2/creds/example

Backend Configuration

Parameter Description Required Default
application_key_id The Backblaze B2 application key id yes none
application_key The Backblaze B2 application key yes none

Role Configuration

Parameter Description Required Default
capabilities Comma separated list of capabilities. See Backblaze B2 application key capabilities for a complete list. yes none
key_name_prefix Prefix for key names generated by this role. no vault-
bucket_name Optional bucket name on which to restrict this key. NOTE: This is the name of the bucket, not the id. no none
name_prefix Prefix to further restrict access in a bucket to files whose names start with the prefix. The bucket_name parameter must also be set. no none

About

A Vault plugin for generating Backblaze B2 application keys

Topics

vault secrets backblaze b2

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Nov 7, 2024
+ 1 release

Packages

No packages published

Languages

  • Go 100.0%