Vault Secret Proxy Sidecar

Vault secret proxy sidecar using AWS IAM Auth

Usage

Vault secret proxy sidecar can be used by any service (Primary App) running within a Kubernetes Pod in AWS. It can be used as a stub server during local development. See the following links for usage instructions:

• Local Development
• Kubernetes Cluster in AWS

Development

Prerequisites

• Go v1.12
• dep v0.5.0
• go-swagger v0.18.0

Quickstart

• Checkout the repository

• From project root

  • make dep # Installs all necessary dependencies
  • make install to install binary as ~/go/bin/vault-secret-proxy
  • ~/go/bin/vault-secrets-proxy-server --help

• Launch server

  • $ make run

• Play with the server

  • curl -sS http://localhost:8888/v1/secrets | jq .

  {
    "API_TOKEN": "token",
    "DB_PASSWORD": "password"
  }
  

  • Using httpie
    • $ http get http://localhost:8888/v1/secrets

    HTTP/1.1 200 OK
    Content-Length: 30
    Content-Type: application/json
    Date: Sun, 03 Mar 2019 03:08:12 GMT
    
    {
      "API_TOKEN": "token",
      "DB_PASSWORD": "password"
    }
    

    • $ http get http://localhost:8888/v1/healthz

    HTTP/1.1 200 OK
    Content-Length: 0
    Date: Sun, 03 Mar 2019 03:08:54 GMT
    

Credits

• github.com/daveadams/onthelambda