vault-env

Put your vault secrets in your process.env

Usage no npm install needed!

<script type="module">
  import vaultEnv from 'https://cdn.skypack.dev/vault-env';
</script>

README

vault-env-js

Put your vault secrets in your process.env

vault-env demo

Install the package

npm install --save vault-env

Write a Secretfile in your app directory

DATABASE_URL secrets/databases/main:url

Require vault-env and the environment variables are loaded

require("vault-env");

console.log(process.env.DATABASE_URL);
// => 'postgres://...'

Provide your app with VAULT_ADDR and VAULT_TOKEN environment variables when you run it.

VAULT_ADDR=https://localhost:8200 VAULT_TOKEN=12345 node ./app.js

Require vault-env/rotate and vault-env will request new leases before your secrets expire, keeping your environment variables up to date forever.

require("vault-env/rotate");

// check the database url
console.log(process.env.DATABASE_URL);
// => 'postgres://username:password@host/db'

// check again in six weeks
setTimeout(function () {
  console.log(process.env.DATABASE_URL);
  // => 'postgres://user:newpassword@host/db'
}, 1000 * 60 * 60 * 24 * 7 * 6);

Watch for secret changes

var vaultEnv = require("vault-env/rotate");

vaultEnv.on("DATABASE_URL", function (newDB, oldDB) {
  console.log("DATABASE_URL has changed to " + newDB + " from " + oldDB);
});

Require vault-env/local and vault-env will not set your environment your variables will only be exported by the module as regular variables

var secret = require("vault-env/local");

console.log(secret.DATABASE_URL);
// => 'postgres://...'