bank-vaults
A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
APACHE-2.0 License
Bank-Vaults is now a CNCF Sandbox project.
Bank Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitude. Watch out for clean-up sets.
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to make configuring Hashicorp Vault easier
- Vault Operator to make operating Hashicorp Vault on top of Kubernetes easier
- Secrets Webhook to inject secrets directly into Kubernetes pods
- Vault SDK to make working with Vault easier in Go
- and others
Usage
Some of the usage patterns are highlighted through these blog posts:
- Authentication and authorization of Pipeline users with OAuth2 and Vault
- Dynamic credentials with Vault using Kubernetes Service Accounts
- Dynamic SSH with Vault and Pipeline
- Secure Kubernetes Deployments with Vault and Pipeline
- Vault Operator
- Vault unseal flow with KMS
- Monitoring Vault on Kubernetes using Cloud Native technologies
- Inject secrets directly into pods from Vault
- Backing up Vault with Velero
- Vault replication across multiple datacenters on Kubernetes
- More blog posts about Bank-Vaults
- Bank Vaults Configuration Helm Chart
Documentation
The official documentation is available at https://bank-vaults.dev.
Development
For an optimal developer experience, it is recommended to install Nix and direnv.
Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Fetch required tools:
make deps
Run project dependencies:
make up
Run the test suite:
make test
make test-integration
Run linters:
make lint # pass -j option to run them in parallel
Some linter violations can automatically be fixed:
make fmt
Build artifacts locally:
make artifacts
Once you are done either stop or tear down dependencies:
make stop
# OR
make down
Credits
Kudos to HashiCorp for open sourcing Vault and making secret management easier and more secure.
License
The project is licensed under the Apache 2.0 License.
