node-vault is a Javascript HTTP client for HashiCorp's Vault API that allows you to have typesafe access to the API using TypeScript and Zod.
- Typesafe and Validated API
- Extendable using Custom Commands
npm install @litehex/node-vault
import { Client } from '@litehex/node-vault';
// Get a new instance of the client
const vc = new Client({
apiVersion: 'v1', // default
endpoint: 'http://127.0.0.1:8200', // default
token: 'hv.xxxxxxxxxxxxxxxxxxxxx' // Optional in case you want to initialize the vault
});
// { data: xxx }
// Init vault
const init = await vc.init({ secret_shares: 1, secret_threshold: 1 });
console.log(init); // { data: { keys: [ ... ], keys_base64: [ ... ], ... } }
// Set token
const { keys, root_token } = init;
vc.token = root_token;
const unsealed = await vc.unseal({ key: keys[0] });
console.log(unsealed); // { data: { type: 'shamir', initialized: true, sealed: false, ... } }
const mounted = await vc.mount({
mountPath: 'my-secret',
type: 'kv-v2'
});
console.log(mounted); // true
const info = await vc.engineInfo({ mountPath: 'my-secret' });
console.log(info); // { data: { type: 'kv', options: { version: '2' }, ... } }
const mountPath = 'my-secret';
const path = 'hello';
const write = await vc.kv2.write({
mountPath,
path,
data: { foo: 'bar' }
});
console.log(write); // { data: { request_id: '...', lease_id: '...', ... } }
const read = await vc.kv2.read({ mountPath, path });
console.log(read); // { data: { request_id: '...', lease_id: '...', ... } }
const deleted = await vc.kv2.deleteLatest({ mountPath, path });
console.log(deleted); // { data: true }
For complete usages, please dive into the Wiki.
For all configuration options, please see the API docs.
You can contribute to this project by opening an issue or a pull request on GitHub. Feel free to contribute, we care about your ideas and suggestions.
- HashiCorp's Vault API docs
- Minimal CLI for K/V V2 engine