coult 0.3.0

Hashicorp vault secret retrival helper, using hyper and serde, and automatically parsing.
Documentation

Coult

A simple, async Vault client in Rust using Hyper v1, hyper-rustls, and Tokio for secure communication with HashiCorp Vault.

Features

  • Supports Vault HTTP API v1 (health check, secrets retrieval)
  • Compatible with Vault secret engines v1 and v2
  • TLS support with hyper-rustls and WebPKI roots
  • Async and efficient using hyper-util and tokio
  • Customizable Vault connection options (address, port, token, protocol)
  • Error handling with detailed Vault status codes

Usage

use coult::{Config, Vault};
use serde::Deserialize;
#[derive(Debug, Deserialize)]
struct Secret {
    password: String,
}

#[tokio::main]
async fn main() {
    tracing_subscriber::fmt::init();
    let vault = Vault::new()
        .address("localhost")
        .protocol("http")
        .token("imtokenbro")
        .port(8200)
        .secret_path("kv/data/test")
        .build().await.unwrap();
    let data = vault.get_secret::<Secret>().await.unwrap();
    println!("{:?}", data)
}

Replace YourSecretStruct with your custom struct that implements serde::Deserialize.

API

VaultBuilder

  • address(String): Set Vault server address (default: 127.0.0.1)
  • port(u16): Set Vault server port (default: 8200)
  • token(String): Set Vault token for authentication
  • secret_path(String): Set the Vault secret path to retrieve
  • https(): Use HTTPS protocol (default: http)
  • protocol(String): Set protocol (http or https)
  • build(): Build and return a Vault instance asynchronously

Vault

  • health_check(): Check Vault health status
  • get_secret(): Get secret from Vault using secret engine v1
  • get_secret_v2(): Get secret from Vault using secret engine v2

Error Handling

The client returns detailed errors based on Vault HTTP status codes, such as:

  • VaultSealed (503)
  • VaultInvalidPath (404)
  • VaultNotInitialized (501)
  • VaultActiveDRsecondaryNode (472)
  • VaultStandbyPerformanceNode (473)
  • Other Vault-specific errors

Environment Variables

If values are not explicitly set in the builder, these environment variables will be used as defaults:

  • VAULT_ADDRESS - Vault server address
  • VAULT_PORT - Vault server port
  • VAULT_TOKEN - Vault authentication token
  • VAULT_SECRET_PATH - Vault secret path
  • VAULT_PROTOCOL - Protocol (http or https)

Contributing

Contributions are welcome! Please open issues or submit pull requests.