merka-vault 0.1.0

Vault provisioning and management crate integrating with merka-core
Documentation

merka-vault

Crates.io Docs.rs Build License: MIT or Apache 2.0

merka-vault is a Rust library and CLI tool for bootstrapping HashiCorp Vault. It automates initialization (seal/unseal), configures a PKI secrets engine, and sets up various authentication methods. It integrates with the merka-core actor framework or works as a standalone tool.

Features

  • Vault Initialization & Unsealing – Initialize and unseal Vault using Shamir's secret shares.
  • PKI Setup – Enable Vault’s PKI engine and create a self-signed root CA or intermediate CA.
  • AppRole Authentication – Enable AppRole and create roles for applications.
  • Kubernetes Authentication – Use the Kubernetes auth method to trust service account tokens.
  • CLI Tool – Command-line management for initialization, PKI, and auth configuration.
  • Actor Integration – Asynchronous Vault management using VaultActor with Actix.

Usage (CLI)

  1. Initialize and unseal Vault:
merka-vault init --secret-shares 3 --secret-threshold 2
  1. Set up PKI and authentication:
merka-vault setup-pki --domain my-org.com --ttl 4380h
merka-vault auth approle --role-name myapp --policies default,my-policy

Usage (Rust)

  • Build the project: just build
  • Run tests: just test

Development

Example (macOS):

# Install Rust
curl https://sh.rustup.rs -sSf | sh

# Install Just
brew install just

# Run tests
just test

Contributing

Contributions are welcome! See CONTRIBUTING.md for details.

License

Licensed under MIT or Apache 2.0. See LICENSE for details.

Code of Conduct

This project adheres to a Contributor Code of Conduct. By contributing, you agree to abide by its terms.