Merka-Vault
A Rust-based tool for managing and automating HashiCorp Vault operations.
Features
- Initialize Vault instances
- Unseal Vault instances
- Set up PKI infrastructure
- Auto-unseal support
CLI Usage
merka-vault [OPTIONS] [COMMAND]
Global Options
-a, --address <ADDR>: Vault server address (default: "http://127.0.0.1:8200")-v, --verbose: Enable verbose output-h, --help: Display help information
Commands
init
Initialize a new Vault instance.
merka-vault init [OPTIONS]
Options:
-s, --shares <SHARES>: Number of key shares to split the root key into (default: 5)-t, --threshold <THRESHOLD>: Number of shares required to reconstruct the root key (default: 3)
unseal
Unseal a Vault instance using key shares.
merka-vault unseal [OPTIONS] [KEY]
Options:
-k, --key <KEY>: Provide unseal key (can be repeated for multiple keys)
pki-setup
Set up PKI infrastructure.
merka-vault pki-setup [OPTIONS]
Options:
-r, --role <ROLE_NAME>: Role name for PKI (default: "cert-issuer")
auto-unseal
Configure and perform auto-unsealing.
merka-vault auto-unseal [OPTIONS]
Options:
-r, --recovery-shares <SHARES>: Number of recovery shares (default: 3)
Programmatic Usage
The same operations available via CLI can be performed programmatically using the VaultActor:
let = start_vault_actor_with_channel;
let result = actor.send.await?;
For more details, see the API documentation.
Development
Example (macOS):
# for private repos dependencies
# Install Rust
|
# Install Just
# Run tests
# Start local setup
# Build the project
# Setup root vault
# Configure sub vault auto-unseal
VAULT_TOKEN=<UNWRAPPED_TOKEN> &&
# Setup sub vault
Contributing
Contributions are welcome! See CONTRIBUTING.md for details.
License
Licensed under MIT or Apache 2.0. See LICENSE for details.
Code of Conduct
This project adheres to a Contributor Code of Conduct. By contributing, you agree to abide by its terms.