# VERY Pre-Beta
This is a work in progress tool. Right now it doesn't do much except merge some yaml files together.
# vault-vars
Vault-vars is a command line tool to allow you to read secrets from Hashicorp Vault and save them to a terraform `auto.tfvars.json` file.
# Installation:
```
cargo install vault-vars
```
# Usage:
By default, the tool will read as input any file that matches the name `*vault-vars.yaml` or `*vault-vars.yml`.
By default, the tool will output **the merged json representation** of all the input files to: `vv.auto.tfvars.json`
# Work in progress:
## The base goal:
The eventual goal is that the tool will be able to read entries like this:
```
appCreds:
username:
@vault:
path: secret/app/credentials
subpath: username
password:
@vault:
path: secret/app/credentials
subpath: password
```
and use the `@vault` config to read secrets from vault.
```
appCreds:
username: iamroot
password: password123
```
## Shorthands:
There will be various shorthands as well. For example:
```
appCreds:
@vault: secret/app/credentials
```
Will read the secret at the given path and write every key value pair under it:
```
appCreds:
username: iamroot
password; password123
```
## Stretch Goals:
- support both read and write operations (e.g.: when fetching a PKI cert from vault)
- support other secret engine sources
- AWS Vault
- Azure Vault
- Apple Keychain