vault_client 0.3.2

A client library for HashiCorp Vault
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

//! A simple binary that will just connect to Vault and keep its token up to date.

extern crate futures;
extern crate tokio_core;
extern crate url;
extern crate vault_client;

use vault_client::*;

use std::env;
use std::path::Path;
use std::sync::Arc;
use std::time::Duration;

use futures::Future;
use tokio_core::reactor::Core;
use url::Url;

fn main() {
    let mut core = Core::new().unwrap();

    let token = Token::try_new(
        env::var("VAULT_TOKEN").unwrap(),
        Duration::from_secs(10),
        Duration::from_secs(2),
    ).unwrap();
    let vault_url = Url::parse(&env::var("VAULT_ADDR").unwrap()).unwrap();
    let vault_cert = Path::new("test/certificates/vault.crt");

    // The vault client can use a cache file to persist the token and secrets over service restart.
    // This will pick up any old (non-expired) secrets, and ensure that any new ones are written to
    // the file. It should be accessible only to root.
    let cache_file = Path::new("/tmp/vault-agent");

    // At a minimum, we need the Vault token, IP and X.509 certificate.
    let vault_client = Arc::new(
        Client::try_new(
            &vault_url,
            vault_cert,
            token,
            cache_file,
            core.remote(),
            Duration::from_secs(60),
            Duration::from_secs(360),
        ).unwrap(),
    );

    // Get a new certificate
    let vault_client_clone = vault_client.clone();
    std::thread::spawn(move || loop {
        let result = vault_client_clone.get_certificate("localhost").wait();

        println!("{:?}", result);

        std::thread::sleep(Duration::from_secs(10));
    });

    core.run(futures::empty::<(), ()>()).unwrap();
}