Crate lmrc_vault

Crate lmrc_vault 

Source
Expand description

§lmrc-vault

HashiCorp Vault management library for the LMRC Stack.

This library provides comprehensive functionality for managing HashiCorp Vault installations on Kubernetes/K3s clusters and interacting with the Vault API for secret management.

§Features

  • Vault Deployment: Deploy Vault to K3s/Kubernetes clusters via Helm
  • Client Operations: Read, write, list, and delete secrets (KV v2 engine)
  • Authentication: Token-based and Kubernetes service account authentication
  • Initialization: Initialize and unseal Vault clusters
  • Policy Management: Create and manage Vault policies
  • Builder Pattern API: Fluent, type-safe configuration
  • Error Handling: Comprehensive error types with context

§Quick Start

§Using Vault Client

use lmrc_vault::{VaultClient, VaultConfig, SecretOperations};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create Vault client configuration
    let config = VaultConfig::builder()
        .address("https://vault.example.com:8200")
        .token("hvs.CAESIJ...")
        .build()?;

    // Create client
    let client = VaultClient::new(config)?;

    // Write a secret (using trait methods)
    client.write_secret(
        "secret/data/myapp/config",
        &[("db_password", "secure_pass"), ("api_key", "key123")]
    ).await?;

    // Read a secret
    let secret = client.read_secret("secret/data/myapp/config").await?;
    println!("Database password: {}", secret.get("db_password").unwrap());

    Ok(())
}

§Deploying Vault to K3s

use lmrc_vault::{VaultDeployment, VaultDeploymentConfig};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = VaultDeploymentConfig::builder()
        .namespace("vault")
        .replicas(3)
        .storage_size("10Gi")
        .enable_ui(true)
        .build()?;

    let deployment = VaultDeployment::new(
        "192.168.1.100",
        "root",
        config
    );

    // Deploy Vault via Helm (not async)
    deployment.deploy()?;

    // Initialize Vault (not async)
    let init_result = deployment.initialize(5, 3)?;
    println!("Root token: {}", init_result.root_token);
    println!("Unseal keys: {:?}", init_result.unseal_keys);

    Ok(())
}

Re-exports§

pub use client::VaultClient;
pub use config::VaultConfig;
pub use config::VaultConfigBuilder;
pub use config::VaultDeploymentConfig;
pub use deployment::VaultDeployment;
pub use error::Result;
pub use error::VaultError;
pub use manager::VaultManager;
pub use operations::InitResult;
pub use operations::SecretData;
pub use operations::SecretOperations;

Modules§

client
config
deployment
error
manager
operations