valensas_vault/
lib.rs

1//! This library provides a convenient interface for interacting with Vault.
2//! It allows authentication, secret management, and token renewal.
3//!
4//! ## Installation
5//! Add the following to your `Cargo.toml` file:
6//! ```toml
7//! [dependencies]
8//! valensas-vault = "0.2.3"
9//! ```
10//!
11//! ## Features
12//!
13//! Only operations on a KV v2 secret engine are supported. Authentication can be performed using
14//! token or Kubernetes authentication.
15//!
16//! ## Usage
17//!
18//! ### Manual configuration
19//!
20//! Create a VaultConfig and AuthMethod to your needs:
21//!
22//! ```rust
23//!  let config = VaultConfig {
24//!      address: "http://localhost:8200".to_string(),
25//!      mount_path: "asd".to_string(),
26//!      client_timeout: std::time::Duration::from_secs(10),
27//!      healthcheck_file_path: "/healthcheck".to_string(),
28//!      login_retry_count: 10,
29//!  };
30//!  let auth_method: Arc<RwLock<dyn AuthMethod>> = Arc::new(RwLock::new(TokenAuth::new("some_token".to_string())));
31//! ```
32//!
33//! Create the VaultService from the config and auth method:
34//!
35//! ```rust
36//! let vault_service = VaultService::new(config, Arc::clone(&auth_method)).await.unwrap();
37//! ```
38//!
39//! ### Environment configuration
40//!
41//! The following environment variables are supported to configure the VaultService:
42//!
43//!```yaml
44//! VAULT_ADDR: "http://localhost:8200"
45//! VAULT_MOUNT_PATH: secret
46//! VAULT_HEALTH_CHECK_FILE: healthcheck_file
47//! VAULT_CLIENT_TIMEOUT: 5s
48//! VAULT_LOGIN_RETRY_COUNT: 5
49//! ```
50//!
51//! For Kubernetes Authentication:
52//! ```yaml
53//! VAULT_AUTH_METHOD: Kubernetes
54//! VAULT_KUBERNETES_TOKEN_PATH: /var/run/secrets/kubernetes.io/serviceaccount/token
55//! ```
56//!
57//! For Token Authentication:
58//! ```yaml
59//! VAULT_AUTH_METHOD: Token
60//! VAULT_TOKEN: vault_token
61//! ```
62//! Given values are default values of the variables. Make sure to replace the variable with your own variables for Vault configuration.
63//!
64//! ### Sample ussage
65//!
66//! ```rust
67//! use std::time::Duration;
68//! use valensas_vault::service::{HealthCheckData, VaultService};
69//! use serde::{Deserialize, Serialize};
70//!
71//! #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
72//! struct TestData {
73//!     name: String,
74//! }
75//!
76//! #[tokio::main]
77//! async fn main() {
78//!     let (vault_service, _auth_method) = VaultService::from_env().await.unwrap();
79//!
80//!     // Write a secret to Vault
81//!     let secret_key = "my-new-secret-key";
82//!     let secret_value = TestData {
83//!         name: "data".to_string(),
84//!     };
85//!     vault_service.insert(secret_key, secret_value).await.unwrap();
86//!     println!("Secret inserted successfully.");
87//!
88//!     // Read a secret from Vault
89//!     let value = vault_service.read::<TestData>(secret_key).await.unwrap();
90//!     println!("Secret read successfully.");
91//! }
92//! ```
93//!
94//! Token renewal:
95//!
96//!```rust
97//! use std::time::Duration;
98//! use valensas_vault::service::{VaultService, TokenRenewable};
99//! use tokio::sync::RwLock;
100//! use std::sync::Arc;
101//!
102//! #[tokio::main]
103//! async fn main() {
104//!     // Initialize the Vault service
105//!     let (vault_service, auth_method) = VaultService::from_env().await.unwrap();
106//!
107//!     let vault_service = Arc::new(RwLock::new(vault_service));
108//!
109//!     // Start token renewal
110//!     let handler = vault_service.start_token_renewal(auth_method);
111//!
112//!     // Perform some operations...
113//!     // ...
114//!
115//!     // Stop token renewal
116//!     // handler may be none in case if auth method is Kubernetes
117//!     if let Ok(Some(token_renewal_handler)) = handler {
118//!         vault_service.stop_token_renew_loop(token_renewal_handler).await;
119//!     }
120//! }
121//! ```
122pub mod config;
123pub mod service;
124pub mod auth;
125mod test;