vault_credentials/lib.rs
1use crate::credentials::Credentials;
2
3mod token_retriever;
4mod secret_retriever;
5mod credentials;
6
7/// Initialize the retrieving of the secrets to Vault.
8/// You must provide at least the three following environment variables:
9/// * `VAULT_ADDR`
10/// * `VAULT_PATH`
11/// * `VAULT_TYPE`
12/// ```rust
13/// use dotenv::dotenv;
14///
15/// #[tokio::main]
16/// async fn main() {
17/// dotenv().ok();
18/// vault_credentials::initialize().await;
19///
20/// println!("{}", std::env::var("github.com.api-key").unwrap());
21/// // Output: 123456
22/// }
23/// ```
24/// # Using token
25/// ```env
26/// VAULT_TYPE=token
27/// VAULT_TOKEN=[...]
28/// ```
29/// # Using app role
30/// ```env
31/// VAULT_TYPE=approle
32/// VAULT_ROLE_ID=[...]
33/// VAULT_SECRET_ID=[...]
34/// ```
35/// # Using kubernetes
36/// ```env
37/// VAULT_TYPE=kubernetes
38/// VAULT_K8S_AUTH_PATH?=kubernetes-id
39/// K8S_SERVICE_TOKEN=/path/to/k8s.json
40/// VAULT_ROLE_NAME=[...]
41/// ```
42/// # Using user pass
43/// ```env
44/// VAULT_TYPE=userpass
45/// VAULT_USERNAME=[...]
46/// VAULT_PASSWORD=[...]
47/// ```
48/// # Using ldap
49/// ```env
50/// VAULT_TYPE=ldap
51/// VAULT_USERNAME=[...]
52/// VAULT_PASSWORD=[...]
53/// ```
54/// # Optional namespace
55/// You can specify a namespace using `VAULT_NAMESPACE` environment variable.
56pub async fn initialize() {
57 let vault_credentials = Credentials::new();
58 let auth_token = token_retriever::retrieve_token(vault_credentials.clone()).await;
59 secret_retriever::retrieve(vault_credentials, auth_token).await;
60}