Skip to content
This repository was archived by the owner on Jul 26, 2022. It is now read-only.

Commit 6bd9570

Browse files
rimitchellrimitchell
authored
feat: Vault namespace support (#403)
* Grab the vault namespace from the environment * Apply the Vault Namespace header * fix: Missing space on if statement * Doc: Adding documentation referencing how to use `VAULT_NAMESPACE`
1 parent 7190120 commit 6bd9570

File tree

3 files changed

+16
-2
lines changed

3 files changed

+16
-2
lines changed

README.md

+2
Original file line numberDiff line numberDiff line change
@@ -345,6 +345,8 @@ spec:
345345
property: api-key
346346
```
347347
348+
If you use Vault Namespaces (a Vault Enterprise feature) you can set the namespace to interact with via the `VAULT_NAMESPACE` environment variable.
349+
348350
If Vault uses a certificate issued by a self-signed CA you will need to provide that certificate:
349351

350352
```sh

config/environment.js

+4
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ if (environment === 'development') {
1717
}
1818

1919
const vaultEndpoint = process.env.VAULT_ADDR || 'http://127.0.0.1:8200'
20+
// Grab the vault namespace from the environment
21+
const vaultNamespace = process.env.VAULT_NAMESPACE || null
22+
2023
const pollerIntervalMilliseconds = process.env.POLLER_INTERVAL_MILLISECONDS
2124
? Number(process.env.POLLER_INTERVAL_MILLISECONDS) : 10000
2225

@@ -32,6 +35,7 @@ const customResourceManagerDisabled = 'DISABLE_CUSTOM_RESOURCE_MANAGER' in proce
3235

3336
module.exports = {
3437
vaultEndpoint,
38+
vaultNamespace,
3539
environment,
3640
pollerIntervalMilliseconds,
3741
metricsPort,

config/index.js

+10-2
Original file line numberDiff line numberDiff line change
@@ -54,15 +54,23 @@ const systemManagerBackend = new SystemManagerBackend({
5454
assumeRole: awsConfig.assumeRole,
5555
logger
5656
})
57-
const vaultClient = vault({
57+
const vaultOptions = {
5858
apiVersion: 'v1',
5959
endpoint: envConfig.vaultEndpoint,
6060
requestOptions: {
6161
// When running vault in HA mode, you must follow redirects on PUT/POST/DELETE
6262
// See: https://github.com/kr1sp1n/node-vault/issues/23
6363
followAllRedirects: true
6464
}
65-
})
65+
}
66+
// Include the Vault Namespace header if we have provided it as an env var.
67+
// See: https://github.com/kr1sp1n/node-vault/pull/137#issuecomment-585309687
68+
if (envConfig.vaultNamespace) {
69+
vaultOptions.headers = {
70+
'X-VAULT-NAMESPACE': envConfig.vaultNamespace
71+
}
72+
}
73+
const vaultClient = vault(vaultOptions)
6674
const vaultBackend = new VaultBackend({ client: vaultClient, logger })
6775
const azureKeyVaultBackend = new AzureKeyVaultBackend({
6876
credential: azureConfig.azureKeyVault(),

0 commit comments

Comments
 (0)