Bootstrap FreeKB - Hashicorp Vault - List secrets using Node.js
Hashicorp Vault - List secrets using Node.js
Updated:   |  Hashicorp Vault articles

This assumes you are familiar with the Python hvac client. If not, check out my article Hashicorp Vault - Getting Started with Python hvac.

This assumes the following has already been done.

Let's say the secrets engine has been enabled with -path=secret/

~]# vault secrets enable -path=secret/ kv
Success! Enabled the kv secrets engine at: secret/

 

And let's say approle has been enabled and there is a role named "my-role" and contains a policy named "my-policy".

~]$ vault read auth/approle/role/my-role
Key                        Value
---                        -----
policies                   [my-policy]

 

In this example, since the secrets engine has been enabled with -path=secret/ the policy path will need to begin with secret/

Let's say "my-policy" permits the following capabilities to "secret/my_path/*".

~]$ vault policy read my-policy
path "secret/my_path/*" {
  capabilities = ["create", "delete", "list", "patch", "read", "update"]
}

 

In this scenario, you would first login to Hashicorp Vault.

  • Login to Hashicorp Vault using approle auth in Node.js
  • Login to Hashicorp Vault using token auth in Node.js

In this example

  • secret/my_path/metadata is used here since my-policy has secret/my_path
var options = {
  apiVersion: 'v1',
  endpoint: 'https://vault.example.com',
  token: hvs.CAESIGQw4N7647TsPLwr0c7k3OME4pOE3_SV1CdgtO6edTSIGiUKHGh2cy5oR0xoR25IeG1ySHpiNUhIU0hmRzNoTVoQgKCBCRgI
};

var vault = require("node-vault")(options);

vault.list('secret/my_path/metadata')
  .then(console.log)

 

Something like this should be returned. In this example, there are two secrets at secret/my_path/, my_first_secret and my_second_secret.

{
  'request_id': 'd0e769b7-7c2b-c0b0-3606-033ba351461f', 
  'lease_id': '', 
  'renewable': False, 
  'lease_duration': 0, 
  'data': {
    'keys': [
      'my_first_secret', 
      'my_second_secret'
    ]
  }, 
  'wrap_info': None, 
  'warnings': None, 
  'auth': None
}

 

Here is how you can return only the keys.

var options = {
  apiVersion: 'v1',
  endpoint: 'https://vault.example.com',
  token: hvs.CAESIGQw4N7647TsPLwr0c7k3OME4pOE3_SV1CdgtO6edTSIGiUKHGh2cy5oR0xoR25IeG1ySHpiNUhIU0hmRzNoTVoQgKCBCRgI
};

var vault = require("node-vault")(options);

vault.list('secret/my_path/metadata')
  .then(response => {console.log(response.data.keys)})

 

Which should return something like this.

[
  'my_first_secret', 
  'my_second_secret'
]

 

Here is how you can loop through each key.

var options = {
  apiVersion: 'v1',
  endpoint: 'https://vault.example.com',
  token: hvs.CAESIGQw4N7647TsPLwr0c7k3OME4pOE3_SV1CdgtO6edTSIGiUKHGh2cy5oR0xoR25IeG1ySHpiNUhIU0hmRzNoTVoQgKCBCRgI
};

var vault = require("node-vault")(options);

vault.list('secret/my_path/metadata')
  .then(
    response => {
      response.data.keys.forEach(
        item => {
          console.log(`item = ${item}`)
        }
      )
    }
  )

 

Which should return the following.

item = 'my_first_secret' 
item = 'my_second_secret'

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 780a0f in the box below so that we can be sure you are a human.