vaultrs

<p align="center"> <a href="https://crates.io/crates/vaultrs"> <img src="https://img.shields.io/crates/v/vaultrs"> </a> <a href="https://docs.rs/vaultrs"> <img src="https://img.shields.io/docsrs/vaultrs" /> </a> <a href="https://developer.hashicorp.com/vault/"> <img src="https://img.shields.io/badge/Vault-1.8.2-green" /> </a> <a href="https://github.com/jmgilman/vaultrs/actions/workflows/ci.yml"> <img src="https://github.com/jmgilman/vaultrs/actions/workflows/ci.yml/badge.svg"/> </a> </p>

An asynchronous Rust client library for the Hashicorp Vault and OpenBao API

The following features are currently supported:

• Auth
  • AppRole
  • AWS (Only Vault is tested, as for OpenBao its an external plugin)
  • JWT/OIDC
  • Kubernetes
  • Token
  • Certificate
  • Userpass
• Secrets
  • AWS
  • Cubbyhole
  • Databases
  • KV v1
  • KV v2
  • PKI
  • SSH
  • Transit
• Sys
  • Health
  • Policies
  • Sealing
  • Wrapping

See something missing? Open an issue.

Installation

First, choose one of the two TLS implementations for vaultrs' connection to Vault:

• rustls (default) to use Rustls
• native-tls to use rust-native-tls, which builds on your platform-specific TLS implementation.

Then, add vaultrs as a dependency to your cargo.toml:

1. To use Rustls, import as follows:

[dependencies]
vaultrs = "0.8.0"

2. To use rust-native-tls, which builds on your platform-specific TLS implementation, specify:

[dependencies]
vaultrs = { version = "0.8.0", default-features = false, features = [ "native-tls" ] }

Usage

Setup the client

The client is used to configure the connection to Vault and is required to be passed to all API calls for execution. Behind the scenes it uses an asynchronous client from Reqwest for communicating to Vault.

use vaultrs::client::{VaultClient, VaultClientSettingsBuilder};

// Create a client
let client = VaultClient::new(
    VaultClientSettingsBuilder::default()
        .address("https://127.0.0.1:8200")
        .token("TOKEN")
        .build()
        .unwrap()
).unwrap();

For more usages, take a look at the documentation

Error Handling and Tracing

All errors generated by this crate are wrapped in the ClientError enum provided by the crate. API warnings are automatically captured via tracing and API errors are captured and returned as their own variant. Connection related errors from rustify are wrapped and returned as a single variant.

All top level API operations are instrumented with tracing's #[instrument] attribute.

Testing

See the the tests directory for tests. Run tests with cargo test.

Note: All tests rely on bringing up a local Vault development server using Docker. In order to run tests Docker must be running locally (Docker Desktop works). The first run will be longer than other because it will fetch images.

Some long-running tests are ignored by default locally. To run them do:

cargo test -- --include-ignored

Contributing

Check out the issues for items needing attention or submit your own and then:

1. Fork the repo (https://github.com/jmgilman/vaultrs/fork)
2. Create your feature branch (git checkout -b feature/fooBar)
3. Commit your changes (git commit -am 'Add some fooBar')
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request

See CONTRIBUTING for extensive documentation on the architecture of this library and how to add additional functionality to it.