Vault node by Kumologica integrates seamlessly with HashiCorp Vault (opens new window) secret engine. Enabling to store and retrieve secrets from Vault that can be used anywhere in your flows.
This node works with Vault REST API and it supports the following operations:
For Vault node to work properly, you need to have a valid installation of Vault running and http/s access available.
By default, the node is not available in the palette.
To install the node :
- Go to Add more nodes option on the palette section.
- Check for the Vault node and click install.
- Once installed, the designer is required to be restarted.
# Technical Details
- Protocols (Optional)
HTTP and HTTPs supported.
- Host (Required)
Hostname of HashiCorp Vault server.
- Port (Required)
Port number of HashiCorp Vault server.
- Auth Type (Optional)
Auth Type is the auth method used for authenticating with Vault server. Supports Token, App Role and Username & Password.
- Auth Token (Optional)
Root token provided by the Vault server when using token based auth method.
- Role Name (Optional)
Role name created in Vault server when using app role based auth method.
- User Name (Optional)
Username to be used when using Userpass auth method.
- Password (Optional)
Password to be used when using Userpass auth method.
- Action (Optional)
Operation to be selected over the key stored in HashiCorp Vault.
- Data Path (Optional)
Path of the key in HashiCorp Vault. Data path should be appended with /data/ for pointing to key location.
- Data Value (Optional)
Value to be stored against the key in HashiCorp Vault.
Vault node supports the following Auth Types.
Token auth method is the default, built-in method for authenticating using a token. For more details (opens new window)
The approle auth method allows machines or apps to authenticate with Vault-defined roles. For more details (opens new window)
Userpass auth method allows a user to authenticate against an username and password combination store in Vault. For more details (opens new window)
HashiCorp Vault node throws the following exception.
On successful execution, the result fetched from the data path from HashiCorp Vault will be stored in the
msg.payload object in the following format:
msg.payload.[name of the Vault node (space trimmed)].result.
For eg: If the name of the Vault node is fetch password, the result of successful execution will be stored as
# Develop a Service
Drag a drop an EventListener node from the palette to the canvas. Open the settings, configure the following and Save.
Display Name : POST /vault/key Event Source : Amazon API gateway Verb : GET URL : /vault/key
Add the HashiCorp Vault node to the canvas. Open the settings, provide the following configuration and click Save.
Display Name : Vault Protocol : HTTP Host : localhost Port : 8200 Auth Type : Token Auth Token : Root token from your Vault server Action : Read Data Path : /secret/data/mykey
mykeyis the key that is added to Vault server.
Wire the EventListener node to the Vault Node.
Add a Logger node to the flow and set the Message as
msg.payload.Vault.resultto print the value fetched from the Vault server. Click Save.
Add EventListener End node from the palette to the canvas. Open the settings, configure the following and Save.
Payload : msg.payload.Vault.result
Wire the Vault node to the EventListener End node.