Spawn environments from securely stored secrets.
With so many secrets floating around in our modern lives, it's a wonder we're able to keep track of any of them!
vaulted
allows you to create vaults of related secrets and then spawn
environments with these secrets. Vaults can contain secure environment
variables, AWS credentials, or SSH keys (RSA, DSA, & ECDSA).
vaulted
also attempts to insulate spawned environments from other
environments on the system. Temporary AWS credentials are created for each
spawned environment as well as a new SSH agent. The SSH agent still allows
access keys in the parent environment's SSH agent, but any keys added inside
the environment are only available in the spawned environment.
The easiest way to install vaulted
on macOS is through
Homebrew.
brew install vaulted
Installation on other platforms should be simple enough through go get
as
long as you have a proper Go environment setup:
go get -u github.com/miquella/vaulted
Don't forget to add $GOPATH/bin
to your $PATH
!
vaulted
is oriented around vaults of secrets that are used to spawn
environments. To get started, add a new vault:
vaulted add my-vault
This will start an interactive editing mode that will help you create your
first vault. AWS keys, SSH keys, and arbitrary environment variables can be
added to the vault. Once you have your vault arranged how you would like, use
q
to exit the interactive mode and save the vault to disk.
While editing a vault, Ctrl+C
may be used to discard changes to the
vault.
Now that your vault has been saved, the list of vaults will reflect your newly saved vault:
vaulted ls
And you can use vaulted
to spawn a command in an environment generated from
the secrets stored in the vault:
vaulted -n my-vault -- aws s3 ls
Sometimes it is useful to be able to issue multiple commands that require the vault's secrets. In this case, you can spawn an interactive shell:
vaulted shell my-vault
Warning! Leaving interactive shells with your credentials loaded can be dangerous as you may inadvertently provide credentials to an application you didn't intend!
While vaulted
supports basic modification methods like copying, editing, and
removing, more advanced methods such as JSON-formatted dumping and loading are
also available. An environment can even be loaded into a running shell! See
vaulted --help
for available commands.
In addition to secrets, spawned environments also include the name of the vault
that was used to spawn the environment in the VAULTED_ENV
environment
variable. This is particularly useful if you would like to indicate the spawned
environment in your shell prompt.