This exists to solve a simple problem I had - simply fetching multiple secrets on the same path, and saving them to a file. It's written in Go, and is a single, snappy binary.

It's supposed to be used in smaller-scale projects, where you don't want to use a full-blown secret management system, but you still want to utilize Vault.

Use-case

  • I have a number of secrets in Vault, all under the same path.
  • I want to fetch them all, and save them to a file.
  • I have a Docker compose file that uses the env file to set environment variables for the containers.

Example

This will mount the current directory to the output of the .env file, and fetch the secrets from the path secret/staging with obviously fake credentials.

docker run -it --rm -v $(pwd):/app/output -e VAULT_ADDR=https://vault.example.com -e VAULT_TOKEN=1234567890 -e VAULT_SECRET_PATH=project/staging omznc/vaultfetch
omznc/vaultfetch