better integration by looking at docs #1

Closed
v wants to merge 0 commits from handle-resp into main
7 changed files with 9 additions and 35 deletions

View file

@ -1,7 +0,0 @@
pipeline:
build:
image: nixos/nix:2.15.0
environment:
- NIX_CONFIG=experimental-features = nix-command flakes
commands:
- nix build

2
Cargo.lock generated
View file

@ -437,7 +437,7 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]]
name = "vault-unseal"
version = "0.3.0"
version = "0.2.0"
dependencies = [
"dotenv",
"serde",

View file

@ -1,6 +1,6 @@
[package]
name = "vault-unseal"
version = "0.3.0"
version = "0.2.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

View file

@ -1,13 +1,2 @@
# Vault Unsealer
| :exclamation: this method of unsealing the vault is not recommended if you have high security requirements! |
|-----------------------------------------|
This is a simple Rust program that automatically unseals a hashicorp vault instance given a list of keys.
## Environment Variables
| env var | default | description |
| ---------- | :-------: | ----------- |
| VAULT_ADDR | - | address of the vault server |
| VAULT_KEY_FILE | - | a JSON file containing vault unseal key(s), see [./example_keys.json](./example_keys.json). |
| UNSEAL_INTERVAL | 15 | seconds to wait between checks / unseal attempts |
This is a simple Rust program that automatically unseals a hashicorp vault instance

View file

@ -1,7 +0,0 @@
{
"keys": [
"a",
"b",
"c"
]
}

View file

@ -16,7 +16,8 @@
pname = toml.package.name;
version = toml.package.version;
src = self;
cargoLock.lockFile = ./Cargo.lock;
cargoSha256 =
"sha256-eOvTR7TpFpi83J3G8HPXgOBryTzkq4XWp6CER6UDCbo=";
};
};
});

View file

@ -9,6 +9,7 @@ use std::{env, fs::File};
use tracing::{info, subscriber, warn};
use tracing_subscriber::FmtSubscriber;
use ureq::Error::Status;
use ureq::Response;
#[derive(Debug, Deserialize)]
struct KeyFile {
@ -54,11 +55,8 @@ fn is_sealed(health_url: &str) -> bool {
}
}
/// Unseals a vault given keys and url
///
/// See: https://developer.hashicorp.com/vault/api-docs/system/unseal
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
for key in keyfile.keys.iter() {
for key in keyfile.keys.iter().enumerate() {
match ureq::post(unseal_url).send_json(json!({ "key": key })) {
Ok(resp) if resp.status() == 200 => {
if let Ok(UnsealResponse {
@ -75,7 +73,7 @@ fn unseal(keyfile: &KeyFile, unseal_url: &str) {
info!("unsealed vault partially {progress}/{t}");
}
}
Ok(resp) | Err(Status(_, resp)) => warn!(
Ok(resp) => warn!(
"error unsealing vault, got code '{}', with message: {}",
resp.status(),
resp.status_text()