Vault Maven Plugin

A plugin that supports retrieving values from HashiCorp Vault.

License

License

Categories

Categories

Maven Build Tools
GroupId

GroupId

com.deciphernow
ArtifactId

ArtifactId

vault-maven-plugin
Last Version

Last Version

1.1.0
Release Date

Release Date

Type

Type

maven-plugin
Description

Description

Vault Maven Plugin
A plugin that supports retrieving values from HashiCorp Vault.
Project URL

Project URL

https://github.com/deciphernow/vault-maven-plugin
Source Code Management

Source Code Management

https://github.com/deciphernow/vault-maven-plugin

Download vault-maven-plugin

How to add to project

<plugin>
    <groupId>com.deciphernow</groupId>
    <artifactId>vault-maven-plugin</artifactId>
    <version>1.1.0</version>
</plugin>

Dependencies

compile (2)

Group / Artifact Type Version
com.bettercloud : vault-java-driver jar 2.0.0
org.freemarker : freemarker jar 2.3.23

provided (5)

Group / Artifact Type Version
org.apache.maven : maven-artifact jar 3.3.9
org.apache.maven : maven-compat jar 3.3.9
org.apache.maven : maven-core jar 3.3.9
org.apache.maven : maven-plugin-api jar 3.3.9
org.apache.maven.plugin-tools : maven-plugin-tools-annotations jar 3.5

test (6)

Group / Artifact Type Version
com.deciphernow : moby-dns jar 1.0.0
com.google.guava : guava jar 19.0
com.google.guava : guava-testlib jar 19.0
junit : junit jar 4.12
org.apache.maven.plugin-testing : maven-plugin-testing-harness jar 3.3.0
org.jacoco : org.jacoco.agent jar 0.7.9

Project Modules

There are no modules declared in this project.

vault-maven-plugin

This Maven plugin supports pull and pushing Maven project properties from secrets stored in HashiCorp Vault.

Usage

To include the vault-maven-plugin in your project add the following plugin to your pom.xml file:

<build>
    <plugins>
        <plugin>
            <groupId>com.deciphernow</groupId>
            <artifactId>vault-maven-plugin</artifactId>
            <version>1.0.0-SNAPSHOT</version>
        </plugin>
    </plugins>
</build>

Pulling Secrets

In order to pull secrets you must add an execution to the plugin. The following execution will pull secrets from secret/user path on the Vault server https://vault.example.com. In particular, this configuration will set the value of the ${project.password} and ${project.username} Maven properties to the secrets ${vault.password} and ${vault.username} respectively.

<build>
    <plugins>
        <plugin>
            <groupId>com.deciphernow</groupId>
            <artifactId>vault-maven-plugin</artifactId>
            <version>1.0.0-SNAPSHOT</version>
            <executions>
                <execution>
                    <id>pull</id>
                    <phase>initialize</phase>
                    <goals>
                        <goal>pull</goal>
                    </goals>
                    <configuration>
                        <servers>
                            <server>
                                <url>https://vault.example.com</url>
                                <token>bf6ba314-47f1-4b9d-ab87-2b8e53fc640f</token>
                                <paths>
                                    <path>
                                        <name>secret/user</name>
                                        <mappings>
                                            <mapping>
                                                <key>vault.password</key>
                                                <property>project.password</property>
                                            </mapping>
                                            <mapping>
                                                <key>vault.username</key>
                                                <property>project.username</property>
                                            </mapping>
                                        </mappings>
                                    </path>
                                </paths>
                            </server>
                        </servers>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

Note that the execution will fail if a specified secret key does not exist and that an existing project property will be overwritten.

Pushing Secrets

In order to pull secrets you must add an execution to the plugin. The following execution will pull secrets from secret/user path on the Vault server https://vault.example.com. In particular, this configuration will set the value of the ${project.password} and ${project.username} Maven properties to the secrets ${vault.password} and ${vault.username} respectively.

<build>
    <plugins>
        <plugin>
            <groupId>com.deciphernow</groupId>
            <artifactId>vault-maven-plugin</artifactId>
            <version>1.0.0-SNAPSHOT</version>
            <executions>
                <execution>
                    <id>push</id>
                    <phase>verify</phase>
                    <goals>
                        <goal>push</goal>
                    </goals>
                    <configuration>
                        <servers>
                            <server>
                                <url>https://vault.example.com</url>
                                <token>bf6ba314-47f1-4b9d-ab87-2b8e53fc640f</token>
                                <paths>
                                    <path>
                                        <name>secret/user</name>
                                        <mappings>
                                            <mapping>
                                                <key>vault.password</key>
                                                <property>project.password</property>
                                            </mapping>
                                            <mapping>
                                                <key>vault.username</key>
                                                <property>project.username</property>
                                            </mapping>
                                        </mappings>
                                    </path>
                                </paths>
                            </server>
                        </servers>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

Note that the execution will fail if a specified project property does not exist and that an existing secret value will be overwritten.

Building

This build uses standard Maven build commands but assumes that the following are installed and configured locally:

  1. Java (1.8 or greater)
  2. Maven (3.0 or greater)
  3. Docker

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
com.deciphernow

Decipher Technology Studios

Software for your sixth sense

Versions

Version
1.1.0
1.0.0