How to login with Vault from node app (token auth)?

Nikubik · September 14, 2020, 9:56am

Hello everyone,

Login with Vault must be done manually (via the CLI command or the UI) ? or can we do it from the app (via request on route) ?

What is the right syntaxe to do so (i use node-vault) ?
I try many variations of this, but can’t find the right one.

vault.request({ path: '/v1/auth/token', method: "PUT", headers: { "X-Vault-Token":"s.DaIjPGO5zQfo432gsCm0aTQV" } })
.then (res => {
	console.log('/auth/:token ', res);
})
.catch((err) => {
	console.log("\n     errrrrrreur token header ");
	console.error(err);
});

mikegreen · September 16, 2020, 2:26pm

How do you want your node app to authenticate to Vault?
You’ll need to get a token from one of the auth methods, like approle:

github.com

kr1sp1n/node-vault/blob/master/example/auth_approle.js

// file: example/auth_approle.js

process.env.DEBUG = 'node-vault'; // switch on debug mode

const vault = require('./../src/index')();
const mountPoint = 'approle';
const roleName = 'test-role';

vault.auths()
.then((result) => {
  if (result.hasOwnProperty('approle/')) return undefined;
  return vault.enableAuth({
    mount_point: mountPoint,
    type: 'approle',
    description: 'Approle auth',
  });
})
.then(() => vault.addApproleRole({ role_name: roleName, policies: 'dev-policy, test-policy' }))
.then(() => Promise.all([vault.getApproleRoleId({ role_name: roleName }),
  vault.getApproleRoleSecret({ role_name: roleName })])

This file has been truncated. show original

Node would use the secret/role IDs to auth to Vault and get a token. You can provide that secret/role ID via your build pipeline, variables, a file, etc.