Vault Counter

Vault Counter

Written: 2019-12-22
Author: WhatsARanjit
Links:

The problem

You are running a HashiCorp Vault implementation, but you don’t have visiblity into the amount of usage that’s going on with it. THe APIs output a number of metrics in JSON format, so you’d like to use jq in order to manipulate the output, but you cannot install jq in the production area. Maybe you are running Docker though.

The fix

I’ve provided a Docker image that have all tools installed on it, which runs the necessary API calls and manipulates the data to provide useful information:

https://hub.docker.com/r/whatsaranjit/vault_counter

…allows you to run a tool-baked image that can count these for you:

Usage

The container runs several cURL commands against the API. Here’s what it looks like with supplied arguments:

$ docker run --rm \
  -e VAULT_ADDR=http://my.vault.url.com:8200 \
  -e VAULT_TOKEN=$VAULT_TOKEN \
  whatsaranjit/vault_counter
Vault address: http://my.vault.url.com:8200
Total entities: 2
Total auth roles/users: 2
Total tokens: 1

TLS Example

Be sure to share the cert/key/ca into the container for use.

docker run --rm \
  -v $PWD/certs:/certs \
  -e VAULT_CLIENT_CERT=/certs/test.crt \
  -e VAULT_CLIENT_KEY=/certs/test.key \
  -e VAULT_CACERT=/certs/ca.crt \
  -e VAULT_ADDR=https://my.vault.url.com:8200 \
  -e VAULT_TOKEN=$VAULT_TOKEN \
  whatsaranjit/vault_counter

Inputs

These are supplied to the runtime via environment variables.

The URL to your Vault server

Default: http://127.0.0.1:8200

A token with enough permissions to access the identity/ and sys/auth/ endpoints.

Default: root

Namespace within Vault to count along with all child namespaces.

Default: null

Path to file containing the client certificate.

Default: null

Path to file containing the client key.

Default: null

Path to file containing the CA certificate.

Default: null

Set to anything to add the -v flag to cURL statements.

Default: null