Skip to content

Generate OpenBao/Vault policies from Consul Template templates

Notifications You must be signed in to change notification settings

danielgormly/baobud

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Baobud

Release Baobud

Generate OpenBao/Vault policies from Consul Template templates. Baobud dynamically evaluates the template to determine all Vault requests.

Limitations & Caveats

  • Baobud does not support evaluating Consul nor Nomad requests.
  • This is currently built with the Consul Template SDK, that uses the Vault SDK. If OpenBao/Vault API diverges, this will break for OpenBao.
  • Incorrect auth will give you an ugly runtime error.

Usage example

input: template.toml.tmpl

{{ with secret "secret/prod/example" }}
  EXAMPLE_SECRET: {{ .Data.EXAMPLE_SECRET }}
  EXAMPLE_CONFIG: {{ .Data.EXAMPLE_CONFIG }}
{{ end }}

Usage

# Create policy & write to stdout
baobud -f template.ctmpl
# path "secret/prod/example" {
#  capabilities = ["read"]
# }

# Create policy & write to file
baobud -f template.ctmpl -o policy.hcl

Other commands

baobud version # prints version
baobud help # prints help info

Installation

# Linux
curl -Lo baobud https://github.com/danielgormly/baobud/releases/download/v0.0.1-alpha-11/baobud-linux-amd64
# MacOS (ARM-based)
curl -Lo baobud https://github.com/danielgormly/baobud/releases/download/v0.0.1-alpha-11/baobud-darwin-arm64
# Install
chmod +x baobud
mv baobud /usr/local/bin/
baobud version

About

Generate OpenBao/Vault policies from Consul Template templates

Resources

Stars

Watchers

Forks

Packages

No packages published