Synchronize secrets between HashiCorp Vault instances
A poor man's tool to replicate secrets from one Vault instance to another.
How it works
When vault-sync starts, it does a full copy of the secrets from the source Vault instance to the destination Vault instance. Periodically, vault-sync does a full reconciliation to make sure all the destination secrets are up to date.
At the same time, you can manually enable the Socket Audit Device for the source Vault, so Vault will be sending audit logs to vault-sync. Using these audit logs, vault-sync keeps the secrets in the destination Vault up to date. Note that vault-sync does not create or delete the audit devices by itself.
It is possible to use the same Vault instance as the source and the destination. You can use this feature to replicate a "folder" of secrets to another "folder" on the same server. You need to specify different prefixes (src.prefix and dst.prefix) in the configuration file to make sure the source and the destination do not overlap.
- Devel package for openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security/vault-sync && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| _service | 0000000713 713 Bytes | |
| _servicedata | 0000000236 236 Bytes | |
| vault-sync-0.9.2.obscpio | 0000199691 195 KB | |
| vault-sync.changes | 0000000232 232 Bytes | |
| vault-sync.obsinfo | 0000000099 99 Bytes | |
| vault-sync.service | 0000000304 304 Bytes | |
| vault-sync.spec | 0000003082 3.01 KB | |
| vault-sync.yaml.dummy | 0000000094 94 Bytes | |
| vendor.tar.zst | 0021273612 20.3 MB |
Latest Revision
Ana Guerrero (anag+factory)
accepted
request 1187968
from
Johannes Kastl (ojkastl_buildservice)
(revision 5)
initialized devel package after accepting 1187968
Comments 0