Synchronize secrets between HashiCorp Vault instances
A poor man's tool to replicate secrets from one Vault instance to another.
How it works
When vault-sync starts, it does a full copy of the secrets from the source Vault instance to the destination Vault instance. Periodically, vault-sync does a full reconciliation to make sure all the destination secrets are up to date.
At the same time, you can manually enable the Socket Audit Device for the source Vault, so Vault will be sending audit logs to vault-sync. Using these audit logs, vault-sync keeps the secrets in the destination Vault up to date. Note that vault-sync does not create or delete the audit devices by itself.
It is possible to use the same Vault instance as the source and the destination. You can use this feature to replicate a "folder" of secrets to another "folder" on the same server. You need to specify different prefixes (src.prefix and dst.prefix) in the configuration file to make sure the source and the destination do not overlap.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:RebuildFactoryUpdates/vault-sync && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| _service | 0000000714 714 Bytes | |
| _servicedata | 0000000236 236 Bytes | |
| vault-sync-0.10.0.obscpio | 0000222731 218 KB | |
| vault-sync.changes | 0000000940 940 Bytes | |
| vault-sync.obsinfo | 0000000100 100 Bytes | |
| vault-sync.service | 0000000304 304 Bytes | |
| vault-sync.spec | 0000003090 3.02 KB | |
| vault-sync.yaml.dummy | 0000000094 94 Bytes | |
| vendor.tar.zst | 0023631974 22.5 MB |
Comments 0