Using with Bruno CLI
Pre-requisites
Add the vault connection configuration to the collection's secrets.json file (create one if it doesn't exist). You can use environment variables in the configuration to avoid hardcoding sensitive information.
This is the only additional configuration required to use the vault secrets in the collection using the CLI.
Usage
There are 3 different CLI configurations that can be used.
Vault server with token authentication
secrets.json
{
"type": "vault",
"cli": {
"type": "vault-server",
"vaultServerConfig": {
"url": "http://localhost:8200",
"namespace": "bruno",
"auth": {
"method": "token",
"token": "{{authToken}}"
}
}
},
"data": [
{
"environment": "Prod",
"secrets": [
{
"name": "db",
"path": "secret/db",
"enabled": true
}
]
}
]
}
Corresponding CLI command:
bru run folder --env Prod --env-var authToken=your-vault-token
Vault server with appRole authentication
secrets.json
{
"type": "vault",
"cli": {
"type": "vault-server",
"vaultServerConfig": {
"url": "http://localhost:8200",
"namespace": "bruno",
"auth": {
"method": "app_role",
"appRole": {
"role": "bruno",
"roleId": "{{roleId}}",
"secretId": "{{secretId}}"
}
}
}
}
"data": [
{
"environment": "Prod",
"secrets": [
{
"name": "db",
"path": "secret/db",
"enabled": true
}
]
}
]
}
Corresponding CLI command:
bru run folder --env Prod --env-var roleId=your-role-id --env-var secretId=your-secret-id
Vault cloud with client credentials authentication
secrets.json
{
"type": "vault",
"cli": {
"type": "vault-cloud",
"vaultCloudConfig": {
"auth": {
"method": "client-credentials",
"clientCredentials": {
"tokenEndpoint": "{{tokenEndpoint}}",
"secretsEndPoint": "{{secretsEndpoint}}",
"clientId": "{{clientId}}",
"clientSecret": "{{clientSecret}}"
}
},
"project": {
"name": "{{projectName}}",
"projectId": "{{projectId}}",
"organizationId": "{{organizationId}}"
}
}
},
"data": [
{
"environment": "Prod",
"secrets": [
{
"name": "db",
"path": "secret/db",
"enabled": true
}
]
}
]
}
Corresponding CLI command:
bru run folder --env Prod --env-var tokenEndpoint=your-token-endpoint --env-var secretsEndpoint=your-secrets-endpoint --env-var clientId=your-client-id --env-var clientSecret=your-client-secret --env-var projectName=your-project-name --env-var projectId=your-project-id --env-var organizationId=your-organization-id