VaultFS

VaultFS mounts arbitrary Vault prefixes in a FUSE filesystem. It also provides a Docker volume plugin to the do the same for your containers.

Table of Contents

• VaultFS
• Mounting
• Docker
• License

Installation

This project is in early development and has not reached 1.0. You will have to build the binary yourself:

go get github.com/asteris-llc/vaultfs
env GOOS=linux go build github.com/asteris-llc/vaultfs

Usage

VaultFS is one binary that can mount keys or run a Docker volume plugin to do so for containers. Run vaultfs --help to see options not documented here.

Mounting

Usage:
  vaultfs mount {mountpoint} [flags]

Flags:
  -a, --address="https://localhost:8200": vault address
  -i, --insecure[=false]: skip SSL certificate verification
  -r, --root="secret": root path for reads
  -t, --token="": vault token

To mount secrets, first create a mountpoint (mkdir test), then use vaultfs to mount:

vaultfs mount --address=http://localhost:8200 -t 3a749a17-528e-e4b1-c28a-62e54f0098ae test

Docker

Usage:
  vaultfs docker {mountpoint} [flags]

Flags:
  -a, --address="https://localhost:8200": vault address
  -i, --insecure[=false]: skip SSL certificate verification
  -s, --socket="/run/docker/plugins/vault.sock": socket address to communicate with docker
  -t, --token="": vault token

To start the Docker plugin, create a directory to hold mountpoints (mkdir test), then use vaultfs to start the server. When Docker volumes request a volume (docker run --volume-driver vault --volume {prefix}:/container/secret/path), the plugin will create mountpoints and manage FUSE servers automatically.

vaultfs docker --address=http://localhost:8200 -t 3a749a17-528e-e4b1-c28a-62e54f0098ae test

License

VaultFS is licensed under an Apache 2.0 License (see also: LICENSE)