The Pouch project

Pouch and friends are a set of tools to manage provisioning of secrets on hosts based on the AppRole authentication method of Vault.

This project is under development and there may be changes on its commands and configurations

Pouch encourages the application of the good practices of this authentication method by using secret IDs with response wrapping.

The typical workflow to provision machines using Pouch consists on:

This workflow has some advantages:

Tools in the pouch project

pouch is a daemon able to login with Vault using AppRole authentication method with wrapped secret IDs, it can request secrets and use them to fill templates.
pouchctl is a cli tool that can be used to push wrapped secret ids to hosts using pouch.
terraform-provisioner-vault-secret-id is a Terraform plugin that provides a provisioner that can be used to push wrapped secret ids to hosts using pouch.
approle-login is a helper tool that can be used with other tools that use Vault as data source but don't implement the AppRole authentication backend.

You can follow Tuenti engineering team on Twitter @tuentieng.

pouch is available under the Apache License, Version 2.0. See LICENSE file for more info.

Name		Name	Last commit message	Last commit date
Latest commit History 125 Commits
cmd		cmd
contrib		contrib
pkg		pkg
vendor		vendor
.gitignore		.gitignore
.travis.yml		.travis.yml
Dockerfile		Dockerfile
Dockerfile.approle-login		Dockerfile.approle-login
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
Vagrantfile		Vagrantfile
fswatcher.go		fswatcher.go
notifier.go		notifier.go
pouch.go		pouch.go
pouch_test.go		pouch_test.go
pouchfile.go		pouchfile.go
pouchfile_test.go		pouchfile_test.go
state.go		state.go
state_test.go		state_test.go