-
Notifications
You must be signed in to change notification settings - Fork 0
/
vault.ts
47 lines (41 loc) · 1.28 KB
/
vault.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import { Ed25519Keypair } from "@mysten/sui/keypairs/ed25519";
import { createKVReadResponse, VAULT_AUTH_TYPE, VaultClient, VaultTokenCredentials } from "vault";
import config from "./config.ts";
import { createKeySchema } from "./types.ts";
import { decodeKeypair } from "./utils.ts";
const authentication: VaultTokenCredentials = {
[VAULT_AUTH_TYPE]: "token",
mountpoint: "auth/token",
token: config.VAULT_TOKEN,
};
const client = new VaultClient({
address: config.VAULT_ADDR,
namespace: config.VAULT_NAMESPACE,
authentication,
});
export const getKeypair = async (path: string, key: string, encoding: string): Promise<Ed25519Keypair> => {
// We currently use environment variables for authentication.
try {
await client.login();
} catch (e) {
throw new Error("Failed to login to Vault", {
cause: e,
});
}
let keyData;
try {
keyData = await client.read(
createKVReadResponse(createKeySchema(key)),
path,
);
} catch (e) {
throw new Error("Failed to read keypair from Vault", {
cause: e,
});
} finally {
await client.logout();
}
return Ed25519Keypair.fromSecretKey(
decodeKeypair(keyData.data.data[key], encoding),
);
};