Mr-istov/node-vault-aws-iam-auth.ts

## node-vault-aws-iam-auth.ts
import * as vault from "node-vault";
import * as aws4 from "aws4";

interface VaultRequest {
  role: string;
  iam_request_url: string;
  iam_request_body: string;
  iam_request_headers: string;
  iam_http_request_method: string;
}

const vault_client = vault({
  endpoint: process.env.VAULT_URL,
});

const awsRequestUrl = "https://sts.amazonaws.com/";
const awsRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";

const awsCreds = {
  accessKeyId: process.env.AWS_ACCESS_KEY_ID,
  secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
  sessionToken: process.env.AWS_SESSION_TOKEN,
};

const signedRequest = aws4.sign({ service: "sts", body: awsRequestBody }, awsCreds);

const vaultRequest: VaultRequest = {
  role: process.env.VAULT_IAM_ROLE,
  iam_http_request_method: "POST",
  iam_request_url: Buffer.from(awsRequestUrl).toString("base64"),
  iam_request_body: Buffer.from(awsRequestBody).toString("base64"),
  iam_request_headers: Buffer.from(JSON.stringify(signedRequest.headers)).toString("base64"),
};

async function awsLogin() {
  try {
    await vault_client.awsIamLogin({
      role: vaultRequest.role,
      mountPoint: "aws",
      iam_request_url: vaultRequest.iam_request_url,
      iam_request_body: vaultRequest.iam_request_body,
      iam_request_headers: vaultRequest.iam_request_headers,
      iam_http_request_method: vaultRequest.iam_http_request_method,
    });
  } catch (err) {
    console.log(`Error while authenticating to vault: ${err}`);
  }
}

awsLogin().then(() => {
  vault_client
    .status()
    .then((data) => {
      console.log(data);
    })
    .catch((err) => {
      console.log(err);
    });
});
	import * as vault from "node-vault";
	import * as aws4 from "aws4";

	interface VaultRequest {
	role: string;
	iam_request_url: string;
	iam_request_body: string;
	iam_request_headers: string;
	iam_http_request_method: string;
	}

	const vault_client = vault({
	endpoint: process.env.VAULT_URL,
	});

	const awsRequestUrl = "https://sts.amazonaws.com/";
	const awsRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";

	const awsCreds = {
	accessKeyId: process.env.AWS_ACCESS_KEY_ID,
	secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
	sessionToken: process.env.AWS_SESSION_TOKEN,
	};

	const signedRequest = aws4.sign({ service: "sts", body: awsRequestBody }, awsCreds);

	const vaultRequest: VaultRequest = {
	role: process.env.VAULT_IAM_ROLE,
	iam_http_request_method: "POST",
	iam_request_url: Buffer.from(awsRequestUrl).toString("base64"),
	iam_request_body: Buffer.from(awsRequestBody).toString("base64"),
	iam_request_headers: Buffer.from(JSON.stringify(signedRequest.headers)).toString("base64"),
	};

	async function awsLogin() {
	try {
	await vault_client.awsIamLogin({
	role: vaultRequest.role,
	mountPoint: "aws",
	iam_request_url: vaultRequest.iam_request_url,
	iam_request_body: vaultRequest.iam_request_body,
	iam_request_headers: vaultRequest.iam_request_headers,
	iam_http_request_method: vaultRequest.iam_http_request_method,
	});
	} catch (err) {
	console.log(`Error while authenticating to vault: ${err}`);
	}
	}

	awsLogin().then(() => {
	vault_client
	.status()
	.then((data) => {
	console.log(data);
	})
	.catch((err) => {
	console.log(err);
	});
	});