SecretSync

SecretSync (secretssync) is a Go binary that synchronizes secrets from HashiCorp Vault to cloud provider secret stores (AWS Secrets Manager, GCP Secret Manager).

Installation

go install github.com/jbcom/extended-data-library/packages/secretssync@latest

Usage

# Sync secrets from Vault to AWS Secrets Manager
secretssync --source vault --target aws \
  --vault-addr https://vault.example.com \
  --vault-path secret/data/myapp \
  --aws-region us-east-1

# Sync to GCP Secret Manager
secretssync --source vault --target gcp \
  --vault-addr https://vault.example.com \
  --vault-path secret/data/myapp \
  --gcp-project my-project

Configuration

SecretSync reads configuration from environment variables or a YAML config file.

Environment Variables

Variable	Description
`VAULT_ADDR`	HashiCorp Vault server URL
`VAULT_TOKEN`	Vault authentication token
`VAULT_ROLE_ID`	AppRole role ID (alternative auth)
`VAULT_SECRET_ID`	AppRole secret ID (alternative auth)
`AWS_REGION`	Target AWS region
`GCP_PROJECT`	Target GCP project ID

Source Code

packages/secretssync