{"library":"node-vault-client","title":"Node.js HashiCorp Vault Client","description":"node-vault-client is a pure JavaScript client library designed for interacting with HashiCorp Vault, specifically tailored for Node.js environments. Currently at version 1.0.2, this library provides core functionalities for reading, listing, and writing secrets, as well as managing authentication tokens. It supports various Vault Auth Backends, including AWS IAM, AppRole, and Token-based authentication, and crucially handles the automatic renewal of issued auth tokens to maintain session validity. While its release cadence appears intermittent, recent updates address critical issues, indicating ongoing maintenance. A key differentiator is its explicit focus on pure JavaScript implementation and built-in token lease renewal, which simplifies common operational patterns for Node.js applications integrating with Vault. It requires Node.js version 14 or higher and has a peer dependency on the `config` package.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install node-vault-client"],"cli":null},"imports":["const VaultClient = require('node-vault-client');","const VaultClient = require('node-vault-client');\nconst vaultClientInstance = VaultClient.boot('main', { /* ...options */ });","// Install @types/node-vault-client if available, or rely on inferred types."],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const VaultClient = require('node-vault-client');\n\n// Initialize the Vault client. The 'boot' method handles singleton instance management.\n// Ensure VAULT_APP_ROLE_ID and VAULT_APP_ROLE_SECRET_ID environment variables are set.\nconst vaultClient = VaultClient.boot('main', {\n    api: { url: 'https://vault.example.com:8200/' }, // Replace with your Vault server URL\n    auth: {\n        type: 'appRole', // Supports 'appRole', 'token', 'iam', 'kubernetes'\n        config: {\n            role_id: process.env.VAULT_APP_ROLE_ID ?? 'your-approle-role-id',\n            secret_id: process.env.VAULT_APP_ROLE_SECRET_ID ?? 'your-approle-secret-id' // Required for AppRole\n        }\n    },\n    // Optional: Pass 'false' to disable logging, or a custom logger object.\n    logger: console\n});\n\n// Read a secret from a specified path in Vault\nvaultClient.read('secret/data/my-application/config')\n    .then(response => {\n        console.log('Successfully read secret:', response.data.data); // Vault K/V v2 stores data in .data.data\n    })\n    .catch(e => {\n        console.error('Error reading secret:', e.message);\n        // Implement robust error handling, e.g., retry logic, specific Vault error codes.\n    });\n\n// Example of writing a secret to Vault\nvaultClient.write('secret/data/my-application/settings', { value: 'some_setting', enabled: true })\n    .then(() => console.log('Successfully wrote secret.'))\n    .catch(e => console.error('Error writing secret:', e.message));","lang":"javascript","description":"This quickstart demonstrates how to initialize the Vault client using AppRole authentication, read a secret, and write data to Vault. It uses environment variables for sensitive credentials.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}