feat(secrets): removed deprecated vault support

postalsys · Sep 21, 2023 · 8ab9d60 · 8ab9d60
1 parent a394cf2
commit 8ab9d60
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 504 deletions.
diff --git a/lib/get-secret.js b/lib/get-secret.js
@@ -6,7 +6,6 @@ if (!process.env.EE_ENV_LOADED) {
 }
 
 const config = require('wild-config');
-const vault = require('node-vault');
 const fs = require('fs');
 const logger = require('./logger');
 
@@ -33,75 +32,7 @@ const readEnvValue = key => {
 
 const ENCRYPT_SECRET = readEnvValue('EENGINE_SECRET') || config.service.secret;
 
-const VAULT_ADDR = readEnvValue('VAULT_ADDR');
-const VAULT_ROLE_ID = readEnvValue('VAULT_ROLE_ID');
-const VAULT_SECRET_ID = readEnvValue('VAULT_SECRET_ID');
-const VAULT_PATH = readEnvValue('VAULT_PATH');
-const VAULT_KEY = readEnvValue('VAULT_KEY') || 'secret';
-
-const vaultClient =
-    VAULT_ADDR && VAULT_ROLE_ID && VAULT_SECRET_ID && VAULT_PATH
-        ? vault({
-              apiVersion: 'v1',
-              endpoint: VAULT_ADDR
-          })
-        : false;
-
-const cache = new Map();
-
-async function getVaultClient(opts) {
-    if (!vaultClient) {
-        return false;
-    }
-
-    if (!vaultClient.token) {
-        const result = await vaultClient.approleLogin({
-            role_id: VAULT_ROLE_ID,
-            secret_id: VAULT_SECRET_ID
-        });
-        vault.token = result.auth.client_token;
-        if (opts && opts.text) {
-            console.error(`Retrieved access token from Vault for role ${VAULT_ROLE_ID}`);
-        } else {
-            logger.info({ msg: 'Retrieved access token from Vault', role_id: VAULT_ROLE_ID });
-        }
-    }
-
-    return vaultClient;
-}
-
-async function getSecret(opts) {
-    if (cache.has('secret')) {
-        return cache.get('secret');
-    }
-
-    if (process.env._VAULT_SECRET) {
-        if (opts && opts.text) {
-            console.error(`Using cached encryption secret from Vault`);
-        } else {
-            logger.info({ msg: 'Using cached encryption secret from Vault', role_id: VAULT_ROLE_ID });
-        }
-        cache.set('secret', process.env._VAULT_SECRET);
-        return process.env._VAULT_SECRET;
-    }
-
-    // check vault
-    let vaultClient = await getVaultClient(opts);
-    if (vaultClient) {
-        let vaultRes = await vaultClient.read(VAULT_PATH);
-        let secret = vaultRes && vaultRes.data && vaultRes.data.data && vaultRes.data.data[VAULT_KEY];
-
-        if (opts && opts.text) {
-            console.error(`Retrieved encryption secret from Vault for role ${VAULT_ROLE_ID}`);
-        } else {
-            logger.info({ msg: 'Retrieved encryption secret from Vault', role_id: VAULT_ROLE_ID });
-        }
-
-        process.env._VAULT_SECRET = secret;
-        cache.set('secret', process.env._VAULT_SECRET);
-        return secret;
-    }
-
+async function getSecret() {
     return ENCRYPT_SECRET;
 }