Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

nyxcharon/vault-ui

Repository files navigation

Vault UI

Docker Registry


Screenshots

Login Screen Mount Screen Cluster Health Screen

Features

  • List/View Secrets
  • List Policies
  • List Users
  • View Server(s) Status
  • Health check
  • Userpass and LDAP Authentication

Getting Started

Requirements

  • Vault UI Assumes you already have vault setup and unsealed. If you don't, see the official docs
  • Any storage backend is fine

Configuration

These varaibles can either be set in settings.py, or via environment variables. Environment variables will always override settings.py

  • VAULT_ADDR - (Required) the Vault host to connect to. Default is "https://localhost:8200"
  • VAULT_SKIP_VERIFY - If set, do not verify Vault's presented certificate before communicating with it. Setting this variable is not recommended except during testing.
  • AUTH_METHODS - Defines the auth types users can use. Supports "LDAP" and "Userpass". Specifying anything else will be seen as a custom userpass mount. Default is "Userpass"
  • VAULT_PORT - Defines the port vault uses for the health check. Default is 8200
  • VAULT_SSL_CERT - Full path to the SSL cert used for https support
  • VAULT_SSL_KEY - Full path to the SSL key used for the https support
  • VAULT_SSL_CA - Full path to the SSL certificate authority used to verify VAUT_URL's cert when it uses https.
  • VAULT_UI_HTTP_PORT - Make vault-ui listen on this port for http connections. Default is 80.
  • VAULT_UI_HTTPS_PORT - Make vault-ui listen on this port for http connections. Default is 443.

Authentication

  • You must mount and setup an authentication backend before you can login to Vault UI. The easiest to get started with is userpass. For more information on setting up this backend, see the userpass docs
  • When logging in, the policies the user has will determine what they can view in the ui.
  • Currently only userpass (including custom mounts) and LDAP authentication backends are supported

Running it

You have two options, docker (preferred) or using flask directly.

Docker

docker run -p 80:80 -e VAULT_ADDR=https://vault.example.com:8200 nyxcharon/vault-ui:latest

Python

git clone https://github.com/nyxcharon/vault-ui && cd vault-ui
pip install -r requirements.txt
FLASK_APP=app.py
flask run

Docker

Build (for custom changes)

Manually

docker build -t vault-ui .

Docker-Compose

docker-compose build

Run

Manually

docker run -it \
    -p 80:80 \
    -e VAULT_ADDR=my.vault.host \
        nyxcharon/vault-ui:latest

Docker-Compose

docker-compose pull
docker-compose run -d