Put your vault secrets in your process.env
Install the package
npm install --save vault-envWrite a Secretfile in your app directory
DATABASE_URL secrets/databases/main:urlRequire vault-env and the environment variables are loaded
require("vault-env");
console.log(process.env.DATABASE_URL);
// => 'postgres://...'Provide your app with VAULT_ADDR and VAULT_TOKEN environment variables when
you run it.
VAULT_ADDR=https://localhost:8200 VAULT_TOKEN=12345 node ./app.jsRequire vault-env/rotate and vault-env will request new leases before your
secrets expire, keeping your environment variables up to date forever.
require("vault-env/rotate");
// check the database url
console.log(process.env.DATABASE_URL);
// => 'postgres://username:password@host/db'
// check again in six weeks
setTimeout(function () {
console.log(process.env.DATABASE_URL);
// => 'postgres://user:newpassword@host/db'
}, 1000 * 60 * 60 * 24 * 7 * 6);Watch for secret changes
var vaultEnv = require("vault-env/rotate");
vaultEnv.on("DATABASE_URL", function (newDB, oldDB) {
console.log("DATABASE_URL has changed to " + newDB + " from " + oldDB);
});Require vault-env/local and vault-env will not set your environment
your variables will only be exported by the module as regular variables
var secret = require("vault-env/local");
console.log(secret.DATABASE_URL);
// => 'postgres://...'