fvault is a CLI tool used to manage resources in FortiPAM
fvault is written purely in GO, building vault only requires to run go build -o <output_path>, e.g. go build -o ./bin/fvault
You can use -h flag to see available commands, flags and hints e.g. fvault -h
Typical fvault usage start with the login command to store necessary info for later resource management calls.
List of commands:
- Global Fags
- -v, --verbose verbose trace
- -h, --help help
- Login command
fvault login [flags]- -t, --access-token string API token or JWT
- -a, --address string FortiPAM address
- -m, --method string Authentication method. Supports api-key and jwt (default "api-key")
- -s, --skip-ssl Skip SSL verification
- If no flags are given, the current authentication setting will be listed
- AES256 encryption for access token can be enabled by setting up environment variable "FPAM_AES", AES256 requires a key of length 32. If the variable length is less than 32, then padding will added. If variable length is greater than 32, then it will be truncated.
- Secret Read
fvault read secret [path/id] [flags]- -k, --key string Get value from a specific credential
- -o, --output string Store response to a file
- -e, --encode string Encode the secret value
- Use -v flag to see unfiltered response
- If -k flag is not supplied, all available field key will be shown. Secret target information will also be shown if it has been setup. -o flag will only store available fields keys in this case
- Secret Write
fvault write secret [path/id] [kv pairs]- KV paris should be in the format of key=value. Values will be auto generated if they are not specified (e.g. key=).
A maximum field size can be added to a secret is 50 Add secret with kv pairs will use "Key-Value Pairs" template and inherit the folder's permission
- KV paris should be in the format of key=value. Values will be auto generated if they are not specified (e.g. key=).
- Secret Write
fvault write secret -i [filename]- JSON file must contain "id" and "name", for all the required keys/fields please refer to https://fndn.fortinet.net/index.php?/fortiapi/3047-fortipam/4874/3047/secret\ Incompatible with [path/id] [kv pairs] usage
- Secret Delete
fpam delete secret [path/id] [key] [flags]- If keys are entered, then fpam will attempt to remove the key in the secret.
- Folder read
fvault read folder [path/id] [flags]- Usage without flags: The current folder's name, id, and current user's permission will be displayed
If there are sub folders/secrets under the folder, they will be displayed as well
When no id/path is given, then all visible root folders will be displayed - -o, --output: If verbose flag is not given, then the permission related information is stored to the file
Otherwise, all information about the folder will be stored
Note if path/id is not given, -o flag doesn't take any effect
- Usage without flags: The current folder's name, id, and current user's permission will be displayed
- Folder write
fvault write folder [path]- Create a non root folder under path
- The created folder will inherit parent folder's setting
- Folder write
fvault write folder -i [filename]- JSON file must contain "id" and "name", for all the required keys/fields please refer to https://fndn.fortinet.net/index.php?/fortiapi/3047-fortipam/4874/3047/secret/\ Incompatible with [path/id] usage
- Folder delete
fvault delete folder [path/id] [flags]
There are a couple of go test made in the test directory to basic regression tests. It requires a .env files under the directory.
e.g.
ENV_AES=CEtgY2yQBOl7HMG3AUVt41E6zIeP7NVp //For testing login token encryption
ENV_HOST=https://10.59.112.15 //FPAM address
ENV_TOKEN=<TOKEN> //FPAM access token
ENV_SKIP_SSL=true //FPAM SSL info
ENV_PKEY="-----BEGIN RSA PRIVATE KEY----- //For testing JWT login, pub-key should be place in target FPAM. MUST use RS256
<RSA key>
-----END RSA PRIVATE KEY-----"
ENV_SEC_PATH="CLI Test/fvault-test" //For testing secret management, note fvault-test secret will be created. Make sure path is unique
ENV_FOLDER_PATH="CLI Test/fvault-folder" //For testing folder management, note fvault-folder secret will be created. Make sure path is unique
To run tests cd thirdparty/binary/test, go test ./... -v, you can also run each test case go test -run <testcase>
Note When testing resources, failed test cases may require a manual clean up in the target FPAM