Add TLS and mTLS support

2026-04-07 12:39:26 +00:00 · 2020-08-05 16:36:27 -04:00 · 2020-08-05 16:36:27 -04:00 · e59c94afbe
commit e59c94afbe
parent cd01494ae2
19 changed files with 6942 additions and 4389 deletions
--- a/integrationTests/e2e-tls/README.md
+++ b/integrationTests/e2e-tls/README.md
@ -0,0 +1,4 @@
+# e2e tests
+
+This test suite runs `vault-action` as a GitHub Action in the context of a live build, and then verifies that the appropriate environmental variables are set.
+These tests are intended to mostly be very simple smoke tests to verify that the action is being compiled and run correctly in context.
--- a/integrationTests/e2e-tls/configs/ca.crt
+++ b/integrationTests/e2e-tls/configs/ca.crt
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFjCCAv6gAwIBAgIUe0i7/HGZKvbDb30L9mC99KXFwj8wDQYJKoZIhvcNAQEL
+BQAwgaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlIYXNoaUNvcnAxIzAhBgNVBAsTGlRl
+c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MS0wKwYDVQQDEyRQcm90b3R5cGUgVGVz
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAwODA1MTg1MjAwWhcNMjUwODA0
+MTg1MjAwWjCBojELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU
+BgNVBAcTDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEjMCEGA1UE
+CxMaVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxLTArBgNVBAMTJFByb3RvdHlw
+ZSBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMrRXuu2+zhBs0pLYEdXIaPc4KoWO3xm2RJdbzy3hfjFybQ8
+H/Y6Hi7txjGGSb45xSfXT/RF2srNfs235I+sfB8rrEizNpzkXqOgGa8LKvh2tgBT
+BK/jDWsEdDhxmkpFhE69wEW+D5ub7QGnx9jrqLKfwCmUA0utlzcFBk2nRNhRtsrp
+CI5YL1VN4coLpgXdvbodzbynPzGHe9R/o9K0Uiz2hgHooyKwhkVYwo0BIAQamLFz
+TS7lyeLf0thDOxV31NX8SpSucqRf50WHNk8T/YtKZ9EhlBDT4ybZwwvcC/ocxxcg
+1LvB0YweZNjSeO78S4CMh1TFGXnF/xOtGABlIbcCAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFABD/NxvYLpo5zVNeD01
+r8IIFYlBMA0GCSqGSIb3DQEBCwUAA4IBAQB7TfpIx53gf/oI3mgR6Ciz287WBzFR
+OzhJXwHk5J3mx8VC1W8tDRXih2lCLd/f9qDy6LyL/hZcoonev6w9oReuOMBiH6l4
+Pf3yq2aDXX0AoGgm75c1m34kY669JLMsHq5+xuUDeeFUMd60w9zVtZfBSumy/sgN
+PdjtvThh8sSByocYULs3tuxZDGyQ6GyQcn/xlMrGtmcD5IuX5IXqcKRVlZttykNx
+S2ltcR00fekw8WZyPSzMJaP+/Kcq3T2viN02MS6qEycQZoYfEAMdj+A0kjbsZG9D
+6J92z78b2DuLAUvZVpynNk/UbpDeqIDy40V3JDmtvrfGUMkMhMqgK/+J
+-----END CERTIFICATE-----
--- a/integrationTests/e2e-tls/configs/client.crt
+++ b/integrationTests/e2e-tls/configs/client.crt
@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENTCCAx2gAwIBAgIUMu5h1ysA5DlM6lzZFliT2C2n4lEwDQYJKoZIhvcNAQEL
+BQAwgaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlIYXNoaUNvcnAxIzAhBgNVBAsTGlRl
+c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MS0wKwYDVQQDEyRQcm90b3R5cGUgVGVz
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwIBcNMjAwODA1MTg1MjAwWhgPMjEyMDA3
+MTIxODUyMDBaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW
+MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJSGFzaGlDb3JwMSMwIQYD
+VQQLExpUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOaGFzaGlj
+b3JwLnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/zYDKdDGo
+Qy7eJUNjOe6jpeGvK1lMu5T1Xka+h2ay6WH5gLyrPw5pi582iYpJdHVbplKMywx
+LxZv7mAbKNxqdp8UZKy0A3bCuHQqRF8ssXXHufQ8EGxNkLMLJP0e2q39OnrxXekS
+8Ct3aJm3V8qkcV3CpVdPNgJh4TSuneCXIxVWjFYSiyHi0/5TRd2D+aQPz12szg5F
+mBW4dLzYKHEMlWcjWG8mxtbLyt+jSR1+tSehQx7KndufdfniOWEDBdbeR3yDnZdn
+p8DnRWK4oaEI3Sl8tKlDd1Yp+R96aqOEn1tPW6Jy6Vdvk3fCefclbWZ6B9kiJ/1r
+gxq7AN7iKmHNAgMBAAGjdTBzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
+BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRn2mwyk+MPChnLg0iWy1r9
+b3JvwTAfBgNVHSMEGDAWgBQAQ/zcb2C6aOc1TXg9Na/CCBWJQTANBgkqhkiG9w0B
+AQsFAAOCAQEAOpCy0vHp1Kxgv0VBRrbrwSQLBGP8a1ubVWoeoZQ+EvX9ozqDrHxm
+gM4XPYUJlUOOEu0ZRgCW60YK33E1zNKnA1F0/3/rmqMkKnm0BBs/5WzMWtsIBPcU
+e0CeJmaRIXnERQMH/svD+RrFo1dcF8rUDIlWez7+xGqoIGBg7v4jEmkZ3HdckcE+
+/xvC61YSG8NsJwR/CEcQ8YCyVfgvuS0ukWs4dN15aVDL3Oe61h3bRcGAywOJBrdq
+9xaq7ezZp/+lUSkYnatWJBuC/aviH9g9s+gMT0I3fWHh8BB0Ne2txwJ15K/qz5he
+TjxFsumrh50aFqjSiEHndtY5UWuGAFLiSw==
+-----END CERTIFICATE-----
--- a/integrationTests/e2e-tls/configs/client.key
+++ b/integrationTests/e2e-tls/configs/client.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv82AynQxqPkMu3iVDYznuo6XhrytZTLuU9V5Gvodmsulh+YC
+8qz8OaYufNomKSXR1W6ZSjMsMS8Wb+5gGyjcanafFGSstAN2wrh0KkRfLLF1x7n0
+PBBsTZCzCyT9Htqt/Tp68V3pEvArd2iZt1fKpHFdwqVXTzYCYeE0rp3glyMVVoxW
+Eosh4tP+U0Xdg/mkD89drM4ORZgVuHS82ChxDJVnI1hvJsbWy8rfo0kdfrUnoUMe
+yp3bn3X54jlhAwXW3kd8g52XZ6fA50ViuKGhCN0pfLSpQ3dWKfkfemqjhJ9bT1ui
+culXb5N3wnn3JW1megfZIif9a4MauwDe4iphzQIDAQABAoIBAQCYHJuidAoaTwGZ
+ACV9rJzuqD1lvubpFj5KwEcebPPjmtQ5deIqoaQa+D9wBvYyteq3ENKDNRg8HXL2
+7B7OC1bbHB5HZxxMW17pSK3gA39Ti52z+zbGF+Q8k6BbG0efG6DW7nUoTOkWeuCN
+/6fA7uAoEDxirQwUJuo2xAsq3MyMLwcs95rke9Bly8ABFNaV1oMZq8YT/w8oSc2b
+/7WtxXmChHlVYXTcMqzVPqNFqPRixZRWQ+BSHoXmEDviuGd51L4s9D7iXp32TvUx
+DMHeS1DFA2en7ZF1uc9VXZeplkkDtVhUe4d6qOqCcUwDFEvMonnyVSa6/FkR5jYZ
+2yujTdfhAoGBAM0hGOnmnDnCjADUt4mZlr+Mf0XmdKzEV+hid4CQUvBoTXgjYMvv
+c397eNePce7SwSUE1/APERInGUPhRLVFW5q6/34WRtGBbQkT8ByeJANXes4UFZe3
+wdNLczWUlSl0G3jTf+Kh3+K5/PtmyxSrAS/9GIk+ibs1mlJOPyVnWqUJAoGBAO9e
+WlP9/ruXluvkQyM5ZlnAnZYMsFGzzPx4tkazUjurtqxQoyZ0z+pPItGQ7lOl+pDA
+EWiTun66g+Da9uBiBCJUeXiC1ge2p6bT6N194BrYyrWML9hcIL4mqVojUEUmhnSh
+6b9h1pC7vFmw5ZFMIIkS60cfBMgQMZxMJN8NuaulAoGBAJM5hwURg90c2ZkbEyPK
+PVz7fLlxnxoEzcc3LOf0LeLoKXnpgma8VJwRxXiJNs+fKgrkwAtG9QyfTU3f1412
+2zlhr1ASsv9ZMiXKzpHrmpNfbP+NgLXkqFN7mpPBMZGQCMuemPHTFrpGnODfNTB/
+T5newIZ4gSgBX+Jk0IOK+47pAoGAeKo6pK6ck9pV5TIbOg18b/AuQG7DD1yxD/CW
+CkvpP1VPb8vygrdN/FLKPZRu39IC3qdD31DhKXNCeb5Hx1MBvICS/1INLLRCDVIz
+yDvlFgOFJEG3+LxwcQqyQlMc6s8B5pecarKaZDmPODN5dmZG3HKiEicr1OJ878pe
+p+aWW1UCgYBmGFbCc1qqlqp+srYGsv3rIgNs5HSfrAjbgY8xh9foMgrYCRAm57gv
+01yVxMXWmKA6ReVEu8OTVy9fkuOL/vw2o+C6W4IPZYdvSQoPwd5Lf+AqxEQvFF1m
+tT3SZAM3EhQ7tIXdIQHY27SJ1KlUJMrvUq1CiRWiG/MOKf/87JXPog==
+-----END RSA PRIVATE KEY-----
--- a/integrationTests/e2e-tls/configs/config.hcl
+++ b/integrationTests/e2e-tls/configs/config.hcl
@ -0,0 +1,15 @@
+ui = false
+disable_mlock = true
+
+listener "tcp" {
+  address = "[::]:8200"
+  cluster_address = "[::]:8201"
+  tls_cert_file = "/etc/vault/server.crt"
+  tls_key_file = "/etc/vault/server.key"
+  tls_client_ca_file = "/etc/vault/ca.crt"
+  tls_require_and_verify_client_cert = "true"
+}
+
+storage "file" {
+  path = "/var/lib/vault"
+}
--- a/integrationTests/e2e-tls/configs/server.crt
+++ b/integrationTests/e2e-tls/configs/server.crt
@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIUAswquazrfsyDRvXZwn5718DUhU4wDQYJKoZIhvcNAQEL
+BQAwgaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlIYXNoaUNvcnAxIzAhBgNVBAsTGlRl
+c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MS0wKwYDVQQDEyRQcm90b3R5cGUgVGVz
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwIBcNMjAwODA1MTg1MjAwWhgPMjEyMDA3
+MTIxODUyMDBaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW
+MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJSGFzaGlDb3JwMSMwIQYD
+VQQLExpUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOaGFzaGlj
+b3JwLnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0azdZsrPC
+5Rv8nRxVJnLi+oZgCJYgzhCDiEbYqt1QK1gqNXp0ml5ck6ycj0drwzHzrrX+xcPV
+5FcNKH3RFyon9XkzjwaXkMv6IkgvH6/jQ1dDW9kWBf3Io3Y59wnD/YaIzNK0CYJS
+fRNdsZb4InH8gh+RL33+FeysgJwXG1TVA4tTUj7DQxDE0cDd9UD+C9Yx7OWiUjC1
+IjqdFPusX1nziKYjeI5/UiCmOUGqJJRoMPonuzuGIj9GdmBKmga64OfeZFqn4f6a
+ay61VnGCwZ24VniUwYElsFbcF2Nv9WqnrOeQlHOsYN68VMqHzaYPqE6SPa6mO5mI
+/tmpXrDG3Y+RAgMBAAGjgZ0wgZowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE03/UTs2ZmJpWHSmstt
+hDngW6F3MB8GA1UdIwQYMBaAFABD/NxvYLpo5zVNeD01r8IIFYlBMCUGA1UdEQQe
+MByCCWxvY2FsaG9zdIIJdmF1bHQtdGxzhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB
+AQCzarBGJium5oZDSSP5GqxpS13QP2onEen6I1k2eRdcOqtbfNdQ20RJrb4dfNkE
+Dc09KWVlZAn+hYge2KKTXJ+4ltIC9V1LvquyWipNczOT1ve0H9gt3Wm88LdESqI5
+HOx43pIaa3cWXBlbzrFmT1SASYm1V5Oo1mXzpUukGokHLLmAz36VVuJGbD0BxYke
+5MefG4tNT1SsMsIqVvGxI9NiVs7YTdJu81MctSYK5snsEKnYdi9N7CHOk3bdDpeC
+v2Vo7XBk3s4sBMGmnJO+1JOcRFJioooEFkqNyQmg3atfInysVbreKS5KtWNTaCPm
+yI55plW8ga5ucja2VX3WbwAO
+-----END CERTIFICATE-----
--- a/integrationTests/e2e-tls/configs/server.key
+++ b/integrationTests/e2e-tls/configs/server.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtGs3WbKzwuUb/J0cVSZy4vqGYAiWIM4Qg4hG2KrdUCtYKjV6
+dJpeXJOsnI9Ha8Mx8661/sXD1eRXDSh90RcqJ/V5M48Gl5DL+iJILx+v40NXQ1vZ
+FgX9yKN2OfcJw/2GiMzStAmCUn0TXbGW+CJx/IIfkS99/hXsrICcFxtU1QOLU1I+
+w0MQxNHA3fVA/gvWMezlolIwtSI6nRT7rF9Z84imI3iOf1IgpjlBqiSUaDD6J7s7
+hiI/RnZgSpoGuuDn3mRap+H+mmsutVZxgsGduFZ4lMGBJbBW3Bdjb/Vqp6znkJRz
+rGDevFTKh82mD6hOkj2upjuZiP7ZqV6wxt2PkQIDAQABAoIBAQCvK0HsVvLtkSCh
+HbF6gwAcnHyHFQ8d/rRN4KxYhVynD85j/NRODer8G20F/J6tZDFFlSWinUTMkQxr
+/BpcPg9yCIWKp50Q30cMLujCyBMvphw9jBmzplGG0h5hnRbgMXDDtYoFvw3HJST+
+XQRlGpxtO7GGdwPvBD5sJdpnHOQ6g7qIYKmlHM99kHU8vr0VghqZAYxEh8RpnYez
+NLra+7ep+Zp1pFIniU6B8ohyL3OArbQ65qYrZYriAEI5HeEk0RhjewcPsV56LwbS
+CncTVS/dNYgk1zRIvytmbDVD3v/4lLvnpIWeKVdk7p1aGJeCdpLeWNvDLX0Ws67r
+QeZQizwhAoGBAMwAIA6+HPsx+8dhNbN3ydX8YU6uUfSeshhshIFZPIYL2vrKyAHU
+/GAYVzYJH/cU0IvlLJlLdQuiZkOXEX87tgdfmM/o4Qdl12RR0BvU0Cae0txtzNrP
+yTdfZqDhTz/V8jOAXUNA5oQA45Y3rI7JES8hBd1F9WFOH2WINp344GzlAoGBAOJo
+SgmRE24VcnfUMqrBpwZBdBrTxDQyTagvd+MuGomIQfcE2Y4rr1eIuJJ0HF5/eYxc
+DZRO/LVP9tQ8ozXi2tdmgUdKC79O2edmdOCWW5of464R/TLcM5B4SmS36RtdE3qJ
+ig4fcUmsJ15MAGpkXLMh5YSD/N3TmcnURtx06Fk9AoGATi+mGcBnnybzFuF9EYHR
+y7/lE6DgLF8+ZvoAdwralY2pqgFaUslsyO/LTRyGMc66d0OoqkAvZfwiMbmOrTMX
+ew/6o4Tf6lPwD7UDjAcul/67VlyG7T5CIoTf8r0oAJFhOLf0BrizINiuYX6JFlid
+y3BerQYJG/gzNFjWhglDCrkCgYA+3wUISRAjNrN10ShMwL/3/b8XIA1RDVMBTEU3
+gfr+jCb9SIx9bWYgoafXi4TBPRbswjdHIvQMCWuankgYU6m/vQhTWp2Of4AFQS9d
+moNPdmGMWhR8xidPjAfklimWXq9lDMKYj2SvN64rAmHvKXWQjO4mcVyL4RHIuTkA
+STqoZQKBgQDKHd8F6tjZHEFolmjS5l682g7zVTpBhozezJ/RqYvhJh5ew1pXoD/O
+Zu9iMfHoDjR4ZUXq6aeLUj/oIt1AsjwaGChOLLAvFbvePgS9XkYkwIlaxS4efAya
+CQE/JmY/a1/c2MDLNMCEXvUqX68pv6iDF8pfn+i4tn0omYqgfUlCA==
+-----END RSA PRIVATE KEY-----
--- a/integrationTests/e2e-tls/e2e-tls.test.js
+++ b/integrationTests/e2e-tls/e2e-tls.test.js
@ -0,0 +1,13 @@
+describe('e2e-tls', () => {
+    it('verify', () => {
+        expect(process.env.SECRET).toBe("SUPERSECRET");
+        expect(process.env.NAMED_SECRET).toBe("SUPERSECRET");
+        expect(process.env.OTHERSECRET).toBe("OTHERSUPERSECRET");
+        expect(process.env.OTHER_SECRET_OUTPUT).toBe("OTHERSUPERSECRET");
+        expect(process.env.ALTSECRET).toBe("CUSTOMSECRET");
+        expect(process.env.NAMED_ALTSECRET).toBe("CUSTOMSECRET");
+        expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET");
+        expect(process.env.FOO).toBe("bar");
+        expect(process.env.NAMED_CUBBYSECRET).toBe("zap");
+    });
+});
--- a/integrationTests/e2e-tls/jest.config.js
+++ b/integrationTests/e2e-tls/jest.config.js
@ -0,0 +1,3 @@
+module.exports = {
+    verbose: true
+};
--- a/integrationTests/e2e-tls/setup.js
+++ b/integrationTests/e2e-tls/setup.js
@ -0,0 +1,180 @@
+const got = require('got');
+const core = require('@actions/core');
+
+const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`;
+const caCertificateRaw = `${process.env.VAULTCA}`;
+const clientCertificateRaw = `${process.env.VAULT_CLIENT_CERT}`;
+const clientKeyRaw = `${process.env.VAULT_CLIENT_KEY}`;
+
+(async () => {
+    try {
+        var caCertificate = Buffer.from(caCertificateRaw, 'base64').toString();
+        if (caCertificate == null) {
+            throw Error("VAULTCA env not set.")
+        }
+
+        var clientCertificate = Buffer.from(clientCertificateRaw, 'base64').toString();
+        if (clientCertificate == null) {
+            throw Error("VAULT_CLIENT_CERT env not set.")
+        }
+
+        var clientKey = Buffer.from(clientKeyRaw, 'base64').toString();
+        if (clientKey == null) {
+            throw Error("VAULT_CLIENT_KEY env not set.")
+        }
+
+        // Init
+        const {body} = await got(`https://${vaultUrl}/v1/sys/init`, {
+            method: 'POST',
+            json: {
+                secret_shares: 1,
+                secret_threshold: 1,
+            },
+            responseType: 'json',
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            }
+        });
+
+        if (body.keys_base64.length != 1) {
+            throw Error("No unseal key found after init.")
+        }
+        var unseal = body.keys_base64[0];
+
+        if (body.root_token == "") {
+            throw Error("No root token found after init.")
+        }
+        var rootToken = body.root_token;
+
+        core.exportVariable('VAULT_TOKEN', rootToken);
+        core.setSecret(rootToken)
+
+        // Unseal 
+        await got(`https://${vaultUrl}/v1/sys/unseal`, {
+            method: 'POST',
+            json: {
+                key: unseal,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            }
+        });
+
+        await got(`https://${vaultUrl}/v1/sys/mounts/secret`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                type: 'kv-v2'
+            }
+        });
+
+        await got(`https://${vaultUrl}/v1/secret/data/test`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                data: {
+                    secret: 'SUPERSECRET',
+                },
+            },
+        });
+
+        await got(`https://${vaultUrl}/v1/secret/data/nested/test`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                data: {
+                    otherSecret: 'OTHERSUPERSECRET',
+                },
+            }
+        });
+
+        await got(`https://${vaultUrl}/v1/sys/mounts/my-secret`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                type: 'kv'
+            }
+        });
+
+        await got(`https://${vaultUrl}/v1/my-secret/test`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                altSecret: 'CUSTOMSECRET',
+            }
+        });
+
+        await got(`https://${vaultUrl}/v1/my-secret/nested/test`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                otherAltSecret: 'OTHERCUSTOMSECRET',
+            },
+        });
+
+        await got(`https://${vaultUrl}/v1/cubbyhole/test`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': rootToken,
+            },
+            https: {
+                certificateAuthority: caCertificate,
+                certificate: clientCertificate,
+                key: clientKey,
+            },
+            json: {
+                foo: 'bar',
+                zip: 'zap',
+            },
+        });
+    } catch (error) {
+        console.log(error);
+        process.exit(1);
+    }
+})();