diff --git a/api/client.go b/api/client.go index 9b7129ceb0832..df8cfa551bd8c 100644 --- a/api/client.go +++ b/api/client.go @@ -42,6 +42,7 @@ const ( EnvVaultToken = "VAULT_TOKEN" EnvVaultMFA = "VAULT_MFA" EnvRateLimit = "VAULT_RATE_LIMIT" + EnvHTTPProxy = "VAULT_HTTP_PROXY" ) // Deprecated values @@ -271,6 +272,7 @@ func (c *Config) ReadEnvironment() error { var envMaxRetries *uint64 var envSRVLookup bool var limit *rate.Limiter + var envHTTPProxy string // Parse the environment variables if v := os.Getenv(EnvVaultAddress); v != "" { @@ -339,6 +341,10 @@ func (c *Config) ReadEnvironment() error { envTLSServerName = v } + if v := os.Getenv(EnvHTTPProxy); v != "" { + envHTTPProxy = v + } + // Configure the HTTP clients TLS configuration. t := &TLSConfig{ CACert: envCACert, @@ -375,6 +381,16 @@ func (c *Config) ReadEnvironment() error { c.Timeout = envClientTimeout } + if envHTTPProxy != "" { + url, err := url.Parse(envHTTPProxy) + if err != nil { + return err + } + + transport := c.HttpClient.Transport.(*http.Transport) + transport.Proxy = http.ProxyURL(url) + } + return nil } diff --git a/changelog/12582.txt b/changelog/12582.txt new file mode 100644 index 0000000000000..6e5c0c916fa59 --- /dev/null +++ b/changelog/12582.txt @@ -0,0 +1,3 @@ +```release-note:improvement +api: Support VAULT_HTTP_PROXY environment variable to allow overriding the Vault client's HTTP proxy +``` diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 9927152503c8a..cefdeeed82997 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -323,6 +323,12 @@ can be supplied. If a MFA method expects multiple credential values, or if there are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be used. +### `VAULT_HTTP_PROXY` + +HTTP proxy location which should be used to access Vault. When present, this +overrides any other proxies found in the environment. Format should be +`http://server:port`. + ## Flags There are different CLI flags that are available depending on subcommands. Some