You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the Vault CLI module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
17 / 25
18 / 20
5 / 20
10 / 10
67 / 100
Drilldown
Presentation & Onboarding — 17 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
12
Multiple documented examples cover major modes: basic CLI-only installation, with token authentication, custom version, custom install directory, with namespace (Enterprise), and Enterprise binary. Each has sensible defaults.
Coder-context framing
8
5
README names Vault and shows Coder integration via coder_agent, but does not explain what the module adds on top of Coder or where Coder fits in the Vault authentication/secrets flow. The description mentions "integration" but lacks workflow context.
Visual preview
5
0
No image, GIF, or video present. Only an icon reference in frontmatter.
Credential Hygiene — 18 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
vault_token variable is marked sensitive = true in main.tf. README examples use var.vault_token rather than inline secrets.
Non-hardcoded auth path
4
2
README shows token-based authentication via vault_token variable, which requires pasting raw tokens into template variables. Related modules (vault-github, vault-jwt) are mentioned for alternative auth methods, but this module itself only documents the token path. Half credit for acknowledging better paths exist elsewhere.
Restricted-Environment Readiness — 5 / 20
Criterion
Max
Score
Notes
Mirrorable artifact source
10
0
No module input variable overrides the download URL. The script hardcodes HashiCorp API endpoints and releases.hashicorp.com URLs. The vault_cli_version variable controls which version to fetch, not where to fetch from.
Bring-your-own binary
5
0
No documented way to skip installation when vault is already in the image. The script always attempts to check/install vault.
Egress transparency
3
1.5
External endpoints are visible in run.sh (api.releases.hashicorp.com, releases.hashicorp.com) but not enumerated in a dedicated README section. Prerequisites mention HTTP client requirements but not network destinations. At most half per rubric; awarding half.
Runs without sudo
2
2
Script attempts installation without sudo first, falling back to sudo only when the install directory is not writable, then falling back to ~/.local/bin if sudo fails. Core functionality (installing to writable directories or user home) works without sudo. Full credit.
Theme adjustment
3.5
Half of 3 (Egress) = 1.5; round down per criterion = 1.5 total.
Engineering Quality — 10 / 10
Criterion
Max
Score
Notes
Input quality
6
6
All inputs have clear descriptions. Sensible defaults provided (latest version, /usr/local/bin, null for optional auth). Validation present for vault_cli_version (semantic version or "latest").
Test coverage
4
4
Comprehensive .tftest.hcl with 11 test runs covering: no token, with token, custom version, custom install dir, invalid version, valid semver, v-prefix rejection, namespace, token+namespace, and enterprise flag. Tests cover business logic thoroughly. No TypeScript tests, but this is a utility module with no end-to-end behavior requiring them.
Overall — 67 / 100
Raw 50 / 75 → round(50 / 75 × 100) = 67
Track: Utility (installs CLI tool, not an agent or IDE)
Badge: Adequate
Scored against SCORECARD.md on 2026-07-15 with claude-sonnet-4-5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the Vault CLI module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 17 / 25
coder_agent, but does not explain what the module adds on top of Coder or where Coder fits in the Vault authentication/secrets flow. The description mentions "integration" but lacks workflow context.Credential Hygiene — 18 / 20
vault_tokenvariable is markedsensitive = truein main.tf. README examples usevar.vault_tokenrather than inline secrets.vault_tokenvariable, which requires pasting raw tokens into template variables. Related modules (vault-github, vault-jwt) are mentioned for alternative auth methods, but this module itself only documents the token path. Half credit for acknowledging better paths exist elsewhere.Restricted-Environment Readiness — 5 / 20
vault_cli_versionvariable controls which version to fetch, not where to fetch from.Engineering Quality — 10 / 10
vault_cli_version(semantic version or "latest").Overall — 67 / 100
Raw 50 / 75 → round(50 / 75 × 100) = 67
Track: Utility (installs CLI tool, not an agent or IDE)
Badge: Adequate
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions