A wrapper binary for storing simple key/value type secrets in Hashicorp Vault
Running SECRETS without any parameters shows the main top level help:
Usage:
secrets [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
config Manage local configuration
get retrieve a secret
delete delete a secret
help Help about any command
list list available secrets
set sets a secret
Flags:
-h, --help help for SECRETS
-v, --version version for SECRETS
Use the -h or --help flag to display help on any of the commands (and sub-commands)
In order to use SECRETS, you need to ensure that you initially set the configuration - you can display the info needed by using the set help command:
Usage:
secrets config set [flags]
Flags:
-a, --address string the address of Vault, e.g. http://127.0.0.1:9000
-h, --help help for set
-w, --password string the Vault password for the username
-p, --project string a project name (without spaces)
-s, --store string the Key Value store in Vault to use
-u, --username string the Vault username
Use the information sent to you by your a Vault administrator prior to trying to get/set any secrets.
Each project has a list of secrets - access to these secrets (and the ability to read, write or delete) are controlled by the underlying Vault policy applied to the user. SECRETS makes the presumption that you have authority to do everything and then fails (gracefully!) if you don't.
- logical
storeis actually a Vault key/value store, i.e. a secret store off the root - logical
projectis actually a path off the above secret store, e.g./store/project - logical
secretis a key/value pair with the key simply calledvalueassociated with the secret itself, e.g./store/project/app1-admin-passwordcould contain a single key/value pair calledvalue:myapp1password