Skip to content

A configurable command-line interface tool (and python library) to interact with Hashicorp Vault

License

Notifications You must be signed in to change notification settings

peopledoc/vault-cli

Repository files navigation

vault-cli: 12-factor oriented command line tool for Hashicorp Vault

Deployed to PyPI Documentation Status Continuous Integration Status Coverage Status Apache License Contributor Covenant

vault-cli is a Python 3.6+ tool that offers simple interactions to manipulate secrets from Hashicorp Vault. With vault-cli, your secrets can be kept secret, while following 12-factor principles.

Some features

  • Configure once, use everywhere thanks to cascading (local, user, global) YAML configuration file
  • Read, browse, write, move, delete secrets easily
  • Read multiple secrets at once, as YAML
  • Launch processes with your secrets as environment variables
  • Launch processes with ssh-agent configured from your vault
  • Write templated files with secrets inside

vault-cli tries to make accessing secrets both secure and painless.

Showcase

Here are a few things you might do with vault-cli:

$ # Install:
$ pip install vault-cli

$ # Write a secret:
$ vault-cli set mysecret mykey --prompt
Please enter a value for key `mykey` of `mysecret`: *******

$ # Read a secret:
$ vault-cli get mysecret mykey
ohsosecret

$ # Load a secret into the environment variables:
$ vault-cli env --envvar mysecret -- env | grep MYSECRET
MYSECRET_MYKEY=ohsosecret

$ # Load an ssh key into your ssh-agent:
$ vault-cli ssh --key ssh_private_key -- ssh -T git@github.com
Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.

State

The package is young but supported and alive. We're mindful of deprecations through semantic versionning and accepting bug reports and feature requests.

Where to go from here

The complete docs is probably the best place to learn about the project.

If you encounter a bug, or want to get in touch, you're always welcome to open a ticket.