Skip to content
/ vault-cli Public

A simple and secure CLI tool for managing multi-tenant secrets, tokens, and environments through the Previder Secure Vault's REST API

vault.previder.io

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

previder/vault-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Vault-cli is a project to have a light-weight, secure and multi-tenant solution for encrypted password storage. Is uses the Vault Rest API where you can manage your environments, tokens and secrets.

Security is key in the project. All Secure Vaults use unique encryption keys, which are never stored in the database and are only available to the customer.

Release:

Release Version

Last build:

Last build

Last release:

Last publish

Tokens

There are 3 types of tokens, each having its own purpose. The token received from the

EnvironmentAdmin ReadWrite ReadOnly
Manage tokens
Manage secrets
Get decrypted secret

The initial token received when a Secure Vault via the Previder Portal is created is of the type EnvironmentAdmin. This type of token can be used to manage ReadWrite or ReadOnly tokens, but not secrets. An additional token of the type EnvironmentAdmin can also be created. Use the following command to create a token of type EnvironmentAdmin.

./vault-cli -t <insert-token> token create --description "EnvironmentAdmin token" --type EnvironmentAdmin

Getting started

Vault-cli is a stand-alone binary to use with the Vault API.

To see all usages, run

./vault-cli --help

The token can be used via the command-line itself.

./vault-cli -t <insert-token> secret list

To use a more secure method, set the token as an environment variable once to use it with the client.

export VAULT_TOKEN="insert-token"
./vault-cli secret list

Creating tokens for secret management

ReadWrite token

A ReadWrite type token can create, list, get, delete and decrypt secrets. To create a ReadWrite token using the EnvironmentAdmin token, run the following command:

./vault-cli token create --description "ReadWrite token" --type ReadWrite

ReadOnly token

A ReadOnly type token can only decrypt secrets of which an id or name are known. This type cannot manage secrets. To create a ReadOnly token for use in a cluster, run the following command:

./vault-cli token create --description "ReadOnly token" --type ReadOnly

Usage examples

List all tokens

Only available to EnvironmentAdmin type tokens

./vault-cli token list

List all secrets

Only available to ReadWrite type tokens

./vault-cli secret list

Create a secret

Only available to ReadWrite type tokens

./vault-cli secret create --description "Example secret" --secret "SuperSecurePassword"

Delete a secret

Only available to ReadWrite type tokens

./vault-cli secret delete <id or description of the secret>

Decrypt a secret

Only available to ReadWrite and ReadOnly type tokens

./vault-cli secret decrypt <id or description of the secret>

To get the decrypted secret back to use in an application.

Output

The default output format is json. Lists of environments, tokens and secrets can also be pretty-printed with the -o pretty parameter.

About

A simple and secure CLI tool for managing multi-tenant secrets, tokens, and environments through the Previder Secure Vault's REST API

vault.previder.io

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

v0.1.2 Latest
Sep 18, 2024
+ 3 releases

Languages