Skip to content

previder/vault-cli

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vault-cli is a project to have a light-weight, secure and multi-tenant solution for encrypted password storage. Is uses the Vault Rest API where you can manage your environments, tokens and secrets.

Release:

Release Version

Last build:

Last build

Last release:

Last publish

Environments

Security is key in the project. You can create separate environments for your projects or customers. All environments use unique encryption keys, which are never stored in the database and are only available to the customer.

The MasterAdmin token can create an Environment. As a response to this call an EnvironmentAdmin token is returned once. This type of token can be used to create ReadWrite or ReadOnly tokens. Read the section Tokens for more detailed view of the different token types.

Tokens

There are 4 types of tokens, each having its own purpose.

EnvironmentAdmin ReadWrite ReadOnly
Create ReadWrite/ReadOnly token
Manage secrets
Get decrypted secret

Getting started

Vault-cli is a stand-alone binary to use with the Vault API.

To see all usages, run

./vault-cli --help

Token

Use the token directly from the command-line or define the VAULT_TOKEN environment variable.

Usage example

./vault-cli -t <insert-token> secret list

Will print all secrets in the Vault environment

export VAULT_TOKEN="insert-token"
./vault-cli secret decode <yoursecret>

To get the decrypted secret back to use in an application.

Output

The default output format is json. Lists of environments, tokens and secrets can also be pretty-printed with the -o pretty parameter.