Vault-cli is a project to have a light-weight, secure and multi-tenant solution for encrypted password storage. Is uses the Vault Rest API where you can manage your environments, tokens and secrets.
Release:
Last build:
Last release:
Security is key in the project. You can create separate environments for your projects or customers. All environments use unique encryption keys, which are never stored in the database and are only available to the customer.
The MasterAdmin token can create an Environment. As a response to this call an EnvironmentAdmin token is returned once. This type of token can be used to create ReadWrite or ReadOnly tokens. Read the section Tokens for more detailed view of the different token types.
There are 4 types of tokens, each having its own purpose.
EnvironmentAdmin | ReadWrite | ReadOnly | |
---|---|---|---|
Create ReadWrite/ReadOnly token | ✅ | ||
Manage secrets | ✅ | ||
Get decrypted secret | ✅ | ✅ |
Vault-cli is a stand-alone binary to use with the Vault API.
To see all usages, run
./vault-cli --help
Use the token directly from the command-line or define the VAULT_TOKEN environment variable.
./vault-cli -t <insert-token> secret list
Will print all secrets in the Vault environment
export VAULT_TOKEN="insert-token"
./vault-cli secret decode <yoursecret>
To get the decrypted secret back to use in an application.
The default output format is json
. Lists of environments, tokens and secrets can also be pretty-printed with the -o pretty
parameter.