vault-cli
: 12-factor oriented command line tool for Hashicorp Vault
vault-cli
is a Python 3.6+ tool that offers simple interactions to manipulate
secrets from Hashicorp Vault. With vault-cli
, your secrets can be kept secret,
while following 12-factor principles.
Some features
- Configure once, use everywhere thanks to cascading (local, user, global) YAML configuration file
- Read, browse, write, move, delete secrets easily
- Read multiple secrets at once, as YAML
- Launch processes with your secrets as environment variables
- Launch processes with
ssh-agent
configured from your vault - Write templated files with secrets inside
vault-cli
tries to make accessing secrets both secure and painless.
Showcase
Here are a few things you might do with vault-cli
:
$ # Install:
$ pip install vault-cli
$ # Write a secret:
$ vault-cli set mysecret mykey --prompt
Please enter a value for key `mykey` of `mysecret`: *******
$ # Read a secret:
$ vault-cli get mysecret mykey
ohsosecret
$ # Load a secret into the environment variables:
$ vault-cli env --envvar mysecret -- env | grep MYSECRET
MYSECRET_MYKEY=ohsosecret
$ # Load an ssh key into your ssh-agent:
$ vault-cli ssh --key ssh_private_key -- ssh -T git@github.com
Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.
State
The package is young but supported and alive. We're mindful of deprecations through semantic versionning and accepting bug reports and feature requests.
Where to go from here
The complete docs is probably the best place to learn about the project.
If you encounter a bug, or want to get in touch, you're always welcome to open a ticket.