vkv
is a wrapper around vault
that uses tab completion and simplified arguments to help you:
- Dump secrets as json
- Get values as plaintext
- Copy values to the clipboard
- Add and replace values in secrets
- Delete and purge secrets and values
...with any HashiCorp Vault KV Engine (versions 1 and 2).
vkv path/to/secret # gets all key-value pairs of a secret as json
vkv path/to/secret -d # deletes a secret
vkv path/to/secret -p # purges a secret
vkv path/to/secret some_key # prints the value of an existing key in a secret
vkv path/to/secret some_key . # copies the value to the system clipboard
vkv path/to/secret some_key=-d # deletes the value
vkv path/to/secret some_key=some-val # sets the value (newlines via \n ok)
vkv path/to/secret some_key=- # sets the value from stdin (actual newlines ok)
Hitting TAB
while entering a path or key name will provide autocompletion based on existing data.
- Make sure vault
and jq are installed and in your
PATH
. - Source the
vkv.sh
script from your.bashrc
or other startup script, e.g.. $HOME/bin/vkv.sh
vkv
paths are relative to a configured prefix, set by setting the VKV_PREFIX
environment variable.
If this is not set, the default will be secret
, which is the name of the default kv
engine
configured with vault
out of box.
The clipboard functionality relies on an external program, set by setting the VKV_CLIPBOARD
environment
variable. If this is not set, the default will be pbcopy
, which is the tool that works for macOS.
If you're running another OS, look into xsel
or xclip
.
If set (to any value, like 1
), this will activate verbose output so you can debug if something
is going wrong. VKV_DEBUG
will cause vkv
to print extra diagnostic information for each command,
while VKV_TRACE
will cause it print all commands (and output) for every command it runs.