vault-cli
is a Python 3.6+ tool that offers simple interactions to manipulate
secrets from Hashicorp Vault. With vault-cli
, your secrets can be kept secret,
while following 12-factor principles.
- Configure once, use everywhere thanks to cascading (local, user, global) YAML configuration file
- Read, browse, write, move, delete secrets easily
- Read multiple secrets at once, as YAML
- Launch processes with your secrets as environment variables
- Launch processes with
ssh-agent
configured from your vault - Write templated files with secrets inside
vault-cli
tries to make accessing secrets both secure and painless.
Here are a few things you might do with vault-cli
:
$ # Install:
$ pip install vault-cli
$ # Write a secret:
$ vault-cli set mysecret mykey --prompt
Please enter a value for key `mykey` of `mysecret`: *******
$ # Read a secret:
$ vault-cli get mysecret mykey
ohsosecret
$ # Load a secret into the environment variables:
$ vault-cli env --envvar mysecret -- env | grep MYSECRET
MYSECRET_MYKEY=ohsosecret
$ # Load an ssh key into your ssh-agent:
$ vault-cli ssh --key ssh_private_key -- ssh -T git@github.com
Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.
The package is young but supported and alive. We're mindful of deprecations through semantic versionning and accepting bug reports and feature requests.
The complete docs is probably the best place to learn about the project.
If you encounter a bug, or want to get in touch, you're always welcome to open a ticket.