Name: vault-cli
Owner: PeopleDoc
Description: null
Created: 2018-04-11 09:10:32.0
Updated: 2018-05-18 09:14:06.0
Pushed: 2018-05-18 09:14:04.0
Homepage: null
Size: 57
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This tools allows simple interactions with the vault API, allowing configuration to be done in a separate step using a YAML configuration file.
This is especially interesting if you interact with Hashicorp Vault from automated deployment tools
The tool is packaged but the package is not yet available on pypi.
pip install git+https://github.com/peopledoc/vault-cli.git
ult --help
e: vault [OPTIONS] COMMAND [ARGS]...
teract with a Vault. See subcommands for details.
ons:
, --url TEXT URL of the vault instance
verify / --no-verify Verify HTTPS certificate
, --certificate FILENAME The certificate to connect to vault
, --token TEXT The token to connect to Vault
, --token-file FILENAME File which contains the token to connect to
Vault
, --username TEXT The username used for userpass authentication
, --password-file FILENAME Can read from stdin if "-" is used as
parameter
, --base-path TEXT Base path for requests
, --help Show this message and exit.
ands:
lete Deletes a single secret.
t Return a single secret value.
t-all Return multiple secrets.
st List all the secrets at the given path.
t Set a single secret to the given value(s).
There are three ways to authenticate against the vault:
-
for stdin.-
.nnect to https://vault.mydomain:8200/project and list the secrets
ult --url=https://vault.mydomain:8200 --certificate=/etc/vault/certificate.key --base-path=project/ list
secret']
ing the configuration file, get the value for my_secret (yaml format)
ult get my_secret
qwerty
me with only the value of the secret in plain text
ult get my_secret --text
ty
d another secret
ult set my_other_secret supersecret
d a secret object
ult set --yaml blob_secret "{code: supercode}"
t all values from the vault in a single command (yaml format)
ult get-all
ecret: qwerty
ther_secret: supersecret
_secret:
de: supercode
:
_folder_secret: sesame
t a nested secret based on a path
ult get-all test/my_folder_secret
:
_folder_secret: sesame
t all values from a folder in a single command (yaml format)
ult get-all test my_secret
ecret: qwerty
:
_folder_secret: sesame
lete a secret
ult delete my_other_secret
All files at the following location are read (in increasing priority order), parsed, merged and used:
/etc/vault.yml
~/.vault.yml
./.vault.yml
Any option passed as command line flag will be used over the corresponding option in the documentation.
The expected format of the configuration is a mapping, with option names and their corresponding values:
name: my_username
word-file: ~/.vault-password
n-file: ~/.vault-token
https://vault.mydomain:8200
fy: no
-path: project/
Just note that the --verify / --no-verify
flag become verify: yes
or
verify: no
The tool is currently in beta mode. It's missing docs, tests, CI, pip packaging, debian packaging, and such. Be warned