Skip to main content

CLI tool for hashicorp vault

Project description

CLI tool for Hashicorp Vault

This tools allows simple interactions with the vault API, allowing configuration to be done in a separate step using a YAML configuration file.

This is especially interesting if you interact with Hashicorp Vault from automated deployment tools

Installation

The tool is packaged but the package is not yet available on pypi.

pip install vault-cli

If you wish to use the hvac backend, install with

pip install vault-cli[hvac]

Usage

$ vault --help
Usage: vault [OPTIONS] COMMAND [ARGS]...

  Interact with a Vault. See subcommands for details.

Options:
  -U, --url TEXT                URL of the vault instance
  --verify / --no-verify        Verify HTTPS certificate
  -c, --certificate FILENAME    The certificate to connect to vault
  -t, --token TEXT              The token to connect to Vault
  -T, --token-file FILENAME     File which contains the token to connect to
                                Vault
  -u, --username TEXT           The username used for userpass authentication
  -w, --password-file FILENAME  Can read from stdin if "-" is used as
                                parameter
  -b, --base-path TEXT          Base path for requests
  --backend TEXT                Name of the backend to use (requests, hvac)
  -h, --help                    Show this message and exit.

Commands:
  delete   Deletes a single secret.
  get      Return a single secret value.
  get-all  Return multiple secrets.
  list     List all the secrets at the given path.
  set      Set a single secret to the given value(s).

Authentication

There are three ways to authenticate against the vault:

  • Username and password file: provide a username and a file to read the password from. The file may be - for stdin.
  • Certificate: provide the path to a certificate file. The file may also be read from stdin via -.
  • Token: Bypass authentication step if you already have a valid token.

Examples

# Connect to https://vault.mydomain:8200/project and list the secrets
$ vault --url=https://vault.mydomain:8200 --certificate=/etc/vault/certificate.key --base-path=project/ list
['mysecret']

# Using the configuration file, get the value for my_secret (yaml format)
$ vault get my_secret
--- qwerty
...

# Same with only the value of the secret in plain text
$ vault get my_secret --text
qwerty

# Add another secret
$ vault set my_other_secret supersecret
Done

# Add a secret object
$ vault set --yaml blob_secret "{code: supercode}"
Done

# Get all values from the vault in a single command (yaml format)
$ vault get-all
---
my_secret: qwerty
my_other_secret: supersecret
blob_secret:
  code: supercode
test:
  my_folder_secret: sesame

# Get a nested secret based on a path
$ vault get-all test/my_folder_secret
test:
  my_folder_secret: sesame

# Get all values from a folder in a single command (yaml format)
$ vault get-all test my_secret
---
my_secret: qwerty
test:
  my_folder_secret: sesame

# Delete a secret
$ vault delete my_other_secret
Done

Configuration

All files at the following location are read (in increasing priority order), parsed, merged and used:

  1. /etc/vault.yml
  2. ~/.vault.yml
  3. ./.vault.yml

Any option passed as command line flag will be used over the corresponding option in the documentation.

The expected format of the configuration is a mapping, with option names and their corresponding values:

---
username: my_username
password-file: ~/.vault-password
# or
token-file: ~/.vault-token
url: https://vault.mydomain:8200
verify: no
base-path: project/
...

Just note that the --verify / --no-verify flag become verify: yes or verify: no

State

The tool is currently in beta mode. It's missing docs, tests, CI, and such. Be warned.

License

Copyright 2018 PeopleDoc

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vault-cli-0.3.0.tar.gz (7.7 kB view details)

Uploaded Source

Built Distribution

vault_cli-0.3.0-py2.py3-none-any.whl (10.7 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file vault-cli-0.3.0.tar.gz.

File metadata

  • Download URL: vault-cli-0.3.0.tar.gz
  • Upload date:
  • Size: 7.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0

File hashes

Hashes for vault-cli-0.3.0.tar.gz
Algorithm Hash digest
SHA256 4afb3c2bee7923fdd2a2f63581b0b0b0bbc72c47bde2b863d3f5816dd7973ba0
MD5 7170f3e14cada3ac7cdbd501c29b9692
BLAKE2b-256 d06510e6c7a546869548f01a472239c715af023fa854e3bb1384204ee1b098b2

See more details on using hashes here.

File details

Details for the file vault_cli-0.3.0-py2.py3-none-any.whl.

File metadata

  • Download URL: vault_cli-0.3.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 10.7 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.0

File hashes

Hashes for vault_cli-0.3.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 676b039b713be955deec841ca880f7ded7a8b8ac9fe8d54c36a51a1d001efe1a
MD5 a28c8c690904ffe22c532011f4a3c705
BLAKE2b-256 c5bc9441e3eb96dcc65c3d21369121433096ab68042194348395037ffce95b31

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page