An Interactive HashiCorp Vault Shell
source link: https://www.tuicool.com/articles/mMfIFb3
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Status
vsh
vsh is an interactive HashiCorp Vault shell which treats vault secret paths like directories. That way you can do recursive operations on the paths. Both, vault KV v1 and v2 are supported. Further, copying/moving secrets between both versions is supported.
vsh can also act as an executor in a non-interactive way (similar to bash -c "<cmd>"
).
Supported commands
mv <from-path> <to-path> cp <from-path> <to-path> rm <dir-path or filel-path> ls <dir-path // optional> cd <dir-path> cat <file-path>
Unlike unix, cp
and rm
always have the -r
flag implied, i.e., every operation works recursively on the paths.
Interactive mode
export VAULT_ADDR=http://localhost:8080 export VAULT_TOKEN=root export VAULT_PATH=secret/ # VAULT_PATH is optional ./vsh http://localhost:8080 /secret/>
Note:in order to query the root /
the VAULT_TOKEN
should have permissions to list the available secret backends ( sys/mounts/
). In case you do not have those permissions you can use VAULT_PATH
to set the start path and avoid queries on sys/mounts/
.
Note:the given token is used for auto-completion, i.e., quite some List()
queries are done with that token, even if you do not rm
or mv
anything. If your token has a limited number of uses, then consider using the non-interactive mode to avoid auto-completion queries.
Non-interactive mode
export VAULT_ADDR=<addr> export VAULT_TOKEN=<token> ./vsh -c "rm secret/dir/to/remove/"
Local Development
Requirements:
golang docker make
make compile make integration-test
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK