@litehex/vault-cli
Advanced tools
A minimal CLI to access your HashiCorp's Vault secrets from the command line.
npx @litehex/vault-cli --help
# Or
bunx @litehex/vault-cli --help
npm i -g @litehex/vault-cli
This command will create a profile in your home directory. It will be used to store your Vault's address and token.
Usage: vault make-profile [options] <name>
Create a new vault profile
Options:
--endpoint-url <endpoint-url> Vault endpoint URL
--token <vault-token> Vault token
--force Overwrite existing profile (default: false)
-h, --help display help for command
# Create a new profile
vault make-profile my-profile --endpoint-url https://vault.example.com --token my-token
This command will push a secret to your Vault.
Usage: vault push [options] <env-file> <secrets-path>
Push an environment to Vault
Options:
-P, --profile <name> Name of the profile to use.
--endpoint-url <endpoint-url> Vault endpoint URL
--token <vault-token> Vault token
--cwd <cwd> Current working directory (default: ".")
--force Write to Vault even if the secrets are in conflict (default: false)
-h, --help display help for command
# Push a .env.local file to Vault
vault push --profile my-profile .env.local secret/my-app
# Use credentials instead of a profile
vault push --endpoint-url https://vault.example.com --token my-token .env.local secret/my-app
This command will pull a secret from your Vault.
Usage: vault pull [options] <secrets-path>
Pull an environment from Vault
Options:
-P, --profile <name> Name of the profile to use.
--endpoint-url <endpoint-url> Vault endpoint URL
--token <vault-token> Vault token
-O, --output-file <output-path> Path to write the environment file to
-F, --format <format> Format of the environment file (default: "dotenv")
--cwd <cwd> Current working directory (default: ".")
--force Write environment file even if it exists (default: false)
-h, --help display help for command
# Pull a secret from Vault
vault pull --profile my-profile secret/my-app
# Pull a secret from Vault and save it to a .env file
vault pull --profile my-profile secret/my-app --env-path .env
# Pull a secret from Vault and add them to shell environment
vault pull --profile my-profile secret/my-app --format shell | grep -e '^export' | source /dev/stdin
This command will pull and pipe secrets from your Vault to another command.
Usage: vault pipe [options] <secrets-path> [command...]
Pull an environment from Vault and pipe it to a command
Arguments:
secrets-path
command Command to pipe to (default: [])
Options:
-P, --profile <name> Name of the profile to use.
--endpoint-url <endpoint-url> Vault endpoint URL
--token <vault-token> Vault token
--cwd <cwd> Current working directory (default: ".")
-h, --help display help for command
# Pull a secret from Vault and pipe it to a command
vault pipe --profile my-profile secret/my-app env | grep -e '^MY_APP_'
# Pull a secret from Vault and pipe it to a node script
vault pipe --profile my-profile secret/my-app "node -e 'console.log(process.env.MY_APP_SECRET)'"
This command will remove a path or some versions of a secret.
Usage: vault rm [options] <secrets-path> [versions...]
Remove a secret from Vault
Arguments:
secrets-path
versions Versions to remove. By default, path will be removed (default: [])
Options:
-P, --profile <name> Name of the profile to use
--endpoint-url <endpoint-url> Vault endpoint URL
--token <vault-token> Vault token
--force Remove the secret without confirmation (default: false)
-h, --help display help for command
# Remove a path secret from Vault
vault rm --profile my-profile secret/my-app
# Remove a secret version from Vault
vault rm --profile my-profile secret/my-app 3 4
If you are having trouble getting something to work with this tool or run into any problems, you can create a new issue GitHub Issues.
This project is licensed under the GPL-3.0 License - see the LICENSE file for details
FAQs
CLI for HashiCorp's Vault KV2 engine
The npm package @litehex/vault-cli receives a total of 0 weekly downloads. As such, @litehex/vault-cli popularity was classified as not popular.
We found that @litehex/vault-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
Security News
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
Product
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.