Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@lockzero/vault-sync

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@lockzero/vault-sync

Bidirectional sync between LockZero and HashiCorp Vault (KV v2)

latest
Source
npmnpm
Version
1.0.0
Version published
Weekly downloads
7
-46.15%
Maintainers
1
Weekly downloads
 
Created
Source

@lockzero/vault-sync

Bidirectional sync between LockZero and HashiCorp Vault KV v2.

Installation

npm install -g @lockzero/vault-sync

Authentication

CredentialHow to provide
LockZero API key--lz-key <key> or LOCKZERO_API_KEY env var
Vault address--vault-addr <addr> or VAULT_ADDR env var
Vault token--vault-token <token> or VAULT_TOKEN env var

Secret layout

Each LockZero namespace is stored as a single KV v2 secret at lockzero/<namespace>. All fields are stored as key→value pairs within the same secret (Vault KV naturally stores maps).

Example: namespace openai → Vault path secret/data/lockzero/openai

Commands

push — LockZero → Vault

lockzero-vault push \
  --namespace openai \
  --vault-addr https://vault.example.com \
  --vault-token $VAULT_TOKEN \
  --mount secret

# Preview without writing
lockzero-vault push --namespace openai --dry-run

pull — Vault → LockZero

lockzero-vault pull \
  --namespace openai \
  --vault-addr https://vault.example.com \
  --vault-token $VAULT_TOKEN

# Preview without writing
lockzero-vault pull --namespace openai --dry-run

diff — show what would change

# Show what a push would do
lockzero-vault diff --namespace openai --direction push

# Show what a pull would do
lockzero-vault diff --namespace openai --direction pull

watch — continuous sync (Vault → LockZero)

Polls Vault every N seconds. When field values change, they are automatically synced to LockZero. Uses SHA-256 hash comparison to detect changes with no false positives from key-ordering differences.

lockzero-vault watch \
  --namespace openai \
  --vault-addr https://vault.example.com \
  --vault-token $VAULT_TOKEN \
  --interval 30

# Output:
# [2026-05-10T06:00:00.000Z] Baseline established: 3 field(s) at lockzero/openai
# [2026-05-10T06:00:30.000Z] No changes (3 field(s) unchanged)
# [2026-05-10T06:01:00.000Z] Change detected at lockzero/openai — syncing to LockZero…
# [2026-05-10T06:01:00.123Z] Synced 3 field(s) successfully

Press Ctrl+C to stop.

Options

FlagDefaultDescription
--namespacerequiredLockZero namespace (e.g. openai, stripe)
--lz-keyenvLockZero API key
--lz-base-urlhttps://api.lockzero.ioLockZero base URL
--vault-addrenvVault server address
--vault-tokenenvVault token
--mountsecretVault KV mount path
--directionpushDiff direction: push or pull
--interval30Watch polling interval in seconds
--dry-runfalsePreview changes without writing

Minimal Vault policy

path "secret/data/lockzero/*" {
  capabilities = ["create", "read", "update", "list"]
}
path "secret/metadata/lockzero/*" {
  capabilities = ["list"]
}

Keywords

lockzero
hashicorp
vault
secrets
sync
kv

FAQs

Package last updated on 10 May 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

US Government Forces Anthropic to Pull Claude Fable Days After Launch

Security News

US Government Forces Anthropic to Pull Claude Fable Days After Launch

Anthropic says the directive cited national security concerns over a narrow jailbreak, but offered no specific technical details.

By Sarah Gooding  -  Jun 13, 2026