# README
Vault-cli is a project to have a light-weight, secure and multi-tenant solution for encrypted password storage. Is uses the Vault Rest API where you can manage your environments, tokens and secrets.
Release:
Last build:
Last release:
Environments
Security is key in the project. You can create separate environments for your projects or customers. All environments use unique encryption keys, which are never stored in the database and are only available to the customer.
The MasterAdmin token can create an Environment. As a response to this call an EnvironmentAdmin token is returned once. This type of token can be used to create ReadWrite or ReadOnly tokens. Read the section Tokens for more detailed view of the different token types.
Tokens
There are 4 types of tokens, each having its own purpose.
| EnvironmentAdmin | ReadWrite | ReadOnly | |
|---|---|---|---|
| Create ReadWrite/ReadOnly token | ✅ | ||
| Manage secrets | ✅ | ||
| Get decrypted secret | ✅ | ✅ |
Getting started
Vault-cli is a stand-alone binary to use with the Vault API.
To see all usages, run
./vault-cli --help
Token
Use the token directly from the command-line or define the VAULT_TOKEN environment variable.
Usage example
./vault-cli -t <insert-token> secret list
Will print all secrets in the Vault environment
export VAULT_TOKEN="insert-token"
./vault-cli secret decode <yoursecret>
To get the decrypted secret back to use in an application.
Output
The default output format is json. Lists of environments, tokens and secrets can also be pretty-printed with the -o pretty parameter.