vc

command
v0.0.0-...-706cdc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2021 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Command vc is a Vault Client for manipulating secrets inside Vault

Environment Variables

vc respects the following environment settings: 

VAULT_ADDR        Vault server address
VAULT_CACERT      Path to a PEM-encoded CA cert file to use to verify the
                  Vault server SSL certificate.
VAULT_CAPATH      Path to a directory of PEM-encoded CA cert files to verify
                  the Vault server SSL certificate. If VAULT_CACERT is
                  specified, its value will take precedence.
VAULT_TOKEN       Vault access token
VAULT_TOKEN_FILE  Vault access token file

If no VAULT_TOKEN is set, VAULT_TOKEN_FILE will try: 

$HOME/.vault-token
/etc/vault-client/token

Command cat

Show the contents of a secret. 

Usage: vc cat [<options>] <secret path>

Options:
  -k string
    	key (default __TYPE__)
  -m string
    	output mode (default 0600)
  -o string
    	output (default: stdout)

Command edit

Open an interactive editor for manipulating secrets or creating new secrets. 

Usage: vc edit <secret path>

Command file

Store or retrieve files. 

Usage: vc file <get|put> <secret path> <file path>

Options:
  -f	force overwrite
  -i	ignore missing key
  -m string
    	output mode (for put) (default 0600)

In get mode, if the file at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

In put mode, if the secret at path already exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

The actual secret is stored in base64 encoding, and it will have the magic type marker (__TYPE__) of "file".

Command ls

List secrets. 

Usage: vc [<options>] ls [<secret path>]

Options:
  -1	list in compact format
  -R	recursively list subdirectories encountered
  -l	list in long format

Command mv

Move secrets. 

Usage: vc [<options>] mv <source secret> <target secret>

Options:
  -f	force overwrite

If the secret at the destination path exists, vc will prompt the user to overwrite if the terminal is interactive and otherwise throw an error, unless force overwrite is enabled.

Command rm

Remove secrets. 

Usage: vc rm <secret path>

Options:
  -f	force removal

Command template

Render a template containing Vault secrets. The default render engine is text/template, see https://golang.org/pkg/text/template/ 

Usage: vc template [<options>] <file>

Options:
  -m string
    	output mode (default 0600)
  -o string
    	output (default: stdout)

The template has a function "secret", which allows for looking up secret values stored in Vault. The function expects a path to a generic secret and a key.

Example: 

The value for key foo at secret/test is: {{secret "secret/test" "foo"}}

The render engine will first evaulate the template file and retrieve all desired secret paths and keys. Nextly, it will contact Vault and fetch the requested secrets. The render engine will report a fatal error if any of the secrets are missing or if there is an error contacting Vault.

Type key

Only partial support is implemented for the magic __TYPE__ key which allows for typed values.

Available types: 

file     Base64 encoded file in key "contents"
json     Substructure is a key-value dictionary with json encoding

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.