Skip to content

vkv

drawing drawing drawing drawing drawing

gif

vkv is a little CLI tool written in Go, which enables you to list, compare, import, document, backup & encrypt secrets from a HashiCorp Vault KV engine:

Features

  • Support KV version 1 & version 2 (no need to specify the version vkv will automatically detect the engines version)
  • CI/CD Integrations for Gitlab, GitHub, Azure Devops
  • support all Vault Auth Env Vars and VKV_LOGIN_COMMAND for avoiding having to hardcode the VAULT_TOKEN (example)
  • clickable secrets redirecting to the secret in Vaults UI
  • recursively print secrets of any KV Engine in json, yaml, markdown and other formats
  • engine export shows the secret version as well as its custom metadata
  • customize the output (show only-keys, only-paths, mask/unmask secrets) via flags or environment
  • print the CRUD-capabilities of the authenticated token for each KV-path (format: policy)
  • print secrets in export <key>=<value> format for env var exporting (format: export)
  • move or migrate secrets from KVV1 to a KVV2 Engine or any subpath example
  • import secrets back to Vault from vkv's json or yaml format output
  • save and restore KVv2 snapshots (including namespaces) (kubernetes example)
  • list all KVv2-engines or namespaces for scripting purposes (fzf example)
  • more handy snippets using fzf, sops & diff

Checkout the Quickstart Guide to learn more about vkv as well as the CLI Reference