Index
vkv
vkv is a little CLI tool written in Go, which enables you to list, compare, import, document, backup & encrypt secrets from a HashiCorp Vault KV engine:
Features¶
- Support KV version 1 & version 2 (no need to specify the version
vkvwill automatically detect the engines version) - CI/CD Integrations for Gitlab, GitHub, Azure Devops
- support all Vault Auth Env Vars and
VKV_LOGIN_COMMANDfor avoiding having to hardcode theVAULT_TOKEN(example) - recursively print secrets of any KV Engine in
json,yaml,markdownand other formats - engine export shows the secret version as well as its custom metadata
- customize the output (show only-keys, only-paths, mask/unmask secrets) via flags or environment
- print the CRUD-capabilities of the authenticated token for each KV-path (format:
policy) - print secrets in
export <key>=<value>format for env var exporting (format:export) - move or migrate secrets from KVV1 to a KVV2 Engine or any subpath example
- import secrets back to Vault from
vkv'sjsonoryamlformat output - save and restore KVv2 snapshots (including namespaces) (kubernetes example)
- list all KVv2-engines or namespaces for scripting purposes (fzf example)
- more handy snippets using
fzf,sops&diff
Checkout the Quickstart Guide to learn more about vkv
Last update:
April 12, 2024