Vault
Documentation for the slv vault command.
Aliases: vault, v, vaults, secret, secrets
Commands Available:
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --vault | String | True | NA | Path to the SLV Vault file |
| --help | None | NA | NA | Help text for slv vault |
The vault command always works within the context of a vault file. Therefore, the --vault flag will have to be set for all commands. The vault file must end with either .slv.yml or slv.yaml.
Create a New Vault
Create a new vault file.
General Usage:
slv vault --vault <PATH_TO_VAULT> new [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --env-self | None | NA | NA | Share vault with the environment set to self |
| --env-k8s | None | NA | NA | Share vault with the environment in current kubernetes context |
| --env-pubkey | String(s) | False | None | Share vault with the environment with given Public Keys |
| --env-search | String(s) | False | None | Share vault with environment based on search string |
| --k8s-namespace | String | False | None | The kubernetes namespace to set for vault CR |
| --k8s-secret | String | False | None | Construct a vault file based on a K8S secret (Use - to read from stdin) |
| --quantum-safe | None | NA | NA | Use Quantum Resistant Cryptography (Kyber1024) |
| --name | String | False | None | Name of the vault CR - If not set, it will be set as the stripped filename |
| --hash | None | NA | NA | Enables hashing by preserving a partial hash of the actual secret for the purpose of validating secret rotation [Not recommended, though it might be difficult to brute-force] |
| --help | None | NA | NA | Help text for slv vault new |
Creating a simple vault
Usage:
slv vault --vault <PATH_TO_VAULT> new [--env-self/--env-k8s/--env-pubkey/--env-search]
Note that you must atleast give one of the above 4 flags.
Example:
$ slv vault --vault test.slv.yaml new --env-self
Created vault: test.slv.yaml
$ cat test.slv.yaml
# This file is managed by SLV. DO NOT EDIT THIS FILE MANUALLY.
# Use the pattern {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.YOUR_SECRET_NAME}} as placeholder to reference data from this vault into files
apiVersion: slv.sh/v1
kind: SLV
metadata:
annotations:
slv.sh/version: v0.9.0
creationTimestamp: "2025-04-25T07:54:38Z"
name: test
spec:
slvConfig:
id: SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP
publicKey: SLV_VPK_AEAVMAAAACYH33FBSJWDB7R4QUGQMPBX2F4DZLWC5LLZIAWSA7EQPDEYEP7A6
wrappedKeys:
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAAFCQPSQVXJZ4OVL66YX7KRRYTO5ULQ3G2FKU23VXJUW3HSFRGTANQAABR2XFCCCLCW3CPQEXQ7T3NBLE7EL3IMI3D27DDRALFTYHJ4V6MK253HXHI2ZPNWV7HFI7LAPOWJI6Q6I2Q6BLI76UWYB5GDQBDE32FII4HFSUDNL6ZEJ5E75CUCXJYMOTWUTDJ4UGOTLREHVTTHMQZ3OIECEWN6Q6YQMVOPJS4DLHOAEUG4C2VVLCIMEI2Q44ALURPV7OFVTE4VI2CGSLEEWYR6SOAGKJTJM7SXTG324JYST4BPPWQSA2EET5M
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAADAOZIIZ5QCJ4H5WLQA7Q3TOSHWXFITDK6YN7E4MBRHJBZOAKT4JAAAAG37T6TGUHZVVMV2YW6TJW3JVWATNS4JKWNUIAZHRR4VYJ2UUD2MKN4YSSRV5KG4PXQPOENULVHIGHQB7UPABKLPMOABEKSPUFXAY2WHGJW7Q5V34656FIWTSTGK3GN7SRPDVIZ3MVZ5FESSAROJIT6IN3A2QV5G4MD6YR57LTAGQINUENOJNCEZY36WBJKDKHIAWU7LCS3JGRHYBCRAP4W2AYPB46OWLKQY4ZGAMDGQHAJDOKFARI6PCNBMGI
Creating a vault from an existing Kubernetes secret
Usage:
slv vault --vault <PATH_TO_VAULT> new --env-self --k8s-secret <PATH_TO_K8S_SECRET_RESOURCE_DEFINITION_YAML>
Example:
$ kubectl get secrets/pets --namespace slv -o yaml | slv vault --vault /tmp/vault.slv.yml new --env-self --k8s-secret -
Input the k8s secret object as yaml/json:
Created vault: /tmp/vault.slv.yml
In the above example, SLV was directed to read the secret object from stdin.
Put a Secret in a Vault
Add a secret into a vault
General Usage:
slv vault --vault <PATH_TO_VAULT> put [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --name | String | False | None | Name of the item (key) |
| --value | String | False | None | Value of the item |
| --plaintext | None | NA | NA | Add the value as plain text |
| --force | None | NA | NA | Overwrite the item if it already exists |
| --value | String | False | None | Value of the item |
| --file | String | False | None | Import items from a YAML/JSON file. The file needs to be flat |
| --help | None | NA | NA | Help text for slv vault put |
Adding a secret directly
Usage:
slv vault --vault <PATH_TO_VAULT> put --name <ITEM_KEY> --value <ITEM_VALUE>
Example:
$ slv vault --vault test.slv.yaml put --name my_secret --value this_is_super_sensitive
Updated secret: my_secret to vault: test.slv.yaml
$ cat test.slv.yaml
# This file is managed by SLV. DO NOT EDIT THIS FILE MANUALLY.
# Use the pattern {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.YOUR_SECRET_NAME}} as placeholder to reference data from this vault into files
apiVersion: slv.sh/v1
kind: SLV
metadata:
annotations:
slv.sh/version: v0.9.0
creationTimestamp: "2025-04-25T07:54:38Z"
name: test
spec:
slvConfig:
id: SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP
publicKey: SLV_VPK_AEAVMAAAACYH33FBSJWDB7R4QUGQMPBX2F4DZLWC5LLZIAWSA7EQPDEYEP7A6
wrappedKeys:
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAAFCQPSQVXJZ4OVL66YX7KRRYTO5ULQ3G2FKU23VXJUW3HSFRGTANQAABR2XFCCCLCW3CPQEXQ7T3NBLE7EL3IMI3D27DDRALFTYHJ4V6MK253HXHI2ZPNWV7HFI7LAPOWJI6Q6I2Q6BLI76UWYB5GDQBDE32FII4HFSUDNL6ZEJ5E75CUCXJYMOTWUTDJ4UGOTLREHVTTHMQZ3OIECEWN6Q6YQMVOPJS4DLHOAEUG4C2VVLCIMEI2Q44ALURPV7OFVTE4VI2CGSLEEWYR6SOAGKJTJM7SXTG324JYST4BPPWQSA2EET5M
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAADAOZIIZ5QCJ4H5WLQA7Q3TOSHWXFITDK6YN7E4MBRHJBZOAKT4JAAAAG37T6TGUHZVVMV2YW6TJW3JVWATNS4JKWNUIAZHRR4VYJ2UUD2MKN4YSSRV5KG4PXQPOENULVHIGHQB7UPABKLPMOABEKSPUFXAY2WHGJW7Q5V34656FIWTSTGK3GN7SRPDVIZ3MVZ5FESSAROJIT6IN3A2QV5G4MD6YR57LTAGQINUENOJNCEZY36WBJKDKHIAWU7LCS3JGRHYBCRAP4W2AYPB46OWLKQY4ZGAMDGQHAJDOKFARI6PCNBMGI
slvData:
my_secret: SLV_VSS_AFLGQC2UMIACMAIBKYAAAAFQPXWKDETMGD7DZBINAY6DPULYHSXMF2WXSQBNEB6JA6GJQI76B4AABLTNSXCAHOYE3V2QAVW5IMTWYD4Z5WSHPYDV3RGWPKFV7AIWUFLCXPBE55T7I4ILMTPLRDTKYDRH7RPPLH3WAKHHFRABZU7X6RB6D4UYJRLR2E2ECTOJPKZ42T3FZB3DWFLUAEUOS3CWTHFHTNRE4D6HTNHBYDUENWP3EMKFC5P3NQ
Notice the secret being added into the vault file.
Importing secrets from a file
Usage:
slv vault --vault <PATH_TO_VAULT> put --file <PATH_TO_FILE>
Example:
$ cat secrets.yaml
username: johndoe
password: super_secret_password
$ slv vault --vault test.slv.yaml put --file secrets.yaml
Successfully imported secrets from secrets.yaml into the vault test.slv.yaml
$ cat test.slv.yaml
# This file is managed by SLV. DO NOT EDIT THIS FILE MANUALLY.
# Use the pattern {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.YOUR_SECRET_NAME}} as placeholder to reference data from this vault into files
apiVersion: slv.sh/v1
kind: SLV
metadata:
annotations:
slv.sh/version: v0.9.0
creationTimestamp: "2025-04-25T07:54:38Z"
name: test
spec:
slvConfig:
id: SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP
publicKey: SLV_VPK_AEAVMAAAACYH33FBSJWDB7R4QUGQMPBX2F4DZLWC5LLZIAWSA7EQPDEYEP7A6
wrappedKeys:
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAAFCQPSQVXJZ4OVL66YX7KRRYTO5ULQ3G2FKU23VXJUW3HSFRGTANQAABR2XFCCCLCW3CPQEXQ7T3NBLE7EL3IMI3D27DDRALFTYHJ4V6MK253HXHI2ZPNWV7HFI7LAPOWJI6Q6I2Q6BLI76UWYB5GDQBDE32FII4HFSUDNL6ZEJ5E75CUCXJYMOTWUTDJ4UGOTLREHVTTHMQZ3OIECEWN6Q6YQMVOPJS4DLHOAEUG4C2VVLCIMEI2Q44ALURPV7OFVTE4VI2CGSLEEWYR6SOAGKJTJM7SXTG324JYST4BPPWQSA2EET5M
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAADAOZIIZ5QCJ4H5WLQA7Q3TOSHWXFITDK6YN7E4MBRHJBZOAKT4JAAAAG37T6TGUHZVVMV2YW6TJW3JVWATNS4JKWNUIAZHRR4VYJ2UUD2MKN4YSSRV5KG4PXQPOENULVHIGHQB7UPABKLPMOABEKSPUFXAY2WHGJW7Q5V34656FIWTSTGK3GN7SRPDVIZ3MVZ5FESSAROJIT6IN3A2QV5G4MD6YR57LTAGQINUENOJNCEZY36WBJKDKHIAWU7LCS3JGRHYBCRAP4W2AYPB46OWLKQY4ZGAMDGQHAJDOKFARI6PCNBMGI
slvData:
my_secret: SLV_VSS_AFLGQC2UMIACMAIBKYAAAAFQPXWKDETMGD7DZBINAY6DPULYHSXMF2WXSQBNEB6JA6GJQI76B4AABLTNSXCAHOYE3V2QAVW5IMTWYD4Z5WSHPYDV3RGWPKFV7AIWUFLCXPBE55T7I4ILMTPLRDTKYDRH7RPPLH3WAKHHFRABZU7X6RB6D4UYJRLR2E2ECTOJPKZ42T3FZB3DWFLUAEUOS3CWTHFHTNRE4D6HTNHBYDUENWP3EMKFC5P3NQ
password: SLV_VSS_AFLGQC2VDEACMAIBKYAAAAFQPXWKDETMGD7DZBINAY6DPULYHSXMF2WXSQBNEB6JA6GJQI76B4AABSJBUHNYKE7ZVGJNO7RYOU5QWZSDL6HHI5FRDLL7X4NNCXNXXGAY6DPZQXAI22MEHKVETI52QMGSXR7H4LPUVDLIAOIBJMCVLTUSJLIHUFUWYM74YGX74M5XY2RZZO4YJPC2WMKTAG5NVPLCJO3T6OISM66UGWCJNJVPKUCDR5Q
username: SLV_VSS_AFLGQC2VDEACMAIBKYAAAAFQPXWKDETMGD7DZBINAY6DPULYHSXMF2WXSQBNEB6JA6GJQI76B4AABSJBUHNYKE7ZVGJNO7RYOU5QWZSDL6HHI5FRDLL7X4NNCXNXXGAYGG5V7TC5BALTGYZAKVZDDHDMPKIL2QLOTPSNGJABTB64AP33Z6ZX5VIND67BFLP2WZKIENPAC5FB6LIRSIGGJZJLFJ2L47IP
Get a Secret from a Vault
Retrieve one or all items in a vault.
General Usage:
slv vault --vault <PATH_TO_VAULT> get [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --name | String | False | None | Name of the item (key) |
| --format | String | False | None | List secrets as one of [json, yaml, envar] |
| --with-metadata | None | NA | NA | Print metadata of items when using --format |
| --base64 | None | NA | NA | Encode the item values as base64 |
| --help | None | NA | NA | Help text for slv vault get |
Get everything from the Vault
Usage:
slv vault --vault <PATH_TO_VAULT> get
Example:
slv vault --vault test.slv.yaml get
Enter Password:
Do you want to save the password in keyring? (y/n): y
Vault ID: SLV_VPK_AEAVMAAAACYH33FBSJWDB7R4QUGQMPBX2F4DZLWC5LLZIAWSA7EQPDEYEP7A6
Vault Data:
+-----------+-------------------------+--------+----------------------+
| NAME | VALUE | TYPE | UPDATED AT |
+-----------+-------------------------+--------+----------------------+
| my_secret | this_is_super_sensitive | Secret | 25-Apr-2025 14:52:42 |
| password | super_secret_password | Secret | 25-Apr-2025 14:55:45 |
| username | johndoe | Secret | 25-Apr-2025 14:55:45 |
+-----------+-------------------------+--------+----------------------+
Accessible by:
+-----------------------------------------------------------------------+------+----------------------+
| PUBLIC KEY | TYPE | NAME |
+-----------------------------------------------------------------------+------+----------------------+
| SLV_EPK_AEAUKAAAACRIHZIK3U46HKV7PML7VIY4JXO2FYNTNCVKNN23U2LNTZCYTJQGY | Self | John Doe |
| SLV_EPK_AEAUKAAAABQHMUEM6YBE6D63FYAPYNZXJD3LSUJRVPMG7SOGAYTUQ4XAFJ6EQ | Root | root |
+-----------------------------------------------------------------------+------+----------------------+
Get a specific secret
Usage:
slv vault --vault <PATH_TO_VAULT> get --with-metadata --name <ITEM_KEY>
Example:
$ slv vault --vault test.slv.yaml get --name password
Enter Password:
Do you want to save the password in keyring? (y/n): y
super_secret_password
Get items in a specific format with metadata
Usage:
slv vault --vault <PATH_TO_VAULT> get --format [yaml/json] --with-metadata
Example:
$ slv vault --vault test.slv.yaml get --format yaml --with-metadata
my_secret:
value: this_is_super_sensitive
secret: true
updatedAt: "2025-04-25T14:52:42+05:30"
password:
value: super_secret_password
secret: true
updatedAt: "2025-04-25T14:55:45+05:30"
username:
value: johndoe
secret: true
updatedAt: "2025-04-25T14:55:45+05:30"
Remove a Secret from a Vault
Delete an item from a vault.
General Usage:
slv vault --vault <PATH_TO_VAULT> rm [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --name | String | False | None | Name of the item (key) to delete |
| --help | None | NA | NA | Help text for slv vault rm |
Usage:
slv vault --vault <PATH_TO_VAULT> rm --name <ITEM_KEY>
Example:
$ slv vault --vault test.slv.yaml rm --name my_secret
Successfully deleted the secrets: [my_secret] from the vault: test.slv.yaml
Manage Access to a Vault
Add or Remove access to the vault.
Important Condition: The environment managing access to a vault must be able to access the vault in the first place.
General Usage:
slv vault --vault <PATH_TO_VAULT> access [flags]
slv vault --vault <PATH_TO_VAULT> access [flags] [command]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --env-self | None | NA | NA | Modify vault access for the environment set to self |
| --env-k8s | None | NA | NA | Modify vault access for the environment in current kubernetes context |
| --env-pubkey | String(s) | False | None | Modify vault access for the environment with given Public Keys |
| --env-search | String(s) | False | None | Share vault with environment based on search string |
| --quantum-safe | None | NA | NA | Use Quantum Resistant Cryptography (Kyber1024) |
| --help | None | NA | NA | Help text for slv vault access |
Add Access to a Vault
Usage:
slv vault --vault <PATH_TO_VAULT> access --env-search <SEARCH_STRING> add
Example:
$ slv vault --vault test.slv.yaml access --env-search shibly add
Shared vault: test.slv.yaml
Remove Access to a Vault
Usage:
slv vault --vault <PATH_TO_VAULT> access --env-search <SEARCH_STRING> remove
Example:
$ slv vault --vault test.slv.yaml access --env-search bob@example.com remove
Shared vault: test.slv.yaml
Replace Secrets with Vault References in a file
This is particularly useful when you have files with secrets. The command would replace the actual secrets with references to SLV secrets and add the SLV secrets to an SLV vault.
General Usage:
slv vault --vault <PATH_TO_VAULT> ref [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --file | String | True | NA | The reference YAML/JSON/BLOB file (Needs to be flat) |
| --name | String | False | None | Name of the item (key) to reference. References all keys if not provided |
| --force | None | NA | NA | Overwrite the item if it already exists |
| --preview | None | NA | NA | Dry Run - Show what the referenced file would look like after referencing |
| --help | None | NA | NA | Help text for slv vault ref |
Usage:
slv vault --vault <PATH_TO_VAULT> ref --file <PATH_TO_FILE_TO_BE_REFERENCED>
Example:
$ cat secrets.yaml
username: johndoe
password: super_secret_password
$ slv vault --vault test.slv.yaml ref --file secrets.yaml
Auto referenced secrets.yaml (YAML) with vault test.slv.yaml
$ cat secrets.yaml
password: '{{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.password_1}}'
username: '{{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.username_1}}'
Dereference Secrets in a File from a Vault
This does exactly the opposite of ref command. Let's say we have a file that contains references to SLV secrets, this command would replace the references with actual secrets.
Unlike ref, the deref command does not need to be flat. Therefore, the deref command can also deal with text files and other files.
General Usage:
slv vault --vault <PATH_TO_VAULT> deref [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --file | String | True | NA | The file to be dereferenced |
| --help | None | NA | NA | Help text for slv vault deref |
Usage:
slv vault --vault <PATH_TO_VAULT> deref --file <PATH_TO_FILE_TO_BE_DEREFERENCED>
Example:
$ cat secret.txt
The username is {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.username}} and the password is {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.password}}
$ cat test.slv.yaml
# This file is managed by SLV. DO NOT EDIT THIS FILE MANUALLY.
# Use the pattern {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.YOUR_SECRET_NAME}} as placeholder to reference data from this vault into files
apiVersion: slv.sh/v1
kind: SLV
metadata:
annotations:
slv.sh/version: v0.9.0
creationTimestamp: "2025-04-25T07:54:38Z"
name: test
spec:
slvConfig:
id: SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP
publicKey: SLV_VPK_AEAVMAAAAAVO2ZKPRDMXKIM7SCGSHXATY5NEOLL5EARW75JEDM6YHVR7DY3FE
wrappedKeys:
- SLV_EWK_AFCWQC3AR4ACMAIBIUAAAAFCQPSQVXJZ4OVL66YX7KRRYTO5ULQ3G2FKU23VXJUW3HSFRGTANQAAAUYKSMCKOV5GCO277EV3HQKIRYSCTVZV3GCZ7G4CL6R2IJDF47BUOU3ZKMX6UISQUZVQT265GZECLQ35HO2L7MXBF3YBQIP5Z3A7PBUPVP5DJJXFJ63VZ3TIBHGZRSY6RDLNWHPWFIYNT7AR2MPEQ7IR6C677W7WEX3KWXHXAIOA7CYBAEWEGCUEFWE62QXHYMM37SNVD2SHDA3FG2WLCK4MX4PJLC4CTPU7YQFNFGNVCWY3ACE5X6ZWRZH6LM
- SLV_EWK_AFCWQC3AR4ACMAIBIUAAAADAOZIIZ5QCJ4H5WLQA7Q3TOSHWXFITDK6YN7E4MBRHJBZOAKT4JAAAB3Q7DPYSJB7EMSGXE3JBRZJV3DCRJEWTQHCKYSET7HFSMTBZI3KV3ZSXWNMLNZ5TKFHNXOLERVLS6VKPSXJQFNT7JYAB3TRW7R3VF7WN6H5FAXL3JPIMEWALQRDBQZXXEEO34LKI4KACHKUDVO5EIHDWJF6TJWMPMZKF7VDLARXBC2XBLFXC7VJX222AJIYVWQDHRAWC47OYZYGGYEFD7V275RCQUJTTHIF35HNLX7KKHEQ4GHIO7I6D3UWO5A
slvData:
password: SLV_VSS_AFLGQC3E24ACMAIBKYAAAABK5VSU7CGZOUQZ7EENEPOBHR22I4WX2IBDN72SIGZ5QPLD6HRWKIAAAMCOW5PUO3JZQ32JL33RDFIQXDLARGQSMNJL5DFQ5RRVAQ2J5WCCMDBDPTPKWAF5TNBU2MJITUFPVC2JTYMMMQPHRKYBRLQ5PDSNI6SSOGWNV2E2FX52KISZR4F2GZU7DCCXS5U72ZBGV7X4AKTNPIBNDAOZEI53AP7VJ2PNPPA
username: SLV_VSS_AFLGQC3E24ACMAIBKYAAAABK5VSU7CGZOUQZ7EENEPOBHR22I4WX2IBDN72SIGZ5QPLD6HRWKIAAAMCOW5PUO3JZQ32JL33RDFIQXDLARGQSMNJL5DFQ5RRVAQ2J5WCCMTSSTN62Q43IDQ66ZTPQVQHA4Q5A7A4QZ6RKD4QBQWLZ27RQZ7T2GGHB2F5FFBEMW6PY4YO5Z7VAZAQUFJFOQO2WOC4S6CA6
$ slv vault --vault test.slv.yaml deref --file secret.txt
Dereferenced secret.txt with the vault test.slv.yaml
Run a Command with vault items loaded as ENV Vars
Launch a shell or run a command with the secrets loaded as Environment Variables in it.
General Usage:
slv vault --vault <PATH_TO_VAULT> run [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --command | String | False | $SHELL | The command to be run |
| --prefix | String | False | None | Prefix to add to the ENVAR |
| --help | None | NA | NA | Help text for slv vault run |
Usage:
slv vault --vault <PATH_TO_VAULT> run -c <COMMAND_TO_RUN>
Example:
$ slv vault --vault test.slv.yaml run -c bash --prefix SLV_ENV_VAR_
Running command [bash] with secrets loaded into environment variables from the vault test.slv.yaml...
Please note that the secret names are prefixed with SLV_ENV_VAR_
$ env | grep SLV_ENV_VAR
SLV_ENV_VAR_username=johndoe
SLV_ENV_VAR_password=super_secret_password
$ exit
exit
Command [bash] ended successfully
Update attributes of an Existing Vault
Update the metadata of a vault
General Usage:
slv vault --vault <PATH_TO_VAULT> update [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --name | String | False | None | The name to update the vault name with |
| --k8s-namespace | String | False | None | Namespace for the K8S Custom Resource |
| --help | None | NA | NA | Help text for slv vault update |
When none of the flags above are given, the command would update the vault structure into a K8S compatible resource YAML.
Usage
slv vault --vault test.slv.yaml update --name <NEW_VAULT_NAME> --k8s-namespace <NAMESPACE>
Example:
$ slv vault --vault test.slv.yaml update --name new_vault --k8s-namespace slv
Vault test.slv.yaml transformed to K8s resource new_vault