Create a New Vault
Create a new vault file.
General Usage:
slv vault --vault <PATH_TO_VAULT> new [flags]
Flags:
| Flag | Arguments | Required | Default | Description |
|---|---|---|---|---|
| --env-self | None | NA | NA | Share vault with the environment set to self |
| --env-k8s | None | NA | NA | Share vault with the environment in current kubernetes context |
| --env-pubkey | String(s) | False | None | Share vault with the environment with given Public Keys |
| --env-search | String(s) | False | None | Share vault with environment based on search string |
| --k8s-namespace | String | False | None | The kubernetes namespace to set for vault CR |
| --k8s-secret | String | False | None | Construct a vault file based on a K8S secret (Use - to read from stdin) |
| --quantum-safe | None | NA | NA | Use Quantum Resistant Cryptography (Kyber1024) |
| --name | String | False | None | Name of the vault CR - If not set, it will be set as the stripped filename |
| --hash | None | NA | NA | Enables hashing by preserving a partial hash of the actual secret for the purpose of validating secret rotation [Not recommended, though it might be difficult to brute-force] |
| --vault | String | True | NA | Path to the SLV Vault file |
| --help | None | NA | NA | Help text for slv vault new |
Creating a simple vault
Usage:
slv vault --vault <PATH_TO_VAULT> new [--env-self/--env-k8s/--env-pubkey/--env-search]
Note that you must atleast give one of the above 4 flags.
Example:
$ slv vault --vault test.slv.yaml new --env-self
Created vault: test.slv.yaml
$ cat test.slv.yaml
# This file is managed by SLV. DO NOT EDIT THIS FILE MANUALLY.
# Use the pattern {{SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP.YOUR_SECRET_NAME}} as placeholder to reference data from this vault into files
apiVersion: slv.sh/v1
kind: SLV
metadata:
annotations:
slv.sh/version: v0.16.3
creationTimestamp: "2025-04-25T07:54:38Z"
name: test
spec:
slvConfig:
id: SLV_VID_Q6EZYDJFO3LPK6XPBJ6L7FQOK4QFBMMKHRDSJI5D6PNBK4MP
publicKey: SLV_VPK_AEAVMAAAACYH33FBSJWDB7R4QUGQMPBX2F4DZLWC5LLZIAWSA7EQPDEYEP7A6
wrappedKeys:
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAAFCQPSQVXJZ4OVL66YX7KRRYTO5ULQ3G2FKU23VXJUW3HSFRGTANQAABR2XFCCCLCW3CPQEXQ7T3NBLE7EL3IMI3D27DDRALFTYHJ4V6MK253HXHI2ZPNWV7HFI7LAPOWJI6Q6I2Q6BLI76UWYB5GDQBDE32FII4HFSUDNL6ZEJ5E75CUCXJYMOTWUTDJ4UGOTLREHVTTHMQZ3OIECEWN6Q6YQMVOPJS4DLHOAEUG4C2VVLCIMEI2Q44ALURPV7OFVTE4VI2CGSLEEWYR6SOAGKJTJM7SXTG324JYST4BPPWQSA2EET5M
- SLV_EWK_AFCWQCZ7XYACMAIBIUAAAADAOZIIZ5QCJ4H5WLQA7Q3TOSHWXFITDK6YN7E4MBRHJBZOAKT4JAAAAG37T6TGUHZVVMV2YW6TJW3JVWATNS4JKWNUIAZHRR4VYJ2UUD2MKN4YSSRV5KG4PXQPOENULVHIGHQB7UPABKLPMOABEKSPUFXAY2WHGJW7Q5V34656FIWTSTGK3GN7SRPDVIZ3MVZ5FESSAROJIT6IN3A2QV5G4MD6YR57LTAGQINUENOJNCEZY36WBJKDKHIAWU7LCS3JGRHYBCRAP4W2AYPB46OWLKQY4ZGAMDGQHAJDOKFARI6PCNBMGI
Creating a vault from an existing Kubernetes secret
Usage:
slv vault --vault <PATH_TO_VAULT> new --env-self --k8s-secret <PATH_TO_K8S_SECRET_RESOURCE_DEFINITION_YAML>
Example:
$ kubectl get secrets/pets --namespace slv -o yaml | slv vault --vault /tmp/vault.slv.yaml new --env-self --k8s-secret -
Input the k8s secret object as yaml/json:
Created vault: /tmp/vault.slv.yaml
In the above example, SLV was directed to read the secret object from stdin.