safe

safe command [options] [args]

safe is a user-friendly command-line interface for HashiCorp Vault that simplifies common secret management operations. It wraps the Vault API with intuitive commands for reading, writing, and organizing secrets without needing to understand the full Vault CLI syntax.The tool supports multiple authentication methods including LDAP, GitHub tokens, and direct token authentication. Once targeted and authenticated against a Vault server, secrets can be managed using simple commands like set, get, and rm. The tree command provides a hierarchical view of all secret paths for easy browsing.Secrets can be exported and imported for backup purposes or migration between Vault instances. The target command manages connections to multiple Vault servers, allowing quick switching between environments.

set (alias: write)

Write or update a secret at a path.

Read and display a secret.

Delete one or more secret paths.

Print a tree listing of all reachable keys.

Print a flat listing of all reachable keys.

Set or list Vault targets.

Authenticate against the currently targeted Vault.

Export secrets to a backup file.

Import secrets from a backup file.

Copy a secret from one path to another.

Move a secret from one path to another.

Generate a random secret.

Generate a new SSH RSA keypair.

Generate a new RSA keypair.

Requires Vault access. Authentication needed. Permissions vary.

safe was created by Stark & Wayne as a user-friendly CLI for HashiCorp Vault, simplifying secret management operations.

vault(1), pass(1), aws(1)