safe

Write secret

$ safe set [secret/path] [key]=[value]

$ safe get [secret/path]

$ safe tree

$ safe rm [secret/path]

$ safe target [vault-url] [alias]

$ safe auth [ldap|token|github]

safe command [options] [args]

safe is a user-friendly command-line interface for HashiCorp Vault that simplifies common secret management operations. It wraps the Vault API with intuitive commands for reading, writing, and organizing secrets without needing to understand the full Vault CLI syntax.
The tool supports multiple authentication methods including LDAP, GitHub tokens, and direct token authentication. Once targeted and authenticated against a Vault server, secrets can be managed using simple commands like set, get, and rm. The tree command provides a hierarchical view of all secret paths for easy browsing.
Secrets can be exported and imported for backup purposes or migration between Vault instances. The target command manages connections to multiple Vault servers, allowing quick switching between environments.

set

Write secret.

Read secret.

Delete secret.

List paths.

Set Vault target.

Authenticate.

Export secrets.

Requires Vault access. Authentication needed. Permissions vary.

safe was created as a user-friendly CLI for HashiCorp Vault, simplifying secret management operations.

vault(1), pass(1), aws(1)