safe 命令

常用示例

说明

safe is a user-friendly command-line interface for HashiCorp Vault that simplifies common secret management operations. It wraps the Vault API with intuitive commands for reading, writing, and organizing secrets without needing to understand the full Vault CLI syntax. The tool supports multiple authentication methods including LDAP, GitHub tokens, and direct token authentication. Once targeted and authenticated against a Vault server, secrets can be managed using simple commands like set, get, and rm. The tree command provides a hierarchical view of all secret paths for easy browsing. Secrets can be exported and imported for backup purposes or migration between Vault instances. The target command manages connections to multiple Vault servers, allowing quick switching between environments.

参数

set (alias: write)

Write or update a secret at a path.

get (alias: read)

Read and display a secret.

rm (alias: delete)

Delete one or more secret paths.

tree

Print a tree listing of all reachable keys.

paths

Print a flat listing of all reachable keys.

target

Set or list Vault targets.

auth

Authenticate against the currently targeted Vault.

export

Export secrets to a backup file.

import

Import secrets from a backup file.

cp (alias: copy)

Copy a secret from one path to another.

mv (alias: move)

Move a secret from one path to another.

gen

Generate a random secret.

ssh

Generate a new SSH RSA keypair.

rsa

Generate a new RSA keypair.