Vault-Cli
The Cli can be used to communicate with the Vault Server.
It stores private keys and management information in the ./.cryptvault folder.
It is possible to manage multiple vaults with one Cryptvault directory.
The Vault-Cli is divided into three main areas.
- Working with local resources
- Creating a new vault
- Working in the protected area
Local
This area is particularly useful for people/groups who are not Vault Admins and want to use the Cli to manage their sub-areas.
Init
You can create vaults locally that you do not own by knowing the vaultid:
# init a local folder structure for vault by known vaultidvault-cli local init --vaultName "OrgName" --id "vaultid"create identity
New identities are created that only reside on the file system:
# create a local keypair identity will be saved at local folder structurevault-cli local create identity --name "TeamKeyPair"This makes it possible to generate key pairs and then send the public key to the Vault owner.
The public key can be found at ./.cryptvault/{vault_name}/identity/{identity_name}/key.pub
create vault
Utilize this command to establish a new vault with a token, a one-time requirement.
It generates local operator identity key pairs for vault creation on the server.
protected area
CLI commands for Vault usage require identity signature verification for validation.
This can be used for secrets and identities to:
- added
- queried
- updated
- deleted
example to add an identity:
vault-cli protected --creds .cryptvault/$VAULT_CLI_VAULTNAME/operator/key add identity --name A_Team --r '(rwd)IDENTITY.>' --r '(rwd)VALUES.a_team.>' --r '(rwd)VALUES.search_team.a_team.>'