hashicorp-vault

Work with HashiCorp Vault using the `vault` CLI for authentication checks, KV secret reads and writes, listing paths, enabling and tuning secrets engines, policy inspection, token lookup, and operational troubleshooting. Use when tasks mention HashiCorp Vault, Vault KV, secret paths like `secret/` or `kv/`, `VAULT_ADDR`, `VAULT_TOKEN`, AppRole, policies, mounts, or the `vault` command.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "hashicorp-vault" with this command: npx skills add jimpang8/hashicorp-vault

HashiCorp Vault CLI

Use the vault CLI for Vault work. Prefer read-only inspection first, then confirm before writing secrets, changing auth methods, enabling engines, or editing policies.

Quick checks

vault version
vault status
vault auth list
vault secrets list
vault token lookup

If VAULT_ADDR is missing, set it first:

export VAULT_ADDR='https://vault.example.com'

For a local lab Vault, an example endpoint is:

export VAULT_ADDR='http://192.168.1.101:8200'
vault status
curl -s "$VAULT_ADDR/v1/sys/health"

Notes:

  • Replace the example address with your actual Vault endpoint.
  • Some local test deployments use plain HTTP instead of HTTPS.
  • Prefer reading tokens from a local file or environment variable instead of echoing them in chat.

Verify auth before assuming a path is missing:

vault token lookup
vault kv get secret/my-app

Read secrets

For KV v2 paths, use vault kv commands instead of raw API-style paths.

vault kv get secret/my-app
vault kv get -field=password secret/my-app
vault kv list secret/

If output is unclear, use JSON:

vault kv get -format=json secret/my-app
vault secrets list -format=json

Helper scripts

This skill includes simple wrappers that auto-load local settings:

{baseDir}/scripts/vault-list.sh secret/openclaw
{baseDir}/scripts/vault-get.sh secret/openclaw/openclaw-test
{baseDir}/scripts/vault-put.sh secret/openclaw/demo status=ok source=openclaw

Behavior:

  • Defaults VAULT_ADDR to http://192.168.1.101:8200
  • Loads VAULT_TOKEN from ~/.vault-token if not already exported
  • Uses vault kv commands for the common KV v2 workflow

Write secrets

Confirm before overwriting or deleting anything.

vault kv put secret/my-app username=app password='s3cr3t'
vault kv patch secret/my-app password='rotated'

Prefer patch when updating a subset of keys on KV v2.

Policies and mounts

Inspect first:

vault policy list
vault policy read my-policy
vault secrets list -detailed

Change only with explicit user intent:

vault policy write my-policy ./policy.hcl
vault secrets enable -path=secret kv-v2
vault secrets tune -max-versions=10 secret/

Authentication helpers

Common login flows:

vault login
vault login -method=userpass username=<user>
vault write auth/approle/login role_id=<role_id> secret_id=<secret_id>

When troubleshooting auth, inspect enabled auth backends and token details first:

vault auth list -detailed
vault token lookup

Troubleshooting workflow

  1. Check vault status and VAULT_ADDR.
  2. Check auth with vault token lookup or the intended login flow.
  3. Confirm mount names with vault secrets list.
  4. For KV access, verify whether the engine is KV v1 or KV v2 before choosing commands.
  5. Prefer -format=json when output will be parsed or compared.
  6. Read references/kv-and-troubleshooting.md for command patterns and common errors when the task is non-trivial.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

ClickUp

ClickUp API integration with managed OAuth. Access tasks, lists, folders, spaces, workspaces, users, and manage webhooks. Use this skill when users want to m...

Registry SourceRecently Updated
16.9K10byungkyu
Coding

Test Impact Analyzer

Determine which tests need to run for a given code change — trace file dependencies, map source-to-test relationships, identify untested changes, and priorit...

Registry SourceRecently Updated
490charlie-morrison
Coding

JWT Debugger

Decode, validate, and debug JSON Web Tokens. Inspect headers, payloads, signatures, expiration, claims, and key mismatches. Diagnose common JWT issues in aut...

Registry SourceRecently Updated
390charlie-morrison
Coding

Codebase Onboarder

AI-powered codebase analysis — generate architecture docs, onboarding guides, and key-flow walkthroughs for any project. Use when joining a new codebase, onb...

Registry SourceRecently Updated
570charlie-morrison