vault-client

Hashicorp Vault client for OpenClaw agents. Read and write secrets from a Vault server without raw curl commands or hardcoded tokens. Use when reading API keys, DB credentials, or any secret stored in Hashicorp Vault; checking token expiry; rotating secrets; or configuring Vault access for the first time. NOT for the zuiho-kai local Vault skill (that is a different, local-only tool).

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vault-client" with this command: npx skills add jbushman/vault-client

vault-client

Gives OpenClaw agents clean, cached access to Hashicorp Vault. No curl, no hardcoded tokens in transcripts.

Setup

Run once after installing:

node ~/.openclaw/workspace/skills/vault-client/scripts/vault.js setup

Prompts for address, token, and mount. Saves to ~/.openclaw/vault.json and appends a startup block to AGENTS.md.

Startup (every session)

node ~/.openclaw/workspace/skills/vault-client/scripts/vault.js check
  • Exit 0 = connected, token valid
  • Exit 1 = connected but token expires soon — warn user, run token-renew
  • Exit 2 = unreachable or invalid token — warn user, check config

Core commands

# Read all keys at a path
node vault.js get shopwalk/r2

# Read a single key (returns just the value — pipe-friendly)
node vault.js get shopwalk/database uri

# Write / update a secret (merges with existing keys)
node vault.js put shopwalk/r2 secret_access_key=newvalue

# List paths
node vault.js list shopwalk/

# Token management
node vault.js token-info
node vault.js token-renew

Config reference (~/.openclaw/vault.json)

{
  "address": "https://vault.example.com:8200",
  "mount": "secret",
  "auth": { "method": "token", "token": "hvs.xxx" },
  "cache_ttl_seconds": 300,
  "tls": { "verify": true }
}

Set tls.verify: false for internal Vault with self-signed certs.

Secrets are cached in ~/.openclaw/vault-cache.json for cache_ttl_seconds (default 5 min) to avoid repeated API calls.

Auth methods

Token auth is the default. For AppRole and Kubernetes auth, see references/auth-methods.md.

No dependencies

Uses Node.js stdlib only (https, fs, readline). No npm install required.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

Ai Freelancing Guide

Provides a complete guide to AI freelancing including niche analysis, pricing, client acquisition, proposal templates, and delivery workflows.

Registry SourceRecently Updated
035
yang1002378395-cmyk
Coding

Ai Code Assistant

提供多语言AI智能代码处理与批量自动化,显著提升开发效率,适合企业、团队及自由职业者。

Registry SourceRecently Updated
051
yang1002378395-cmyk
Coding

Life Control

Orchestrate the Life Control CLI skill for OpenClaw agent fleets: initialize the Life Control database, register agent personas, wire Telegram bots, and run daily routines (Morning Alignment, Body Protocol, Financial Pulse, Social Radar, Work Priming, Shutdown). Use when a user asks to create or run a Life Control system, OpenClaw skill integration, or agent persona automation for personal life tracking.

Registry SourceRecently Updated
0812
RachitSharma123