Easily start, unseal, login, seal, and stop the Hashicorp Vault server.
It is intended that the implementation of Hashicorp Vault server be restricted to only a home non-routed network and only ran on a "on-demand" bases.
Supports all CRUD operations for interacting with the kv Secrets Engine (v1).
his implementation supports both a model of a single path with one key/value pair or a single path with multiple key/value pairs.
For remote access to the Vault server, the script can be copied to other computers on the non-routed network along with the config.hcl.
THE SETUP SHOULD BE LIMITED TO A NON-ROUTED NETWORK.
This script can be executed on any device supporting PowerShell Core.
Currently only tested on Linux OS.
PS> Get-Help VaultApi
PS> Get-Help VaultApi -full
PS> Get-Help VaultApi -Examples
-Examples option shows the full set commands
SYNTAX
VaultApi [-action] 'String' [-kvpath] 'String' [-kvalue] 'String' [-kvkey] 'String' [-info] 'switch' [-Raw] 'switch'
Version Date Whom Notes
======= ==== ======== =====================================================
0.6.1 03/09/2024 cadayton On 'Vault Stop' command history is cleared.
0.6.0 03/04/2024 cadayton Default is to read vault keys from VaultApi.json in the .ssh directory.
0.5.9 02/28/2024 cadayton SetValue action creates randomized 20 char value
Kv1Create and Kv1Update supports key word 'setvalue' for a keyvalue
0.5.8 02/27/2024 cadayton Kv1Read output defaults to the clipboard rather than the console
Raw switch overrides this default.
0.5.7 02/27/2024 cadayton Experimental ShowHash action to detect code changes
0.5.6 02/26/2024 cadayton Added FindPaths for searching for paths matching a pattern
0.5.5 02/25/2024 cadayton Added support for mulitple key/value pairs per path
0.5.4 02/24/2024 cadayton Added KeyPaths functionality
0.5.3 02/23/2024 cadayton Added snapshot backup of the Vault data.
0.5.2 02/21/2024 cadayton Update allow reading of specific keyname
Added logic to prevent overwrite of path with multiple key/value entries.
0.5.1 02/20/2024 cadayton Updates to make the script OS neutral
0.5.0 01/25/2024 cadayton initial release.
The input file, $HOME/config.hcl Hashicorp Vault configuration file
ui = true
disable_mlock = true
storage "raft" {
path = "./vault/data"
node_id = "my computer name"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "true"
}
api_addr = "http://192.168.5.209:8200"
cluster_addr = "https://192.168.5.209:8201"
Linux based computer on a non-routed home network.
HashicorpVault server installed with config.hcl located in the home directory
Install Gpaste for clipboard functionality
sudo apt install xclip xsel
sudo apt install gpaste
See the following links for a guide on how to setup a Bitcoin wallet and use it with Cold Storage
Bitcoin and key/value using Hashicorp Vault
Valid values for the action parameter
"Start" # Start the Hashicorp Vault server
"Stop" # Stop the Hashicorp Vault server
"Check" # Check Vault running process info
"Status" # Hashicorp Vault status info
"login" # username or token login
"Seal" # Seal the Hashicorp Vault server
"Unseal" # UnSeal the Hashicorp Vault server
"WebUI" # Launch the Web UI
"Kv1List" # List existing Key paths
"Kv1Read" # return VALUE of a key/value pair
"Kv1Create" # create a key/value pair
"Kv1Delete" # delete a key/value pair
"Kv1Update" # update existing key/value pair with new value
"Backup" # Snapshot file backup of the Vault data
"KeyPaths" # List all entries in a path
"FindPaths" # Search for specific path(s) matching a pattern
"SetValue" # Creates a randomized 20 char value and copies it to the clipboard
See the Get-Help above for a full set of examples
In this set of command you'll not see prompts for a password
or prompts for keys to unseal the Vault because the values are
retreived from the VaultApi.json file or the Keybase KV store.
VaultApi Start
Do you want to START Hashicorp Vault? [Yes or No]: Yes
Vault Unseal
Unseal the Vault [Yes or No]: Yes
Vault login
Choose a login method [token or userpass] userpass
Enter username: bitcoin
Enter password: ********
VAULT_TOKEN set to bitcoin
VaultApi Kv1Create /kv1/API/Test10 testvalue
Creates a new path with the key/value pair of "Test10/testvalue"
**Note**: Test10 is both last item name in the path
and the key name associated with 'testvalue'
VaultApi Kv1List /kv1/API
Test10
Tester1
VaultApi Kv1Read kv1/API/Test10
testvalue
VaultApi Kv1Update kv1/API/Test10 newvalue
newvalue
VaultApi Kv1Delete kv1/API/Test10
VaultApi Seal
Seal the Vault [Yes or No]: Yes
Vault has been sealed
VaultApi Stop
Do you want to STOP Hashicorp Vault? [Yes or No]: Yes
Stopping Hashicorp Vault...117030
I've put close to a month's worth of development time into both to these scripts and I'm not willing to give away that time.
You'll need to donate 30,000 sats ($21) or $42.00 in USD to get a copy of these scripts
Download Directly using the following paywall link
I recommend using the paywall link because any future updates are free and immediately available to you.
Download indirectly using sats or USD
Donate 30,000 sats with GetAlby
After your donatation, Contact me (cadayton) using any of the following methods to coordinate getting these scripts.