Command Line Interface: s3vaultcli¶
S3Vaultlib ships also a powerful command line interface to interact with several functionalities
General Help¶
To check the latest version of the features and command available the inline help is the main reference
s3vaultcli --help
for each subcommand you can get detailed help with:
s3vaultcli <command> --help
Vault Provisioning¶
Create S3Vault Configuration¶
This command creates an example of the YAML configuration that is the starting point to provision a Vault
example:
s3vaultcli create_s3vault_config --output vault.yml
Create Cloudformation¶
This command generate the cloudformation based on the Vault YAML configuration.
example:
s3vaultcli create_cloudformation --config vault.yml --output vault.template
Vault objects management¶
Push¶
Upload a object in the Vault
example:
s3vaultcli push -b my_bucket_example -p webserver -k role_webserver -s mycert_key -d mycert_key
NOTE: please notice that S3Vaultlib does not support dots(.) in the objects to push to the vault
Get¶
Retrieve a object from the Vault
example:
s3vaultcli get -b my_bucket_example -p webserver -k role_webserver -s mycert_key -d mycert_key
example: from an EC2 instance with the role role_webserver associated
s3vaultcli get -b my_bucket_example -p webserver -s mycert_key -d mycert_key
NOTE: if there is a role associated in the instance where the s3vaultcli perform a call, S3Vaultlib will try to detect the role name and then use the alias with the same name as the role
Configuration Set¶
Create or update a configuration object in the Vault
example:
s3vaultcli configset -b my_bucket_example -p webserver -k role_webserver -c conf_nginx -K server_name -V www.example.com
S3Vaultcli can also create more complex objects and hierarchies. Like the following example:
example: create a list object with the key routed_network
inside
the configuration object conf_vpn
s3vaultcli configset -b my_bucket_example -p webserver -k role_webserver -c conf_vpn -K routed_networks -V '192.168.10.0/24, 192.168.11.0/24' -T list
S3Vaultcli can also attach a JSON or YAML object directly as subkey
example: create a sub object with the content of the YAML file
data.yml
inside the configuration object conf_vpn
s3vaultcli configset -b my_bucket_example -p webserver -k role_webserver -c conf_vpn -K routed_networks -V data.yml -T yaml
Configuration Edit¶
This command will open a configuration editor inline (and in memory only) to dynamically view/change the content of a configuration object. The editor is quite powerful, supports realtime validation of the format (JSON/YAML) and syntax highlighting.
example: edit the configuration for the conf_vpn
object as YAML
file in memory
s3vaultcli configedit -b my_bucket_example -p webserver -k role_webserver -c conf_vpn -t yaml
Template Expansion¶
Template¶
This command parse a Jinja2 template file and expands the jinja2 variables by retriving the information from the Vault
example:
s3vaultcli template -b my_bucket_example -p webserver -k role_webserver -t template.j2 -d output.txt
NOTE: for more example see the Configure NGINX with S3Vaultlib Ansible Plugin
Ansible support¶
In order to be able to use / load the plugin for ansible you should export the ansible role shipped with s3vaultlib in the role_path in ansible:
example:
s3vaultcli ansible_path