← 返回 Skills 市场
jimpang8

HashiCorp Vault

作者 jimpang8 · GitHub ↗ · v0.2.1 · MIT-0
cross-platform ✓ 安全检测通过
288
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install hashicorp-vault
功能描述
Work with HashiCorp Vault using the `vault` CLI for authentication checks, KV secret reads and writes, listing paths, enabling and tuning secrets engines, po...
使用说明 (SKILL.md)

HashiCorp Vault CLI

Use the vault CLI for Vault work. Prefer read-only inspection first, then confirm before writing secrets, changing auth methods, enabling engines, or editing policies.

Quick checks

vault version
vault status
vault auth list
vault secrets list
vault token lookup

If VAULT_ADDR is missing, set it first:

export VAULT_ADDR='https://vault.example.com'

For a local lab Vault, an example endpoint is:

export VAULT_ADDR='http://192.168.1.101:8200'
vault status
curl -s "$VAULT_ADDR/v1/sys/health"

Notes:

  • Replace the example address with your actual Vault endpoint.
  • Some local test deployments use plain HTTP instead of HTTPS.
  • Prefer reading tokens from a local file or environment variable instead of echoing them in chat.

Verify auth before assuming a path is missing:

vault token lookup
vault kv get secret/my-app

Read secrets

For KV v2 paths, use vault kv commands instead of raw API-style paths.

vault kv get secret/my-app
vault kv get -field=password secret/my-app
vault kv list secret/

If output is unclear, use JSON:

vault kv get -format=json secret/my-app
vault secrets list -format=json

Helper scripts

This skill includes simple wrappers that auto-load local settings:

{baseDir}/scripts/vault-list.sh secret/openclaw
{baseDir}/scripts/vault-get.sh secret/openclaw/openclaw-test
{baseDir}/scripts/vault-put.sh secret/openclaw/demo status=ok source=openclaw

Behavior:

  • Defaults VAULT_ADDR to http://192.168.1.101:8200
  • Loads VAULT_TOKEN from ~/.vault-token if not already exported
  • Uses vault kv commands for the common KV v2 workflow

Write secrets

Confirm before overwriting or deleting anything.

vault kv put secret/my-app username=app password='s3cr3t'
vault kv patch secret/my-app password='rotated'

Prefer patch when updating a subset of keys on KV v2.

Policies and mounts

Inspect first:

vault policy list
vault policy read my-policy
vault secrets list -detailed

Change only with explicit user intent:

vault policy write my-policy ./policy.hcl
vault secrets enable -path=secret kv-v2
vault secrets tune -max-versions=10 secret/

Authentication helpers

Common login flows:

vault login
vault login -method=userpass username=\x3Cuser>
vault write auth/approle/login role_id=\x3Crole_id> secret_id=\x3Csecret_id>

When troubleshooting auth, inspect enabled auth backends and token details first:

vault auth list -detailed
vault token lookup

Troubleshooting workflow

  1. Check vault status and VAULT_ADDR.
  2. Check auth with vault token lookup or the intended login flow.
  3. Confirm mount names with vault secrets list.
  4. For KV access, verify whether the engine is KV v1 or KV v2 before choosing commands.
  5. Prefer -format=json when output will be parsed or compared.
  6. Read references/kv-and-troubleshooting.md for command patterns and common errors when the task is non-trivial.
安全使用建议
This skill appears to be a straightforward Vault CLI helper. Before installing: (1) verify you'll install the vault CLI from a trusted source (brew/apt or HashiCorp releases); (2) be aware the scripts will read VAULT_ADDR/VAULT_TOKEN and will try to load a token from ~/.vault-token if VAULT_TOKEN is not set — ensure that file is stored securely; (3) the tool runs the local 'vault' binary (it will execute read and write commands) so avoid asking it to perform writes or policy changes unless you explicitly intend them; (4) review the included scripts (they are short and readable) if you want to confirm there is no unexpected network or exfiltration behavior. The skill is coherent with its stated purpose.
功能分析
Type: OpenClaw Skill Name: hashicorp-vault Version: 0.2.1 The skill provides a set of wrappers and instructions for managing HashiCorp Vault via the CLI. It includes scripts (vault-get.sh, vault-list.sh, vault-put.sh) for common KV operations and environment setup. The instructions in SKILL.md emphasize safety, such as performing read-only discovery first, redacting tokens from output, and confirming with the user before performing write operations. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the default IP 192.168.1.101 is explicitly labeled as a local lab example.
能力评估
Purpose & Capability
Name/description match the implementation. The skill requires the 'vault' CLI and provides simple wrapper scripts and documentation for common Vault operations. No unrelated binaries, services, or credentials are requested.
Instruction Scope
SKILL.md and the scripts instruct the agent to use VAULT_ADDR and VAULT_TOKEN and to read a local token file (~/.vault-token) if VAULT_TOKEN is not set. This behavior is coherent for a Vault CLI helper, but the metadata did not list VAULT_ADDR/VAULT_TOKEN as required env vars — users should be aware the skill will read those at runtime and will exit if a token is not found.
Install Mechanism
Install options are brew, apt, or manual download from releases.hashicorp.com — all expected for distributing the official Vault CLI. No downloads from suspicious hosts or extracted arbitrary archives are present.
Credentials
The skill does not declare required env vars in registry metadata but legitimately reads VAULT_ADDR and VAULT_TOKEN and will load a token from ~/.vault-token. The requested environment access is minimal and proportionate, but users should ensure their token file is protected and understand the skill will export VAULT_TOKEN into its environment when running scripts.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated platform privileges and does not modify other skills or system-wide agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install hashicorp-vault
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /hashicorp-vault 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.1
Generalize examples, remove local hostnames/IPs, and use neutral Vault endpoint defaults
v0.2.0
Add local Vault helper scripts, token file support, and improved docs for KV v2 workflows
v1.0.0
Initial release: HashiCorp Vault skill with CLI workflow, install metadata for macOS/Linux, and KV troubleshooting reference.
元数据
Slug hashicorp-vault
版本 0.2.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

HashiCorp Vault 是什么?

Work with HashiCorp Vault using the `vault` CLI for authentication checks, KV secret reads and writes, listing paths, enabling and tuning secrets engines, po... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 288 次。

如何安装 HashiCorp Vault?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hashicorp-vault」即可一键安装,无需额外配置。

HashiCorp Vault 是免费的吗?

是的,HashiCorp Vault 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

HashiCorp Vault 支持哪些平台?

HashiCorp Vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 HashiCorp Vault?

由 jimpang8(@jimpang8)开发并维护,当前版本 v0.2.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论