← Back to Skills Marketplace
jimpang8

HashiCorp Vault

by jimpang8 · GitHub ↗ · v0.2.1 · MIT-0
cross-platform ✓ Security Clean
288
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install hashicorp-vault
Description
Work with HashiCorp Vault using the `vault` CLI for authentication checks, KV secret reads and writes, listing paths, enabling and tuning secrets engines, po...
README (SKILL.md)

HashiCorp Vault CLI

Use the vault CLI for Vault work. Prefer read-only inspection first, then confirm before writing secrets, changing auth methods, enabling engines, or editing policies.

Quick checks

vault version
vault status
vault auth list
vault secrets list
vault token lookup

If VAULT_ADDR is missing, set it first:

export VAULT_ADDR='https://vault.example.com'

For a local lab Vault, an example endpoint is:

export VAULT_ADDR='http://192.168.1.101:8200'
vault status
curl -s "$VAULT_ADDR/v1/sys/health"

Notes:

  • Replace the example address with your actual Vault endpoint.
  • Some local test deployments use plain HTTP instead of HTTPS.
  • Prefer reading tokens from a local file or environment variable instead of echoing them in chat.

Verify auth before assuming a path is missing:

vault token lookup
vault kv get secret/my-app

Read secrets

For KV v2 paths, use vault kv commands instead of raw API-style paths.

vault kv get secret/my-app
vault kv get -field=password secret/my-app
vault kv list secret/

If output is unclear, use JSON:

vault kv get -format=json secret/my-app
vault secrets list -format=json

Helper scripts

This skill includes simple wrappers that auto-load local settings:

{baseDir}/scripts/vault-list.sh secret/openclaw
{baseDir}/scripts/vault-get.sh secret/openclaw/openclaw-test
{baseDir}/scripts/vault-put.sh secret/openclaw/demo status=ok source=openclaw

Behavior:

  • Defaults VAULT_ADDR to http://192.168.1.101:8200
  • Loads VAULT_TOKEN from ~/.vault-token if not already exported
  • Uses vault kv commands for the common KV v2 workflow

Write secrets

Confirm before overwriting or deleting anything.

vault kv put secret/my-app username=app password='s3cr3t'
vault kv patch secret/my-app password='rotated'

Prefer patch when updating a subset of keys on KV v2.

Policies and mounts

Inspect first:

vault policy list
vault policy read my-policy
vault secrets list -detailed

Change only with explicit user intent:

vault policy write my-policy ./policy.hcl
vault secrets enable -path=secret kv-v2
vault secrets tune -max-versions=10 secret/

Authentication helpers

Common login flows:

vault login
vault login -method=userpass username=\x3Cuser>
vault write auth/approle/login role_id=\x3Crole_id> secret_id=\x3Csecret_id>

When troubleshooting auth, inspect enabled auth backends and token details first:

vault auth list -detailed
vault token lookup

Troubleshooting workflow

  1. Check vault status and VAULT_ADDR.
  2. Check auth with vault token lookup or the intended login flow.
  3. Confirm mount names with vault secrets list.
  4. For KV access, verify whether the engine is KV v1 or KV v2 before choosing commands.
  5. Prefer -format=json when output will be parsed or compared.
  6. Read references/kv-and-troubleshooting.md for command patterns and common errors when the task is non-trivial.
Usage Guidance
This skill appears to be a straightforward Vault CLI helper. Before installing: (1) verify you'll install the vault CLI from a trusted source (brew/apt or HashiCorp releases); (2) be aware the scripts will read VAULT_ADDR/VAULT_TOKEN and will try to load a token from ~/.vault-token if VAULT_TOKEN is not set — ensure that file is stored securely; (3) the tool runs the local 'vault' binary (it will execute read and write commands) so avoid asking it to perform writes or policy changes unless you explicitly intend them; (4) review the included scripts (they are short and readable) if you want to confirm there is no unexpected network or exfiltration behavior. The skill is coherent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: hashicorp-vault Version: 0.2.1 The skill provides a set of wrappers and instructions for managing HashiCorp Vault via the CLI. It includes scripts (vault-get.sh, vault-list.sh, vault-put.sh) for common KV operations and environment setup. The instructions in SKILL.md emphasize safety, such as performing read-only discovery first, redacting tokens from output, and confirming with the user before performing write operations. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the default IP 192.168.1.101 is explicitly labeled as a local lab example.
Capability Assessment
Purpose & Capability
Name/description match the implementation. The skill requires the 'vault' CLI and provides simple wrapper scripts and documentation for common Vault operations. No unrelated binaries, services, or credentials are requested.
Instruction Scope
SKILL.md and the scripts instruct the agent to use VAULT_ADDR and VAULT_TOKEN and to read a local token file (~/.vault-token) if VAULT_TOKEN is not set. This behavior is coherent for a Vault CLI helper, but the metadata did not list VAULT_ADDR/VAULT_TOKEN as required env vars — users should be aware the skill will read those at runtime and will exit if a token is not found.
Install Mechanism
Install options are brew, apt, or manual download from releases.hashicorp.com — all expected for distributing the official Vault CLI. No downloads from suspicious hosts or extracted arbitrary archives are present.
Credentials
The skill does not declare required env vars in registry metadata but legitimately reads VAULT_ADDR and VAULT_TOKEN and will load a token from ~/.vault-token. The requested environment access is minimal and proportionate, but users should ensure their token file is protected and understand the skill will export VAULT_TOKEN into its environment when running scripts.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated platform privileges and does not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install hashicorp-vault
  3. After installation, invoke the skill by name or use /hashicorp-vault
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.1
Generalize examples, remove local hostnames/IPs, and use neutral Vault endpoint defaults
v0.2.0
Add local Vault helper scripts, token file support, and improved docs for KV v2 workflows
v1.0.0
Initial release: HashiCorp Vault skill with CLI workflow, install metadata for macOS/Linux, and KV troubleshooting reference.
Metadata
Slug hashicorp-vault
Version 0.2.1
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is HashiCorp Vault?

Work with HashiCorp Vault using the `vault` CLI for authentication checks, KV secret reads and writes, listing paths, enabling and tuning secrets engines, po... It is an AI Agent Skill for Claude Code / OpenClaw, with 288 downloads so far.

How do I install HashiCorp Vault?

Run "/install hashicorp-vault" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is HashiCorp Vault free?

Yes, HashiCorp Vault is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does HashiCorp Vault support?

HashiCorp Vault is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created HashiCorp Vault?

It is built and maintained by jimpang8 (@jimpang8); the current version is v0.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments