Executing a command with flags
When your command you need to execute contains its own flags and you just put the command directly in the vault2env
command like in the first of the following examples vault2env
will try to evaluate the flags and will most likely fail or even worse succeed and change its behaviour.
To be sure vault2env
does now care about those flags added to the sub-command just divide the sub-command from vault2env
using a double-dash like in the second example:
$ vault2env --key=secret/example ls -la
unknown shorthand flag: 'l' in -la
$ vault2env --key=secret/example -- ls -la
total 5940
drwx------ 37 luzifer luzifer 4096 Oct 4 12:53 .
drwxr-xr-x 4 root root 4096 Apr 29 21:19 ..
Using values in shell variables
Lets say you have an username and a password stored in Vault and for example need to use it in a curl
command as basic auth. Then you will need to add an -u "$username:$password"
to the curl CLI. Just adding it to the command does not work as the variables are already evaluated by your shell before vault2env
even can fetch them.
A workaround here is to wrap your command inside another sh
or bash
shell which gets the environment variables before evaluating them inside the command:
$ vault write secret/example username=myuser password=mypass
Success! Data written to: secret/example
$ vault2env --key=secret/example -- echo "$username:$password"
:
$ vault2env --key=secret/example -- bash -ec 'echo "$username:$password"'
myuser:mypass