PHPackages surgiie/vault-cli - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. surgiie/vault-cli AbandonedArchivedProject surgiie/vault-cli ================= A PHP command-line interface for storing encrypted `AES-256` or `AES-128` json data using an encryption key derived from a master password. v0.1.0(1y ago)085MITPHPPHP ^8.1 Since Feb 29Pushed 1y ago1 watchersCompare [ Source](https://github.com/surgiie/vault-cli)[ Packagist](https://packagist.org/packages/surgiie/vault-cli)[ RSS](/packages/surgiie-vault-cli/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (9)Versions (4)Used By (0) vault-cli ========= [](#vault-cli) A PHP command-line interface for storing encrypted `AES-256` or `AES-128` json data using an encryption key derived from a master password. [![Tests](https://github.com/surgiie/vault-cli/actions/workflows/tests.yml/badge.svg)](https://github.com/surgiie/vault-cli/actions/workflows/tests.yml/badge.svg) Install ------- [](#install) To install, run the following command: ``` composer global require surgiie/vault-cli ``` ### Supported Storage Drivers [](#supported-storage-drivers) - Local Filesystem ### Supported Ciphers [](#supported-ciphers) - aes-128-cbc - aes-256-cbc - aes-128-gcm - aes-256-gcm ### Supported PBKDF Hashing Algorithms [](#supported-pbkdf-hashing-algorithms) - sha256 - sha512 **Learn more** - [hash\_pbkdf2](https://www.php.net/manual/en/function.hash-pbkdf2.php) Getting Started --------------- [](#getting-started) To get started with a new vault, run the following command: ``` vault new ``` Configuration ------------- [](#configuration) Once you have a vault to work with, you can start using the cli. The cli reads a configuration from the `~/.vault/config.yaml` file. This file will contain your vault's config and various other options for the cli to work with. For example, in order for the cli to know how to encrypt/decrypt your vault items, you will need to set the encryption options and register your vaults in the config file: ``` vaults: your-vault-name: algorithm: sha256 cipher: aes-128-cbc driver: local iterations: 600000 ``` **Note** - The `~/.vault/config.yaml` file will be created for you when you run the `vault new` command and register your vault automatically. Selecting a Vault ----------------- [](#selecting-a-vault) To select the vault the cli should interact with, use the `vault use` command: ``` vault use ``` Alternatively, you can manually update the `use-vault` option in the `~/.vault/config.yaml` file: ``` use-vault: vaults: your-vault-name: # ... your vault options ``` Storing Items ------------- [](#storing-items) To store an item in your vault, run the `item:new` command: `vault item:new github_login --content="somepassword" --password=""` This will store encrypted JSON data in the vault. When decrypted, the JSON structure for this example would be: ``` { "name": "github_login", "content": "some_password", } ``` ### Loading Content From a File: [](#loading-content-from-a-file) If you prefer to load the content for your vault item from a file, use the `--content-file` flag instead of `--content` to load the item content from a file: `vault item:new some_name --content-file="/path/to/some/file" --password=""` ### Set New Item Content In Terminal Editor: [](#set-new-item-content-in-terminal-editor) If you do not pass the `--content` or `--content-file` flag, you will be prompted to set the content by opening a temporary file a terminal editor (`terminal-editor` in your ~/.vault/config.yaml file) as you run the command. Once you close the terminal editor, the command will create the vault item. ### Storing Extra Data [](#storing-extra-data) If you want to store extra data along with the vault item, you can pass any arbitrary key/value options to the command: ``` vault item:new SOME_NAME --content="some secret content" \ --password="" \ --something-else="example" --extra-data="foo" ``` **Note**: There are options reserved for the command itself and cannot be used for extra data, you can see those listed with the `--help` menu. This will store a json file with your content encrypted, but when decrypted the structure for this example would be: ``` { "name": "SOME_NAME", "content": "some secret content", "something-else": "example", "extra-data": "foo" } ``` ### Load Content For JSON Keys From Files: [](#load-content-for-json-keys-from-files) If you want to load the value for a specific key in the JSON data, use the `--key-data-file` option in the format `:`. For example, to load the content for the `extra-data` key, the command would be: ``` vault item:new \ some_name \ --content="some secret content" \ --password="" \ --key-data-file="extra-data:/path/to/file/with/content" ``` This will store a json file with your content encrypted, but when decrypted the structure for this example would be: ``` { "name": "SOME_NAME", "content": "some secret content", "something-else": "example", "extra-data": "Whatever content was in the file" } ``` Categorizing Vault Items With Namespaces ---------------------------------------- [](#categorizing-vault-items-with-namespaces) Vault items are grouped/categorized in the `default` namespace. Namespaces are simply directories/folders or filters that vault items will go into. Namespaces are a good way to categorize and filter items based on their use cases. To specify a custom namespace for an item, use the `--namespace` flag: `vault item:get some-item --namespace=other` Use ENV Variables For Passwords ------------------------------- [](#use-env-variables-for-passwords) If you do not want to pass the `--password` option to the command, you can set the `VAULT_CLI_PASSWORD` environment variable with your encryption password. The cli will use this as the default password for all commands. When working with multiple vaults, you can set the `VAULT_CLI__PASSWORD` environment variable to set the password for a specific vault. If not set, the cli will fallback to the global `VAULT_CLI_PASSWORD` environment variable. Retrieve Items From Vault ------------------------- [](#retrieve-items-from-vault) To output the content of an item, use the `item:get` command: `vault item:get some_item_name` This will output the decrypted content out. Remove Items From Vault ----------------------- [](#remove-items-from-vault) Items maybe removed from the selected vault with the `item:remove` command: `vault item:remove --name="some_item_name"` **Note** The `--name` option maybe passed multiple times to remove several items in a single command call. ### Retrieve Full JSON [](#retrieve-full-json) By default, only the `content` field is printed to the terminal. To print the entire vault item JSON, run the command with the `--json` flag: `vault item:get some_item_name --json` Reencrypting Vault Items ------------------------ [](#reencrypting-vault-items) To reencrypt all items in the vault with a new password, use the `reencrypt` command: ``` vault reencrypt --old-password= --password= ``` ### Rencrypting With New Encryption Options [](#rencrypting-with-new-encryption-options) If you are updating encryption options, such as switching hashing algorithms or changing iterations, you can overwrite configuration options with the following command line options: ``` vault reencrypt # old options to decrypt the items first --decrypt-algorithm=sha256 \ --decrypt-iterations=100000 \ --old-password= # new options to encrypt the items with --algorithm=sha512 \ --iterations=210000 \ --cipher=aes-256-cbc \ --password= ``` **Note** - This command will automatically save your new options to the `~/.vault/config.yaml` file. ### Copy to item content clipboard [](#copy-to-item-content-clipboard) To copy a vault item's `content` json key to the clipboard, use the `--copy` flag: `vault item:get some_item_name --copy` To copy a specific key from the json, simply pass the json key to the `--json-key` option along with the `--copy` flag: `vault item:get some_name --copy --json-key=some-key` To copy the full json payload, set the `--json-key` option to `*` to specify all keys in the json payload to be copied to the clipboard. For example: `vault item:get some_item_name --copy --json-key="*"` **Note**: The default binary program used for this is `copy.exe` on windows/WSL2 and `xclip` on linux. Both of these are assumed to be installed. If you want to use a custom command to copy the vault item to clipboard set the `VAULT_CLI_COPY_COMMAND` environment variable with the `:value:` placeholder. e.g `someprogram :value:`. #### Copying to Clipboard in Docker [](#copying-to-clipboard-in-docker) Since the clipboard is not shared between your host and the docker container, you will need to capture the output from the command and the pipe this output manually to your desired program. ``` output=$(vault item:get example --password=example); echo $output | clip.exe output=$(vault item:get example --password=example); echo $output | xclip -sel clip output=$(vault item:get example --json-key="some-key" --password=example); echo $output | clip.exe output=$(vault item:get example --json-key="*" --password=example); echo $output | xclip -sel clip ``` Exporting Vault Item Content to Env Files ----------------------------------------- [](#exporting-vault-item-content-to-env-files) To export the `content` field of vault items to an env file, use the `export:env-file` command. For example: `vault export:env-file --export="some-item-name" --export="some-other-item-name"` This will export the vault item values to a `.env` file in the current directory In the above example, your `.env` file would have the following variables written: ``` SOME_ITEM_NAME="The content" SOME_OTHER_ITEM_NAME="The other content" ``` **Note** This will append to an existing `.env` file or create one if it doesn't exist, and overwrite any variables that previously exist. By default, this will add/create to .env in the current directory. To specify a custom name/path, use the `--env-file` option. ### Aliasing/Custom Env Names [](#aliasingcustom-env-names) If the names of the vault items are not the ones desired for the .env file, you can use aliases by using the `:` format when passing the `--export` options. For example: `vault export:env-file --export="some-item-name:SOME_CUSTOM_NAME" --export="some-other-item-name:SOME_OTHER_CUSTOM_NAME"` will generate the .env file with the custom env names instead of names of the vault items: ``` SOME_CUSTOM_NAME="The content" SOME_OTHER_CUSTOM_NAME="The other content" ``` ### Including Other/Non-Vault Env Variables In Export. [](#including-othernon-vault-env-variables-in-export) If you want to include some other env variables in your env file that are not your vault items in the exported `.env` file, you can use the `--include` option: `vault export:env-file --export="some-item-name" --include="SOME_ENV_VARIABLE_NAME:THE_VALUE` In this example, `SOME_ENV_VARIABLE_NAME="THE_VALUE"` will be included in your exported .env file. Run With Docker: ---------------- [](#run-with-docker) If you don't have or want to install php, you can run use the provided docker script to spin up a container which you can utilize the cli with. ### Install Docker Script: [](#install-docker-script) ``` # Assumes $PATH includes $HOME/.local/bin, add or customize as needed desired_version=0.1.0 && wget -qO $HOME/.local/bin/vault https://raw.githubusercontent.com/surgiie/vault-cli/refs/tags/v$desired_version/docker && chmod +x $HOME/.local/bin/vault ``` ``` # attach to the container and start a bash shell vault --attach # run a vault command (container and image will be created if not already present) vault item:get some-item ``` **Note** - Your `~/.vault` directory will automatically be mounted on initial run and any `VAULT_CLI_` env variables will automatically be passed to the container. ### Health Score 27 — LowBetter than 49% of packages Maintenance43 Moderate activity, may be stable Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 448d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/87e7d9a71eca01aac132fec3f1cdda21e373c87662d8998981412333acd828b6?d=identicon)[surgiie](/maintainers/surgiie) --- Top Contributors [![surgiie](https://avatars.githubusercontent.com/u/12025002?v=4)](https://github.com/surgiie "surgiie (1 commits)") ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/surgiie-vault-cli/health.svg) ``` [![Health](https://phpackages.com/badges/surgiie-vault-cli/health.svg)](https://phpackages.com/packages/surgiie-vault-cli) ``` ### Alternatives [drush/drush Drush is a command line shell and scripting interface for Drupal, a veritable Swiss Army knife designed to make life easier for those of us who spend some of our working hours hacking away at the command prompt. 2.4k57.4M685](/packages/drush-drush)[statamic/cms The Statamic CMS Core Package 4.8k3.2M720](/packages/statamic-cms)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[crazywhalecc/static-php-cli Build single static PHP binary, with PHP project together, with popular extensions included. 1.8k13.9k](/packages/crazywhalecc-static-php-cli)[statamic-rad-pack/runway Eloquently manage your database models in Statamic. 135192.6k5](/packages/statamic-rad-pack-runway)[aerni/livewire-forms A Statamic forms framework powered by Laravel Livewire 2912.8k](/packages/aerni-livewire-forms) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)