Can I use HashiCorp Vault as a CLI?

Yes. KosmoKrator exposes a HashiCorp Vault CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose HashiCorp Vault through MCP?

Yes. The KosmoKrator MCP gateway can expose selected HashiCorp Vault tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are HashiCorp Vault credentials stored?

HashiCorp Vault credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for HashiCorp Vault MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

productivity

HashiCorp Vault CLI for Shell Scripts

Use the HashiCorp Vault CLI for shell scripts with headless JSON commands, schema discovery, credentials, and permission controls.

7 functions 5 read 2 write API token auth

Submit HashiCorp Vault feedback View package source

HashiCorp Vault CLI for Shell Scripts

Call integration functions from shell scripts with stable JSON input and output.

Use shell scripts for small local automations that need one or more integration calls. The HashiCorp Vault CLI uses the same integration registry as the TUI, Lua runtime, and MCP gateway, but returns predictable command output for automation.

Command Shape

# HashiCorp Vault CLI for Shell Scripts
kosmokrator integrations:configure vault --set token="$VAULT_TOKEN" --enable --read allow --write ask --json
kosmo integrations:call vault.vault_list_secrets '{"engine_path":"example_engine_path","path":"example_path"}' --json

Discovery Before Execution

Agents and scripts can inspect HashiCorp Vault docs and schemas before choosing a function.

kosmo integrations:docs vault --json
kosmo integrations:docs vault.vault_list_secrets --json
kosmo integrations:schema vault.vault_list_secrets --json
kosmo integrations:search "HashiCorp Vault" --json
kosmo integrations:list --json

Useful HashiCorp Vault CLI Functions

Function	Type	Parameters	Description
`vault.vault_list_secrets`	Read	engine_path, path	List secrets at a given path in a HashiCorp Vault KV v2 secrets engine. Returns the keys (directory entries) at the specified path.
`vault.vault_get_secret`	Read	path, engine_path, version	Get the latest version of a secret from a HashiCorp Vault KV v2 secrets engine. Optionally specify a version number to retrieve a specific version.
`vault.vault_create_secret`	Write	path, data, engine_path	Create or update a secret in a HashiCorp Vault KV v2 secrets engine. Provide the secret path and a key-value data object.
`vault.vault_delete_secret`	Write	path, engine_path	Permanently delete all versions and metadata of a secret from a HashiCorp Vault KV v2 secrets engine. This action is irreversible.
`vault.vault_list_policies`	Read	none	List all ACL policies configured in HashiCorp Vault. Returns an array of policy names.
`vault.vault_get_policy`	Read	name	Get details of a specific ACL policy in HashiCorp Vault, including its name and HCL rules.
`vault.vault_get_current_user`	Read	none	Look up the current Vault token's information, including display name, policies, TTL, and metadata.

Automation Notes

Use --json for machine-readable output.
Keep credentials out of argv by using environment variables or stored KosmoKrator configuration.
Configure read/write policy before unattended runs; use --force only for trusted automation.
Use the MCP gateway instead when the agent needs dynamic tool discovery inside a conversation.

Related HashiCorp Vault CLI Pages

CI HashiCorp Vault CLI for CI. Cron Jobs HashiCorp Vault CLI for cron jobs. Headless Automation HashiCorp Vault CLI for headless automation. Coding Agents HashiCorp Vault CLI for coding agents.