- The Terraform Vault provider can read from, write to, and configure Vault from HashiCorp Terraform
- consul-template is a template renderer, notifier, and supervisor for HashiCorp Consul and Vault data
- envconsul allows you to read and set environmental variables for processes from Consul and Vault data
- The vault-ssh-helper can be used to enable one-time passwords for SSH authentication via Vault
The following list of tools is maintained by the community of Vault users; HashiCorp has not tested or approved them and makes no claims as to their suitability or security.
- HashiCorp Vault Jenkins plugin - a Jenkins plugin for injecting Vault secrets into the build environment
- Spring Vault - a Java Spring project for working with Vault secrets
- vault-exec - a shell wrapper to execute arbitrary scripts using temporary AWS credentials managed by Vault
- pouch - A set of tools to manage provisioning of secrets on hosts based on the AppRole authentication method of Vault
- vault-aws-creds - Python helper to export Vault-provided temporary AWS creds into the environment
- goldfish - A Vault UI panel written with VueJS and Vault native Go API.
- vaultenv - A tool that fetches secrets in parallel, puts them into the environment and then
execs the process that needs them
- vault-migrator - A tool to migrate data between different Vault storage mechanisms
- Cryptr - a desktop Vault UI for Mac, Windows and Linux
- sequelize-vault - A Sequelize plugin for easily integrating Vault secrets.
- ansible-modules-hashivault - An Ansible module for configuring most things in Vault including secrets, backends and policies.
- Docker credential helper - A program that automatically reads Docker credentials from your Vault server and passes them to the Docker daemon to authenticate to your Docker registry when pulling an image
- Cruise Daytona - An alternative implementation of the Vault client CLI for services and containers. Its core features are the abilty to automate authentication, fetching of secrets, and automated token renewal. Support for AWS, GCP, & Kubernetes Vault Auth Backends.
- Vault-CRD - Synchronize secrets stored in HashiCorp Vault to Kubernetes Secrets for better GitOps without secrets stored in git manifest files.
- nc-vault-env - JS CLI tool that fetches secrets in parallel, puts them into the environment and then
execs the process that needs them. Supports auth token renewal, multiple auth backends, verbose logging and dummy mode.
- vsh - Interactive shell with tab-completion. Allows recursive operations on paths. Allows migration of secrets between both KV versions.
- HashiBox - Vagrant environment to simulate highly-available cloud with Consul, Nomad, Vault, and optional support for Waypoint. OSS & Enterprise supported.
Want to add your own project, or one that you use? Additions are welcome via pull requests.