Question 1

How to generate an SSH key with Safe?

Accepted Answer

Use 'safe ssh 2048 secret/path' to generate a 2048-bit SSH keypair stored directly in Vault at the specified path, with private and public keys added securely without local files.

Question 2

Safe vs standard Vault CLI: which is better for password management?

Accepted Answer

Safe excels with features like auto-generated passwords, interactive entry, and formatting (e.g., crypt-sha512), while the standard Vault CLI is more minimal. Choose Safe for enhanced security and convenience in workflows.

Question 3

How to migrate secrets between Vault instances using Safe?

Accepted Answer

Pipe 'safe export' from one target to 'safe import' on another, e.g., 'safe -T old-vault export secret/subtree | safe -T new-vault import'. Ensure exports are handled securely to avoid leaks.

Question 4

Can Safe handle SSL certificate renewal automatically?

Accepted Answer

Safe supports manual renewal via 'safe x509 crl --renew path', but it doesn't automate renewals; you'll need to script it or use Vault's native features for full automation.

Question 5

What authentication methods does Safe support?

Accepted Answer

Safe supports token, LDAP, GitHub, and Okta backends, as per the README. It doesn't yet support other methods like AWS or Azure, which might limit integration in some environments.

Question 6

How to use Safe in a CI/CD pipeline?

Accepted Answer

Leverage targets and auth tokens with environment variables, chaining commands for batch operations. However, ensure secure token handling and avoid exposing credentials in logs.

Safe

What is Safe?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions