Vault

Security

Neotask automatiserar dina HashiCorp Vault-operationer genom OpenClaw — hantera hemligheter, policyer och autentisering genom konversation.

Vad du kan göra

Secret Engine Operations

Read and write secrets from KV, PKI, AWS, database, and other secret engines. Neotask constructs the correct Vault path and API call based on your description of what you need.

Dynamic Credential Generation

Request short-lived database passwords, AWS IAM keys, or GCP service account tokens from Vault's dynamic secrets engines. Credentials are scoped, time-limited, and never stored outside the secure context.

Policy Management

Write, update, and review Vault HCL policies. Describe the access pattern you want to grant or restrict and Neotask will draft the policy and apply it after your review.

Token and Auth Method Management

Create and revoke Vault tokens, manage AppRole credentials, and review token TTLs. List active leases and identify tokens approaching expiration before they cause outages.

Audit Log Review

Query Vault audit logs to trace who accessed which secret and when. Identify unusual access patterns, failed authentication attempts, and policy violations from plain conversation.

Prova att fråga

  • "Read the database credentials from secret/prod/postgres in Vault"
  • "Generate a dynamic AWS IAM key with S3 read-only access for 1 hour"
  • "Create a Vault policy that allows read access to secret/data/app/* but no writes"
  • "List all active leases in Vault and flag any expiring in the next 24 hours"
  • "Rotate the root credentials for the production MySQL database secret engine"
  • "Who accessed the secret/prod/api-keys path in the last 48 hours?"
  • "Enable the KV v2 secret engine at the path 'internal/'"
  • "Revoke the Vault token with accessor abc123xyz"

    • Professionella tips

  • Use dynamic secrets instead of static ones wherever possible — Neotask can request a fresh credential per job and let Vault revoke it automatically when the lease expires
  • Ask Neotask to generate PKI certificates from Vault for internal service-to-service TLS — no manual cert management required
  • Review Vault policies quarterly: ask for a summary of all policies and which auth methods they're attached to
  • Use Vault namespaces for multi-tenant isolation — Neotask can scope all operations to the correct namespace automatically
  • Set short default TTLs on dynamic credentials (15-30 minutes) and use Vault's lease renewal only when the job explicitly needs it

    • Works Well With