vault_exec
Execute shell commands with vault secrets injected as environment variables, never exposing secrets to the agent. Supports local and remote execution with automated secret injection and audit logging.
Instructions
Execute a shell command with a vault secret injected as an env var. The secret is never returned to the agent — it is injected into the subprocess and the Buffer is zeroed immediately after spawn.
Tier 1 and Tier 2 secrets execute automatically based on server-side access policy.
The vault entry's exec_config (set in dashboard) provides the injection recipe (env_key, pre_command, post_command). You may override it with inject_as if needed. For LOCAL exec an injection recipe is required; for REMOTE exec it is optional.
To run a remote command using only a vaulted SSH key (no secret injected), omit entry_id and pass remote_host with ssh_key_entry_id.
NEVER use shell escape patterns in command ($(), backticks, bash -c, sh -c, eval) — these are rejected before the secret is decrypted.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| entry_id | No | Vault entry ID (from vault_entries_list) of the secret to inject. Optional: omit it to run a remote command using only a vaulted SSH key (remote_host.ssh_key_entry_id) with no secret injected. | |
| purpose | Yes | Why this secret is needed (audit log). | |
| command | Yes | Full shell command to run (no escape patterns). | |
| working_dir | No | Optional working directory for the command. | |
| inject_as | No | Override exec_config injection recipe. Omit to use vault entry's exec_config. | |
| remote_host | No | Run the command on a remote machine via SSH. The secret is injected inside the remote shell via SSH stdin — no AcceptEnv/SendEnv configuration required on the remote host. Use ssh_key_entry_id (preferred) to load the SSH key from the vault so it is never exposed on the filesystem. Use ssh_key as a fallback path if the key is already on disk. |