Tags: dotindustries/vx
Tags
fix: correct OIDC auth_url and callback API paths The Vault OIDC JWT plugin registers routes under an internal oidc/ prefix within the mount point. When mounted at "oidc", the correct paths are auth/oidc/oidc/auth_url and auth/oidc/oidc/callback — not auth/oidc/auth_url and auth/oidc/callback. Also switch the callback from Write (PUT) to ReadWithData (GET) to match the official vault CLI behaviour, fixing HTTP 405 errors.
feat(tui): add interactive terminal UI for browsing and managing secrets Implements a dual-pane Bubble Tea TUI accessible via `vx tui` (alias: `vx browse`) for interactively browsing workspaces, filtering secrets, resolving values from Vault on demand, and performing CRUD operations on vx.toml secret mappings. Key features: - Dual-pane layout: workspace list (left) + secret table (right) - Vim-style navigation (j/k, Tab to switch panes) - Real-time secret filtering with `/` - Environment picker popup (`e`) - On-demand Vault secret resolution with detail popup (Enter) - Clipboard copy of resolved values (`c`) - Vault KV tree browser for discovering secret paths (`a`) - Add/edit/delete secret mappings with comment-preserving TOML edits - Help overlay (`?`) with full keybinding reference Architecture: - Bridge pattern decouples TUI from Cobra flag variables - Elm architecture (Model/Update/View) enables pure-function testing - tomledit for AST-preserving TOML modifications - New vault.ListKeys() for KV v2 metadata browsing
feat(list): add --format=dotenv to resolve and output secrets as KEY=… …VALUE Adds a --format flag to `vx list` with two modes: - table (default): shows Vault path mappings without fetching - dotenv: authenticates with Vault, resolves all secrets, and outputs sorted KEY=VALUE pairs suitable for piping to a .env file