Installation
The Vault SDK supports npm, pnpm, yarn, Docker, and self-hosted deployments. Choose the method that fits your stack.
Package Managers
Install the SDK with your preferred package manager. All three are fully supported.
npm
$ npm install @vault/sdk --savepnpm
$ pnpm add @vault/sdkyarn
$ yarn add @vault/sdkThe SDK ships ESM and CJS builds. No bundler config needed for Next.js, Vite, or esbuild.
Docker
Add the SDK to your Dockerfile. Pass your API key as a build arg or runtime secret — never bake it into the image.
Dockerfile
FROM node:20-alpine AS deps WORKDIR /app COPY package*.json ./ RUN npm ci FROM node:20-alpine AS builder WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY . . RUN npm run build FROM node:20-alpine AS runner WORKDIR /app ENV NODE_ENV=production COPY --from=builder /app/.next ./.next COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/package.json ./package.json # Inject at runtime — never at build time ENV VAULT_API_KEY="" ENV VAULT_WORKSPACE="default" CMD ["node", "server.js"]
Do not set
VAULT_API_KEY in ENV with a real value. Use Docker secrets or your orchestration platform's secret injection at runtime.Self-Hosted
Point the SDK at your own Vault deployment by setting baseUrl in the client config. All other options behave identically.
lib/vault.ts
import { VaultClient } from '@vault/sdk';
export const vault = new VaultClient({
apiKey: process.env.VAULT_API_KEY!,
workspace: process.env.VAULT_WORKSPACE ?? 'default',
baseUrl: process.env.VAULT_BASE_URL ?? 'https://api.vault.dev',
});Peer Dependencies
zod^3.22Required. Schema validation for inputs and outputs.node>=18Required. Fetch API and AsyncIterator support.