diff --git a/vault/justfile b/vault/justfile
index 79cb285..d84c013 100644
--- a/vault/justfile
+++ b/vault/justfile
@@ -12,12 +12,14 @@ SECRET_PATH := "secret"
 [private]
 _vault_root_env_setup := '''
     if [ -z "${VAULT_TOKEN:-}" ]; then
-        echo "" >&2
-        echo "💡 To avoid entering Vault root token repeatedly:" >&2
-        echo "   • Set environment variable: export VAULT_TOKEN=your_root_token" >&2
-        echo "   • or write it in .env.local file: VAULT_TOKEN=your_root_token" >&2
-        echo "   • Use 1Password reference: VAULT_TOKEN=op://vault/root/token" >&2
-        echo "" >&2
+        if [ "${VAULT_DEBUG}" = "true" ]; then
+            echo "" >&2
+            echo "💡 To avoid entering Vault root token repeatedly:" >&2
+            echo "   • Set environment variable: export VAULT_TOKEN=your_root_token" >&2
+            echo "   • or write it in .env.local file: VAULT_TOKEN=your_root_token" >&2
+            echo "   • Use 1Password reference: VAULT_TOKEN=op://vault/root/token" >&2
+            echo "" >&2
+        fi
         VAULT_TOKEN=$(gum input --prompt="Vault root token: " --password --width=100)
     elif [[ "${VAULT_TOKEN}" == op://* ]]; then
         if ! command -v op &>/dev/null; then
@@ -259,6 +261,13 @@ get path field:
     {{ _vault_oidc_env_setup }}
     vault kv get -mount=secret -field={{ field }} {{ path }}
 
+# Get key value with root token
+get-root path field:
+    #!/bin/bash
+    set -euo pipefail
+    {{ _vault_root_env_setup }}
+    vault kv get -mount=secret -field={{ field }} {{ path }}
+
 # Put key value
 put path *args:
     #!/bin/bash
@@ -266,6 +275,13 @@ put path *args:
     {{ _vault_oidc_env_setup }}
     vault kv put -mount=secret {{ path }} {{ args }}
 
+# Put key value with root token
+put-root path *args:
+    #!/bin/bash
+    set -euo pipefail
+    {{ _vault_root_env_setup }}
+    vault kv put -mount=secret {{ path }} {{ args }}
+
 # Delete key value
 delete path:
     #!/bin/bash
@@ -273,13 +289,27 @@ delete path:
     {{ _vault_oidc_env_setup }}
     vault kv delete -mount=secret {{ path }}
 
-# Check if key exists (non-interactive if VAULT_ADDR and VAULT_TOKEN are set)
+# Delete key value with root token
+delete-root path:
+    #!/bin/bash
+    set -euo pipefail
+    {{ _vault_root_env_setup }}
+    vault kv delete -mount=secret {{ path }}
+
+# Check if key exists
 exist path:
     #!/bin/bash
     set -euo pipefail
     {{ _vault_oidc_env_setup }}
     vault kv get -mount=secret {{ path }} &>/dev/null
 
+# Check if key exists with root token
+exist-root path:
+    #!/bin/bash
+    set -euo pipefail
+    {{ _vault_root_env_setup }}
+    vault kv get -mount=secret {{ path }} &>/dev/null
+
 # Check the environment
 [private]
 check-env: