Difference between revisions of "HashiCorp Vault"

From wikieduonline
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users.
 
[[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users.
 +
 +
* Autorotation
  
 
== Installation ==
 
== Installation ==
 
* macOS: <code>[[brew install vault]]</code>
 
* macOS: <code>[[brew install vault]]</code>
 
* [[Kubernetes]]:
 
* [[Kubernetes]]:
[[helm repo add hashicorp]] https://helm.releases.hashicorp.com && [[helm repo update]]
+
:[[helm repo add hashicorp]] https://helm.releases.hashicorp.com && [[helm repo update]]
[[helm install]] vault hashicorp/vault --set "server.dev.enabled=true"
+
:[[helm install]] vault hashicorp/vault --set "server.dev.enabled=true"
 +
 
 +
* Pricing: https://www.hashicorp.com/products/vault/pricing
  
 
== Commands ==
 
== Commands ==
Line 93: Line 97:
 
* [[Raft]]
 
* [[Raft]]
 
* Web UI: https://localhost:8200/ui/
 
* Web UI: https://localhost:8200/ui/
 +
* [[Terraform Vault]]
  
 
== See also ==
 
== See also ==
* {{Vault}}
+
* {{vault}}
 +
* {{HashiCorp Vault}}
 
* {{secrets}}
 
* {{secrets}}
  

Latest revision as of 08:40, 22 May 2024

Vault (2015) provides secrets management, identity-based access, encrypting application data and auditing of secrets for applications, systems, and users.

  • Autorotation

Installation[edit]

helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update
helm install vault hashicorp/vault --set "server.dev.enabled=true"

Commands[edit]

Starting vault:

 vault server -dev
 .../... 
export VAULT_DEV_ROOT_TOKEN_ID="s.TVr0O4kUldB9uPKOkq78XJPT"
export VAULT_ADDR='http://127.0.0.1:8200'
vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.3.4
Cluster Name    vault-cluster-2ebb06b4
Cluster ID      b4fc7a4e-874b-a219-df41-b9ddb9dgg581
HA Enabled      false


  • vault kv put secret/hello foo=world MY_FIRST_KEY=MY_FIRST_VALUE
  • vault kv put secret/hello foo=world ADDITIONAL_KEY=ADDITIONAL_VALUE

Read:

vault kv get secret/hello
 ====== Metadata ======
Key              Value
---              -----
created_time     2020-03-29T13:34:29.337076Z
deletion_time    n/a
destroyed        false
version          2

===== Data =====
Key        Value
---        -----
MY_FIRST_KEY    MY_FIRST_VALUE
ADDITIONAL_KEY        ADDITIONAL_VALUE


vault kv get -field=ADDITIONAL_KEY secret/hello
ADDITIONAL_VALUE
vault server -dev

Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use

 vault kv put secret/hello foo=world
 Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: dial tcp 127.0.0.1:8200: connect: connection refused
vault kv put secret/hello foo=world
Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: http: server gave HTTP response to HTTPS client
vault server -config vault-config.hcl
error loading configuration from vault-config.hcl: stat vault-config.hcl: no such file or directory

Vault Changelog[edit]

Related terms[edit]

See also[edit]

  • https://docs.gitlab.com/ee/ci/secrets/
  • Advertising: