Difference between revisions of "HashiCorp Vault"

From wikieduonline
Jump to navigation Jump to search
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users.
 
[[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users.
  
== MacOS installation ==
+
* Autorotation
* <code>[[brew install]] vault</code>
 
  
  To have launchd start vault now and restart at login:
+
== Installation ==
  [[brew services]] start vault
+
* macOS: <code>[[brew install vault]]</code>
Or, if you don't want/need a background service you can just run:
+
* [[Kubernetes]]:
  vault server -dev
+
:[[helm repo add hashicorp]] https://helm.releases.hashicorp.com && [[helm repo update]]
 +
:[[helm install]] vault hashicorp/vault --set "server.dev.enabled=true"
 +
 
 +
* Pricing: https://www.hashicorp.com/products/vault/pricing
  
 
== Commands ==
 
== Commands ==
 
* <code>[[vault -version]]</code>
 
* <code>[[vault -version]]</code>
 +
* <code>[[vault login]]</code>
 
* <code>[[vault kv put]]</code>
 
* <code>[[vault kv put]]</code>
 
* <code>[[vault kv get]]</code>
 
* <code>[[vault kv get]]</code>
 +
* <code>[[vault auth]]</code>
 
* <code>[[vault auth enable jwt]]</code> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref>
 
* <code>[[vault auth enable jwt]]</code> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref>
 
* <code>[[vault secrets enable]] [[pki]]</code>
 
* <code>[[vault secrets enable]] [[pki]]</code>
Line 18: Line 22:
 
* <code>[[vault server]]</code>
 
* <code>[[vault server]]</code>
 
* <code>[[vault server -config]]</code>
 
* <code>[[vault server -config]]</code>
 
+
* <code>[[vault policy list]]</code>
 +
* <code>[[vault policy read default]]</code>
 +
* <code>[[vault policy write]]</code>
 +
* <code>[[vault operator init]]</code>
 +
* <code>[[vault token create]]</code>
 +
* <code>[[vault token capabilities]]</code>
 +
* <code>[[vault audit enable file]]</code>
  
 
Starting vault:
 
Starting vault:
Line 84: Line 94:
 
== Related terms ==
 
== Related terms ==
 
* [[X.509]]
 
* [[X.509]]
* <code>[[vault secrets enable]] pki</code>
 
 
* [[GitLab Integration]]
 
* [[GitLab Integration]]
 +
* [[Raft]]
 +
* Web UI: https://localhost:8200/ui/
 +
* [[Terraform Vault]]
  
 
== See also ==
 
== See also ==
* {{Vault}}
+
* {{vault}}
 +
* {{HashiCorp Vault}}
 
* {{secrets}}
 
* {{secrets}}
  

Latest revision as of 08:40, 22 May 2024

Vault (2015) provides secrets management, identity-based access, encrypting application data and auditing of secrets for applications, systems, and users.

  • Autorotation

Installation[edit]

helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update
helm install vault hashicorp/vault --set "server.dev.enabled=true"

Commands[edit]

Starting vault:

 vault server -dev
 .../... 
export VAULT_DEV_ROOT_TOKEN_ID="s.TVr0O4kUldB9uPKOkq78XJPT"
export VAULT_ADDR='http://127.0.0.1:8200'
vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.3.4
Cluster Name    vault-cluster-2ebb06b4
Cluster ID      b4fc7a4e-874b-a219-df41-b9ddb9dgg581
HA Enabled      false


  • vault kv put secret/hello foo=world MY_FIRST_KEY=MY_FIRST_VALUE
  • vault kv put secret/hello foo=world ADDITIONAL_KEY=ADDITIONAL_VALUE

Read:

vault kv get secret/hello
 ====== Metadata ======
Key              Value
---              -----
created_time     2020-03-29T13:34:29.337076Z
deletion_time    n/a
destroyed        false
version          2

===== Data =====
Key        Value
---        -----
MY_FIRST_KEY    MY_FIRST_VALUE
ADDITIONAL_KEY        ADDITIONAL_VALUE


vault kv get -field=ADDITIONAL_KEY secret/hello
ADDITIONAL_VALUE
vault server -dev

Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use

 vault kv put secret/hello foo=world
 Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: dial tcp 127.0.0.1:8200: connect: connection refused
vault kv put secret/hello foo=world
Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: http: server gave HTTP response to HTTPS client
vault server -config vault-config.hcl
error loading configuration from vault-config.hcl: stat vault-config.hcl: no such file or directory

Vault Changelog[edit]

Related terms[edit]

See also[edit]

  • https://docs.gitlab.com/ee/ci/secrets/
  • Advertising: