Difference between revisions of "HashiCorp Vault"
Jump to navigation
Jump to search
↑ https://docs.gitlab.com/ee/ci/secrets/
(20 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users. | [[wikipedia:HashiCorp|Vault]] ([[2015]]) provides [[secrets management]], [[identity-based access]], [[encrypting]] application data and [[auditing]] of secrets for applications, systems, and users. | ||
− | + | * Autorotation | |
− | * | ||
− | + | == Installation == | |
− | + | * macOS: <code>[[brew install vault]]</code> | |
− | + | * [[Kubernetes]]: | |
− | + | :[[helm repo add hashicorp]] https://helm.releases.hashicorp.com && [[helm repo update]] | |
+ | :[[helm install]] vault hashicorp/vault --set "server.dev.enabled=true" | ||
+ | |||
+ | * Pricing: https://www.hashicorp.com/products/vault/pricing | ||
== Commands == | == Commands == | ||
* <code>[[vault -version]]</code> | * <code>[[vault -version]]</code> | ||
+ | * <code>[[vault login]]</code> | ||
* <code>[[vault kv put]]</code> | * <code>[[vault kv put]]</code> | ||
* <code>[[vault kv get]]</code> | * <code>[[vault kv get]]</code> | ||
+ | * <code>[[vault auth]]</code> | ||
* <code>[[vault auth enable jwt]]</code> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref> | * <code>[[vault auth enable jwt]]</code> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref> | ||
* <code>[[vault secrets enable]] [[pki]]</code> | * <code>[[vault secrets enable]] [[pki]]</code> | ||
Line 18: | Line 22: | ||
* <code>[[vault server]]</code> | * <code>[[vault server]]</code> | ||
* <code>[[vault server -config]]</code> | * <code>[[vault server -config]]</code> | ||
+ | * <code>[[vault policy list]]</code> | ||
* <code>[[vault policy read default]]</code> | * <code>[[vault policy read default]]</code> | ||
+ | * <code>[[vault policy write]]</code> | ||
+ | * <code>[[vault operator init]]</code> | ||
+ | * <code>[[vault token create]]</code> | ||
+ | * <code>[[vault token capabilities]]</code> | ||
+ | * <code>[[vault audit enable file]]</code> | ||
Starting vault: | Starting vault: | ||
Line 84: | Line 94: | ||
== Related terms == | == Related terms == | ||
* [[X.509]] | * [[X.509]] | ||
− | |||
* [[GitLab Integration]] | * [[GitLab Integration]] | ||
+ | * [[Raft]] | ||
+ | * Web UI: https://localhost:8200/ui/ | ||
+ | * [[Terraform Vault]] | ||
== See also == | == See also == | ||
− | * {{Vault}} | + | * {{vault}} |
+ | * {{HashiCorp Vault}} | ||
* {{secrets}} | * {{secrets}} | ||
Latest revision as of 08:40, 22 May 2024
Vault (2015) provides secrets management, identity-based access, encrypting application data and auditing of secrets for applications, systems, and users.
- Autorotation
Installation[edit]
- macOS:
brew install vault
- Kubernetes:
- helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update
- helm install vault hashicorp/vault --set "server.dev.enabled=true"
Commands[edit]
vault -version
vault login
vault kv put
vault kv get
vault auth
vault auth enable jwt
[1]vault secrets enable pki
vault policy write
vault server
vault server -config
vault policy list
vault policy read default
vault policy write
vault operator init
vault token create
vault token capabilities
vault audit enable file
Starting vault:
vault server -dev .../... export VAULT_DEV_ROOT_TOKEN_ID="s.TVr0O4kUldB9uPKOkq78XJPT" export VAULT_ADDR='http://127.0.0.1:8200' vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version 1.3.4 Cluster Name vault-cluster-2ebb06b4 Cluster ID b4fc7a4e-874b-a219-df41-b9ddb9dgg581 HA Enabled false
vault kv put secret/hello foo=world MY_FIRST_KEY=MY_FIRST_VALUE
vault kv put secret/hello foo=world ADDITIONAL_KEY=ADDITIONAL_VALUE
Read:
vault kv get secret/hello ====== Metadata ====== Key Value --- ----- created_time 2020-03-29T13:34:29.337076Z deletion_time n/a destroyed false version 2 ===== Data ===== Key Value --- ----- MY_FIRST_KEY MY_FIRST_VALUE ADDITIONAL_KEY ADDITIONAL_VALUE
vault kv get -field=ADDITIONAL_KEY secret/hello ADDITIONAL_VALUE
vault server -dev
Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use
vault kv put secret/hello foo=world Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: dial tcp 127.0.0.1:8200: connect: connection refused
vault kv put secret/hello foo=world Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: http: server gave HTTP response to HTTPS client
vault server -config vault-config.hcl error loading configuration from vault-config.hcl: stat vault-config.hcl: no such file or directory
Vault Changelog[edit]
Related terms[edit]
See also[edit]
vault [ secrets enable | kv put | kv get | server | operator | auth | token | secrets | auth enable | status
] Vault Changelog,vault help
- Hashicorp Vault, Vault Web UI,
vault
, Vault Changelog - Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising: