HashiCorp Vault
Vault (2015) provides secrets management, identity-based access, encrypting application data and auditing of secrets for applications, systems, and users.
- macOS:
brew install vault
- Kubernetes:
- helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update
- helm install vault hashicorp/vault --set "server.dev.enabled=true"
vault -version
vault login
vault kv put
vault kv get
vault auth
vault auth enable jwt
[1]vault secrets enable pki
vault policy write
vault server
vault server -config
vault policy list
vault policy read default
vault policy write
vault operator init
vault token create
vault token capabilities
vault audit enable file
Starting vault:
vault server -dev .../... export VAULT_DEV_ROOT_TOKEN_ID="s.TVr0O4kUldB9uPKOkq78XJPT" export VAULT_ADDR='' vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version 1.3.4 Cluster Name vault-cluster-2ebb06b4 Cluster ID b4fc7a4e-874b-a219-df41-b9ddb9dgg581 HA Enabled false
vault kv put secret/hello foo=world MY_FIRST_KEY=MY_FIRST_VALUE
vault kv put secret/hello foo=world ADDITIONAL_KEY=ADDITIONAL_VALUE
vault kv get secret/hello ====== Metadata ====== Key Value --- ----- created_time 2020-03-29T13:34:29.337076Z deletion_time n/a destroyed false version 2 ===== Data ===== Key Value --- ----- MY_FIRST_KEY MY_FIRST_VALUE ADDITIONAL_KEY ADDITIONAL_VALUE
vault kv get -field=ADDITIONAL_KEY secret/hello ADDITIONAL_VALUE
vault server -dev
Error initializing listener of type tcp: listen tcp bind: address already in use
vault kv put secret/hello foo=world Get dial tcp connect: connection refused
vault kv put secret/hello foo=world Get http: server gave HTTP response to HTTPS client
vault server -config vault-config.hcl error loading configuration from vault-config.hcl: stat vault-config.hcl: no such file or directory
