HashiCorp Vault

From wikieduonline
(Redirected from Hashicorp Vault)
Jump to navigation Jump to search

Vault (2015) provides secrets management, identity-based access, encrypting application data and auditing of secrets for applications, systems, and users.

  • Autorotation

Installation[edit]

helm repo add hashicorp https://helm.releases.hashicorp.com && helm repo update
helm install vault hashicorp/vault --set "server.dev.enabled=true"

Commands[edit]

Starting vault:

 vault server -dev
 .../... 
export VAULT_DEV_ROOT_TOKEN_ID="s.TVr0O4kUldB9uPKOkq78XJPT"
export VAULT_ADDR='http://127.0.0.1:8200'
vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.3.4
Cluster Name    vault-cluster-2ebb06b4
Cluster ID      b4fc7a4e-874b-a219-df41-b9ddb9dgg581
HA Enabled      false


  • vault kv put secret/hello foo=world MY_FIRST_KEY=MY_FIRST_VALUE
  • vault kv put secret/hello foo=world ADDITIONAL_KEY=ADDITIONAL_VALUE

Read:

vault kv get secret/hello
 ====== Metadata ======
Key              Value
---              -----
created_time     2020-03-29T13:34:29.337076Z
deletion_time    n/a
destroyed        false
version          2

===== Data =====
Key        Value
---        -----
MY_FIRST_KEY    MY_FIRST_VALUE
ADDITIONAL_KEY        ADDITIONAL_VALUE


vault kv get -field=ADDITIONAL_KEY secret/hello
ADDITIONAL_VALUE
vault server -dev

Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use

 vault kv put secret/hello foo=world
 Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: dial tcp 127.0.0.1:8200: connect: connection refused
vault kv put secret/hello foo=world
Get https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello: http: server gave HTTP response to HTTPS client
vault server -config vault-config.hcl
error loading configuration from vault-config.hcl: stat vault-config.hcl: no such file or directory

Vault Changelog[edit]

Related terms[edit]

See also[edit]

  • https://docs.gitlab.com/ee/ci/secrets/
  • Advertising: