2017-09-07 10:42:31 +02:00
|
|
|
# vault
|
|
|
|
|
|
2023-07-16 19:23:40 +02:00
|
|
|
> Interact with HashiCorp Vault.
|
2019-06-03 02:06:36 +02:00
|
|
|
> More information: <https://www.vaultproject.io/docs/commands>.
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-08 14:21:37 +02:00
|
|
|
- Connect to a Vault server and initialize a new encrypted data store:
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-08 14:21:37 +02:00
|
|
|
`vault init`
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-08 16:36:06 +02:00
|
|
|
- Unseal (unlock) the vault, by providing one of the key shares needed to access the encrypted data store:
|
2017-09-07 10:42:31 +02:00
|
|
|
|
|
|
|
|
`vault unseal {{key-share-x}}`
|
|
|
|
|
|
2017-09-08 16:36:06 +02:00
|
|
|
- Authenticate the CLI client against the Vault server, using an authentication token:
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2018-10-29 12:14:25 +01:00
|
|
|
`vault auth {{authentication_token}}`
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-08 16:36:06 +02:00
|
|
|
- Store a new secret in the vault, using the generic back-end called "secret":
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-07 21:30:59 +02:00
|
|
|
`vault write secret/{{hello}} value={{world}}`
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-08 16:36:06 +02:00
|
|
|
- Read a value from the vault, using the generic back-end called "secret":
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2017-09-07 21:30:59 +02:00
|
|
|
`vault read secret/{{hello}}`
|
2017-09-07 10:42:31 +02:00
|
|
|
|
2020-02-27 15:20:07 +01:00
|
|
|
- Read a specific field from the value:
|
|
|
|
|
|
|
|
|
|
`vault read -field={{field_name}} secret/{{hello}}`
|
|
|
|
|
|
2017-09-08 16:36:06 +02:00
|
|
|
- Seal (lock) the Vault server, by removing the encryption key of the data store from memory:
|
2017-09-07 10:42:31 +02:00
|
|
|
|
|
|
|
|
`vault seal`
|
