WhatsARanjit/shell.sh

## shell.sh
$ vault kv put secret/stuff fruit=apple color=red
== Secret Path ==
secret/data/stuff

======= Metadata =======
Key                Value
---                -----
created_time       2023-10-04T19:20:52.20066Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            1

$ vault policy write subkeys - <<EOP
path "secret/subkeys/stuff" {
  capabilities = ["read"]
}
EOP

$ vault token create -policy=subkeys
Key                  Value
---                  -----
token                hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
token_accessor       Qk2CpxScaMWJ4tN6TyZKqroY
token_duration       768h
token_renewable      true
token_policies       ["default" "subkeys"]
identity_policies    []
policies             ["default" "subkeys"]

$ vault login hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.

Key                  Value
---                  -----
token                hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
token_accessor       Qk2CpxScaMWJ4tN6TyZKqroY
token_duration       767h59m42s
token_renewable      true
token_policies       ["default" "subkeys"]
identity_policies    []
policies             ["default" "subkeys"]

$ vault read secret/subkeys/stuff
Key         Value
---         -----
metadata    map[created_time:2023-10-04T19:20:52.20066Z custom_metadata:<nil> deletion_time: destroyed:false version:1]
subkeys     map[color:<nil> fruit:<nil>]

➜  ~ vault read secret/data/stuff
Error reading secret/data/stuff: Error making API request.

URL: GET http://127.0.0.1:8200/v1/secret/data/stuff
Code: 403. Errors:

* 1 error occurred:
	* permission denied
	$ vault kv put secret/stuff fruit=apple color=red
	== Secret Path ==
	secret/data/stuff

	======= Metadata =======
	Key Value
	--- -----
	created_time 2023-10-04T19:20:52.20066Z
	custom_metadata <nil>
	deletion_time n/a
	destroyed false
	version 1

	$ vault policy write subkeys - <<EOP
	path "secret/subkeys/stuff" {
	capabilities = ["read"]
	}
	EOP

	$ vault token create -policy=subkeys
	Key Value
	--- -----
	token hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
	token_accessor Qk2CpxScaMWJ4tN6TyZKqroY
	token_duration 768h
	token_renewable true
	token_policies ["default" "subkeys"]
	identity_policies []
	policies ["default" "subkeys"]

	$ vault login hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
	Success! You are now authenticated. The token information displayed below
	is already stored in the token helper. You do NOT need to run "vault login"
	again. Future Vault requests will automatically use this token.

	Key Value
	--- -----
	token hvs.CAESIF0WT8L4i-HYRL67F1fZqqiLH9Wa56qs6Yx4Qu0-HbXHGh4KHGh2cy5IeEtHSmNKTGhKbXYwUXpteUxWcWZyZmQ
	token_accessor Qk2CpxScaMWJ4tN6TyZKqroY
	token_duration 767h59m42s
	token_renewable true
	token_policies ["default" "subkeys"]
	identity_policies []
	policies ["default" "subkeys"]

	$ vault read secret/subkeys/stuff
	Key Value
	--- -----
	metadata map[created_time:2023-10-04T19:20:52.20066Z custom_metadata:<nil> deletion_time: destroyed:false version:1]
	subkeys map[color:<nil> fruit:<nil>]

	➜ ~ vault read secret/data/stuff
	Error reading secret/data/stuff: Error making API request.

	URL: GET http://127.0.0.1:8200/v1/secret/data/stuff
	Code: 403. Errors:

	* 1 error occurred:
	* permission denied