All the commands, which has been used in this tutorial.
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install vault
vault vault -version
vault server -dev export VAULT_ADDR='http://127.0.0.1:8200'
vault status
Note: Please do not run DEV server in Production!
Writing A secret vault kv put secret/hello myname=avinash
Getting a secret vault kv get secret/hello
Deleting a secret vault kv delete secret/hello
- Enable A secret Engine vault secrets enable -path=kv kv OR vault secrets enable kv
Both has same meaning, however if we still run "vault secrets enable kv", it will give below error.
Executing this command will throw the path is already in use at kv/ error.
vault secrets list vault kv put kv/my-secret value="Abd)hgf" vault kv get kv/my-secret vault kv delete kv/my-secret
vault secrets disable kv/
vault secrets enable -path=aws aws vault path-help aws vault path-help aws/creds/my-non-existent-role
Enable the Github vault auth enable github The auth method is enabled and available at the path auth/github/
vault write auth/github/config organization=devops Now all users within the hashicorp GitHub organization are able to authenticate
vault write auth/github/map/teams/devops value=default,applications Where default & applications are the policies
vault auth list
vault auth help github
unset VAULT_TOKEN vault login -method=github
vault login root
vault token revoke -mode path auth/github
vault auth disable github
vault policy read default
vault policy write -h
vault policy write devops-policy (##Watch the video to complete this command , I cannot paste whole command here as angle bracket is not allowed in desc.)
vault policy list
vault policy read devops-policy
export VAULT_TOKEN="$(vault token create -field token -policy=devops-policy)"
vault token lookup | grep policies
vault kv put secret/creds password="my-devops-password" #Attempt to write to the secret/data/foo path vault kv put secret/foo team=devops
You will get permission denied error as path vault/data/foo has only READ access.
mkdir -p ./vault/data
vault server -config=config.hcl
#Launch a new terminal session, and set VAULT_ADDR environment variable export VAULT_ADDR='http://127.0.0.1:8200'
#initialize Vault vault operator init
#unsealing the Vault vault operator unseal
#Finally, authenticate as the initial root token vault login Initial_Root_Token
pgrep -f vault | xargs kill rm -rf ./vault/data
storage "raft" {
path = "/vault/data"
node_id = "vault1"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "true"
}
api_addr = "http://127.0.0.1:8200"
cluster_addr = "http://127.0.0.1:8201"
ui = true
disable_mlock = true
- consul kv export
- consul kv import
- consul kv delete core/lock