You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ vault server -dev
==> WARNING: Dev mode is enabled!
[...]
export VAULT_ADDR='http://127.0.0.1:8200'
[...]
Unseal Key: [...]
Root Token: [...]
[...]
==> Vault server started! Log data will stream in below:
[...]
Take note of the VAULT_ADDR value, the Unseal Key and Root Token.
$ vault write secret/hello value=world
Success! Data written to: secret/hello
Read a secret:
$ vault read secret/hello
Key Value
--- -----
refresh_interval 720h0m0s
value world
Delete a secret:
$ vault delete secret/hello
Success! Deleted 'secret/hello' if it existed.
Mount a backend:
$ vault mount generic
Successfully mounted 'generic' at 'generic'!
Inspect mounts:
$ vault mounts
Path Type Default TTL Max TTL Description
cubbyhole/ cubbyhole n/a n/a per-token private secret storage
generic/ generic system system
secret/ generic system system generic secret storage
sys/ system n/a n/a system endpoints used for control, policy and debugging
$ vault token-revoke $TOKEN
Success! Token revoked if it existed.
Authenticate with a token:
(using the Root Token that was printed when the dev server started)
$ vault auth $ROOT_TOKEN
Successfully authenticated! You are now logged in.
token: [...]
token_duration: 0
token_policies: [root]
The next step requires a GitHub account that's part of an ORGANIZATION and has a $PERSONAL_ACCESS_TOKEN with the user scope.
Authenticate with GitHub:
$ vault auth-enable github
Successfully enabled 'github' at 'github'!
$ vault write auth/github/config organization=$ORGANIZATION
Success! Data written to: auth/github/config
$ vault auth -method=github token=$PERSONAL_ACCESS_TOKEN
Successfully authenticated! You are now logged in.
The token below is already saved in the session. You do not
need to "vault auth" again with the token.
token: [...]
token_duration: 2592000
token_policies: [default]
$ vault auth $TOKEN
Successfully authenticated! You are now logged in.
token: [...]
token_duration: 2591912
token_policies: [default, secret]
Write to an allowed path:
$ vault write secret/bar value=yes
Success! Data written to: secret/bar
Try to write to a denied path:
$ vault write secret/foo value=yes
Error writing data to secret/foo: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/secret/foo
Code: 403. Errors:
* permission denied
Tested revision 7 in a clean and up-to-date Ubuntu Xenial amd64 KVM virtual machine.
No issues.