vault server -dev
vault secrets enable -path=<name of secret> kv
vault write secret/<name of secret> <data kv pairs>
vault kv put secret/<name of secret> @<file>
Or specify the contents of a file as a value:
vault kv put secret/<name of secret> value=@<file>
vault read secret/<name of secret>
vault read -format=json secret/<name of secret>
vault kv get -format=json secret/<name of secret> | jq -r .data.data.<name of field>
vault kv get -field=<name of field> secret/<name of secret>
vault delete secret/<name of secret>
vault mount kv
vault mounts
vault unmount kv
vault mount aws
vault token create
vault token revoke
vault login <token>
vault policy write <policy-name> <policy-file> ( V1 et V2 hcl might need to be implemented )
HCL example
# Normal servers have version 1 of KV mounted by default, so will need these
# paths:
path "secret/*" {
capabilities = ["create"]
}
path "secret/foo" {
capabilities = ["read"]
}
# Dev servers have version 2 of KV mounted by default, so will need these
# paths:
path "secret/data/*" {
capabilities = ["create"]
}
path "secret/data/foo" {
capabilities = ["read"]
}
vault token create -policy=<policy-name> [-no-default-policy]