hamdikh/vault-cheatsheet.md

## vault-cheatsheet.md

      
    Raw
  

              vault-cheatsheet.md
            
          
    Vault Cheat Sheet

Start the server in DEV mode

vault server -dev
Enable a Secrets Engine

vault secrets enable -path=<name of secret> kv
Write key value pair

vault write secret/<name of secret> <data kv pairs>
Write specific secret to file

vault kv put secret/<name of secret> @<file>
Or specify the contents of a file as a value:
vault kv put secret/<name of secret> value=@<file>
Read secret

vault read secret/<name of secret>
Read secret as JSON

vault read -format=json secret/<name of secret>
Read specific secret field

vault kv get -format=json secret/<name of secret> | jq -r .data.data.<name of field>

vault kv get -field=<name of field> secret/<name of secret>
Delete secret

vault delete secret/<name of secret>
Mount backend

vault mount kv
List mounts

vault mounts
Unmount

vault unmount kv
Mount aws back-end

vault mount aws
Create token

vault token create
Revoke token

vault token revoke
Authenticate

vault login <token>
Policies

Creating a policy

vault policy write <policy-name> <policy-file> ( V1 et V2 hcl might need to be implemented )
HCL example
# Normal servers have version 1 of KV mounted by default, so will need these
# paths:
path "secret/*" {
  capabilities = ["create"]
}
path "secret/foo" {
  capabilities = ["read"]
}

# Dev servers have version 2 of KV mounted by default, so will need these
# paths:
path "secret/data/*" {
  capabilities = ["create"]
}
path "secret/data/foo" {
  capabilities = ["read"]
}


Using a policy

vault token create -policy=<policy-name> [-no-default-policy]