kimh/gist:793332590ce7d41d8dc04d59b50f7af7

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    Clojure stuff

(require 'circle-vault.core :reload)
(use 'circle-vault.core :reload)
(in-ns 'circle-vault.core)
(use 'clojure.pprint)

(def role-id "ec355569-a8a4-1688-a375-06d059789a9b")
(def secret-id "7c54fab1-7e00-aecf-6330-79589caaff1d")
(def token-grace-period 400)
(def client (-> (new-vault-client "http://127.0.0.1:8200" :app-role {:role-id role-id :secret-id secret-id}) (component/start)))

(write-secret client "secret/foo" {:host "localhost" :port 8765 :password "abc123"})

Bootstrapping

export ROOT_VAULT_TOKEN=""
export VAULT_TOKEN=$ROOT_VAULT_TOKEN 

Get secret

curl --dump-header - \
    -H "X-Vault-Token: $VAULT_TOKEN" \
    -X GET \
    http://127.0.0.1:8200/v1/cubbyhole/foo

Create secret

curl --dump-header - \
    -H "X-Vault-Token: $VAULT_TOKEN" \
    -H "Content-Type: application/json" \
    -X POST \
    -d '{"value":"foooo"}' \
    http://127.0.0.1:8200/v1/cubbyhole/foo

Create token

curl --dump-header - \
    -H "X-Vault-Token: $VAULT_TOKEN" \
    -H "Content-Type: application/json" \
    -X POST \
    http://127.0.0.1:8200/v1/auth/token/create

Create a temp token

curl --dump-header - \
    -H "X-Vault-Token: $VAULT_TOKEN" \
    -H "X-Vault-Wrap-Ttl: 300s" \
    -H "Content-Type: application/json" \
    -X POST \
    http://127.0.0.1:8200/v1/auth/token/create

Use temp token to get perm token (unwrap temp token)

curl --dump-header - \
    -H "X-Vault-Token: $VAULT_TOKEN" \
    -H "Content-Type: application/json" \
    -X POST \
    http://127.0.0.1:8200/v1/sys/wrapping/unwrap

Renew a token

curl --dump-header - \
         -H "X-Vault-Token: $VAULT_TOKEN" \
         -H "Content-Type: application/json" \
         -X PUT \
         -d '{"token":"<token itself>"}' \
         http://127.0.0.1:8200/v1/auth/token/renew