Easy Vault Transit Demo

easy_vault_transit_demo.sh

# Log into your vault instance if you haven't already
vault login root
# Enable the transit secret engine
vault secrets enable transit
# Create a key
vault write -f transit/keys/my-key
# Read the key, nothing up my sleeves
vault read transit/keys/my-key
# Write some base64 encrypted data to the transit endpoint
vault write transit/encrypt/my-key plaintext=$(base64 <<< "my secret data")
# "Write" to the endpoint to decrypt the encrypted data.  Replace the cyphertext below with your own!
vault write -field=plaintext transit/decrypt/my-key ciphertext=vault:v1:d1AOjmTrduTO6Dy+u3ff2hcBGK4IMumjHpGWylsURvhzd4B3PkO3M6VxqA== | base64 --decode
my secret data
# Encrypt or decrypt local files with Vault with these functions
function vencrypt() {
  INPUTFILE=$1
  vault write -format=json transit/encrypt/my-key plaintext=@<(base64 -i $INPUTFILE) | jq -r '.data|.ciphertext'
}

function vdecrypt() {
  INPUTFILE=$1
  vault write -format=json transit/decrypt/my-key ciphertext=$(cat $INPUTFILE ) | jq -r '.data|.plaintext' | base64 -i -d
}