Skip to content

Instantly share code, notes, and snippets.

@stenio123

stenio123/Vault_namespace_demo.md

Created October 12, 2018 21:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stenio123/a6e9f14863f1e7e87eee788c33308332 to your computer and use it in GitHub Desktop.
Save stenio123/a6e9f14863f1e7e87eee788c33308332 to your computer and use it in GitHub Desktop.
Download ZIP
Testing Vault Namespaces
Raw
Vault_namespace_demo.md

Vault Namespaces Demo

Vault Namespaces supports a variety of ways of interacting with Vault.

# Config
vault namespace create marketing

echo '
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}' | VAULT_NAMESPACE=marketing vault policy write test-policy -

vault write  secret/test value=newsecretInRoot
vault write -namespace=marketing  secret/test value=newsecretInMarketing

CLIENT_TOKEN=`VAULT_NAMESPACE=marketing vault token create -policy=test-policy -field=token`

# Different ways of retrieving the secret within the namespace
VAULT_TOKEN=$CLIENT_TOKEN vault read secret/test
VAULT_TOKEN=$CLIENT_TOKEN vault read marketing/secret/test
VAULT_NAMESPACE=marketing VAULT_TOKEN=$CLIENT_TOKEN vault read secret/test
VAULT_TOKEN=$CLIENT_TOKEN vault read -namespace=marketing secret/test
curl --header "X-Vault-Token: $CLIENT_TOKEN" --header "X-Vault-Namespace: marketing" $VAULT_ADDR/v1/secret/test
curl --header "X-Vault-Token: $CLIENT_TOKEN" $VAULT_ADDR/v1/marketing/secret/test

# Root secret
vault read secret/test
vault read marketing/secret/test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment