Vault

HashiCorp Vault for secrets management. Store, access, and rotate credentials, tokens, and encryption keys securely.

35 commands

Browse by Topic

Getting Started

Quick setup and installation

3commands

Secrets (KV)

Key-value secrets

7commands

Authentication

Auth methods

5commands

Policies

Access control

4commands

Tokens

Token management

5commands

Secrets Engines

Enable & configure

5commands

Operator

Server administration

6commands

Start Vault dev server

$ vault server -dev

Start Vault in development mode (insecure, for local testing only)

Set Vault address

$ export VAULT_ADDR='http://127.0.0.1:8200'

Configure Vault CLI to connect to local dev server

Check Vault status

$ vault status

Display the current status of the Vault server

Write secret (KV v2)

$ vault kv put -mount=secret myapp/config username=admin password=secret123

Write a secret to KV v2 secrets engine.

Read secret

$ vault kv get -mount=secret myapp/config

Read a secret from KV secrets engine.

Read specific field

$ vault kv get -mount=secret -field=password myapp/config

Read a specific field from a secret.

List secrets

$ vault kv list -mount=secret myapp/

List secrets at a path.

Delete secret

$ vault kv delete -mount=secret myapp/config

Delete a secret (soft delete in v2).

Get secret metadata

$ vault kv metadata get -mount=secret myapp/config

Get secret metadata including versions.

Rollback to version

$ vault kv rollback -mount=secret -version=2 myapp/config

Rollback secret to a previous version.

Login with token

$ vault login hvs.xxxxx

Authenticate using a Vault token.

Login with userpass

$ vault login -method=userpass username=admin

Enable auth method

$ vault auth enable kubernetes

Enable Kubernetes authentication method.

List auth methods

$ vault auth list

List enabled authentication methods.

Configure K8s auth

$ vault write auth/kubernetes/config kubernetes_host="https://kubernetes.default.svc"

Configure Kubernetes auth method.

Write policy

$ vault policy write myapp-policy myapp-policy.hcl

Create policy from HCL file.

List policies

$ vault policy list

List all policies.

Read policy

$ vault policy read myapp-policy

Read a policy definition.

Delete policy

$ vault policy delete myapp-policy

Delete a policy.

Create token

$ vault token create -policy=myapp-policy -ttl=1h

Create a new token with policy.

Lookup token

$ vault token lookup

Look up current token information.

Renew token

$ vault token renew

Renew current token's lease.

Revoke token

$ vault token revoke hvs.xxxxx

Revoke a specific token.

Create periodic token

$ vault token create -policy=myapp-policy -period=24h

Create a periodic token for services.

Enable KV v2

$ vault secrets enable -path=secret -version=2 kv

Enable KV v2 secrets engine.

List secrets engines

$ vault secrets list

List enabled secrets engines.

Enable transit

$ vault secrets enable transit

Enable transit encryption engine.

Enable PKI

$ vault secrets enable pki

Enable PKI secrets engine.

Disable engine

$ vault secrets disable secret/

Disable a secrets engine.

Initialize Vault

$ vault operator init -key-shares=5 -key-threshold=3

Initialize a new Vault cluster.

Unseal Vault

$ vault operator unseal

Unseal Vault with unseal key.

Seal Vault

$ vault operator seal

Seal Vault (emergency).

Check status

$ vault status

Check Vault server status.

Raft snapshot

$ vault operator raft snapshot save backup.snap

Create a Raft storage snapshot.

Raft list peers

$ vault operator raft list-peers

List Raft cluster peers.

Discussion

Loading comments...

Vault

HashiCorp Vault for secrets management. Store, access, and rotate credentials, tokens, and encryption keys securely.

35 commands

Browse by Topic

Getting Started

Quick setup and installation

3commands

Secrets (KV)

Key-value secrets

7commands

Authentication

Auth methods

5commands

Policies

Access control

4commands

Tokens

Token management

5commands

Secrets Engines

Enable & configure

5commands

Operator

Server administration

6commands

Start Vault dev server

$ vault server -dev

Start Vault in development mode (insecure, for local testing only)

Set Vault address

$ export VAULT_ADDR='http://127.0.0.1:8200'

Configure Vault CLI to connect to local dev server

Check Vault status

$ vault status

Display the current status of the Vault server

Write secret (KV v2)

$ vault kv put -mount=secret myapp/config username=admin password=secret123

Write a secret to KV v2 secrets engine.

Read secret

$ vault kv get -mount=secret myapp/config

Read a secret from KV secrets engine.

Read specific field

$ vault kv get -mount=secret -field=password myapp/config

Read a specific field from a secret.

List secrets

$ vault kv list -mount=secret myapp/

List secrets at a path.

Delete secret

$ vault kv delete -mount=secret myapp/config

Delete a secret (soft delete in v2).

Get secret metadata

$ vault kv metadata get -mount=secret myapp/config

Get secret metadata including versions.

Rollback to version

$ vault kv rollback -mount=secret -version=2 myapp/config

Rollback secret to a previous version.

Login with token

$ vault login hvs.xxxxx

Authenticate using a Vault token.

Login with userpass

$ vault login -method=userpass username=admin

Enable auth method

$ vault auth enable kubernetes

Enable Kubernetes authentication method.

List auth methods

$ vault auth list

List enabled authentication methods.

Configure K8s auth

$ vault write auth/kubernetes/config kubernetes_host="https://kubernetes.default.svc"

Configure Kubernetes auth method.

Write policy

$ vault policy write myapp-policy myapp-policy.hcl

Create policy from HCL file.

List policies

$ vault policy list

List all policies.

Read policy

$ vault policy read myapp-policy

Read a policy definition.

Delete policy

$ vault policy delete myapp-policy

Delete a policy.

Create token

$ vault token create -policy=myapp-policy -ttl=1h

Create a new token with policy.

Lookup token

$ vault token lookup

Look up current token information.

Renew token

$ vault token renew

Renew current token's lease.

Revoke token

$ vault token revoke hvs.xxxxx

Revoke a specific token.

Create periodic token

$ vault token create -policy=myapp-policy -period=24h

Create a periodic token for services.

Enable KV v2

$ vault secrets enable -path=secret -version=2 kv

Enable KV v2 secrets engine.

List secrets engines

$ vault secrets list

List enabled secrets engines.

Enable transit

$ vault secrets enable transit

Enable transit encryption engine.

Enable PKI

$ vault secrets enable pki

Enable PKI secrets engine.

Disable engine

$ vault secrets disable secret/

Disable a secrets engine.

Initialize Vault

$ vault operator init -key-shares=5 -key-threshold=3

Initialize a new Vault cluster.

Unseal Vault

$ vault operator unseal

Unseal Vault with unseal key.

Seal Vault

$ vault operator seal

Seal Vault (emergency).

Check status

$ vault status

Check Vault server status.

Raft snapshot

$ vault operator raft snapshot save backup.snap

Create a Raft storage snapshot.

Raft list peers

$ vault operator raft list-peers

List Raft cluster peers.

Discussion

Loading comments...