Hashicorp Vault Test
Recording a quick test of Vault.
hashicorp vault: https://www.vaultproject.io
download vault executable and move to /usr/sbin so we have it in the path for this test. should rather be in /usr/local/bin
$ vault -autocomplete-install
$ exec $SHELL
$ vault server -dev
==> Vault server configuration:
Api Address: http://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.3.4
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
...new terminal
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ export VAULT_DEV_ROOT_TOKEN_ID="<...>"
$ vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.3.4
Cluster Name vault-cluster-f802bf67
Cluster ID aa5c7006-9c7c-c394-f1f4-1a9dafc17688
HA Enabled false
$ vault kv put secret/awscreds-iqonda {AWS_SECRET_ACCESS_KEY=<...>,AWS_ACCESS_KEY_ID=<...>}
Key Value
--- -----
created_time 2020-03-20T18:58:57.461120823Z
deletion_time n/a
destroyed false
version 4
$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"]'
{
"AWS_ACCESS_KEY_ID": "<...>",
"AWS_SECRET_ACCESS_KEY": "<...>"
}
$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"] | .AWS_ACCESS_KEY_ID'
<...>
$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"] | .AWS_SECRET_ACCESS_KEY'