Vault Simplified

These were the software dependencies that I used to make this guide up.

...this isn't a step by step kind of post, more, useful commands that might make life easier getting to know Vault.

Install Vault Client (Mac)

1brew tap hashicorp/tap
2brew install hashicorp/tap/vault

Install Vault Client (Win 10 or above)

1Winget install Hashicorp.Vault

Make sure you’ve got the right environment variables setup on your client machine, vault client uses these to connect and authenticate to the vault server. Each OS has its own way of setting these. First time you connect using the Client, use the root token and create yourself a less-able user:

1VAULT_ADDR=http://<vault-server-url>:8200
2VAULT_TOKEN=<token_data_for_current_secret_store>

As root, you might want to create a token (will time out after 32 days, unless renewed)…

1vault token create -policy=default -policy=anotherPolicy

Details of my token

1vault token lookup

List out keys in a store...

1vault kv list cubbyhole

Put a new secret in a tokens personal store

1vault kv put cubbyhole/2023-11-18 user=admin password=test

Get a secret (including its metadata) from a store

1vault kv get -format=json cubbyhole/2023-11-18 
2vault kv get cubbyhole/2023-11-18

Get the actual value from a specified path

1vault kv get -field=test cubbyhole/2023-11-18

Renew a token

1vault token renew

To access a centrally created engine and the secrets underneath, need to define this as a new policy…

1#allows enumeration of all secret engines
2path "sys/mounts" {
3  capabilities = ["read"]
4}
5
6#allows the any assigned token/client access into my central store of secrets
7path "mycentralstore/*" {
8  capabilities = ["read", "list"]
9}

…then create a token referencing that policy

1vault token create -policy=default -policy=anotherPolicy