approle hashicorp vault
#Create Approle e.g jenkins in vault with policy "jenkins-policy"
vault write auth/approle/role/jenkins token_policies="jenkins-policy"
vault write auth/approle/role/mysql token_policies="approle-policy" token_ttl=1h token_max_ttl=4h
vault write sys/auth/jenkins type=approle
#Read the same
vault read auth/approle/role/jenkins
vault read auth/approle/role/mysql
#Generate role ID and secret ID
vault read auth/approle/role/jenkins/role-id
vault write -f auth/approle/role/jenkins/secret-id
#Check with login of role
vault write auth/approle/login role_id="<PUT ROLE ID GENERATED FROM ABOVE COMMAND>"
secret_id="<PUT SECRET ID>"
#Secure the secret-id as its the password with response wrapping
vault write -wrap-ttl=60s -f auth/approle/role/jenkins/secret-id
#Use secretID associated with the approle to a certain number or times after that it expires and new secret ID need to be generated
vault write auth/approle/role/jenkins token_policies="jenkins" \
token_ttl=1h token_max_ttl=4h \
secret_id_num_uses=10
#Reading Secrets with Approle created login token from above
VAULT_TOKEN=<TOKEN_OUTPUT_FROM_ABOVE_COMMAND> vault kv get secret/mysql/webapp