vault hashicorp cheat sheet
#Enabling and Disabling Auth Methods
$ vault auth enable userpass
$ vault auth list
$ vault auth list -detailed
$ vault auth enable -path=my-login userpass
$ vault write sys/auth/my-auth type=userpass
#Check
$ vault read sys/auth/
$ vault read sys/mounts/auth/token/tune
$ vault path-help auth/my-auth
#Creation/Lookup a token
$ vault token create
$ vault token create -format=json -policy="admin"
$ vault token lookup <TOKEN-ID>
#Create a token with use limit
$ vault token create -policy=default -use-limit=2
#Create periodic token with period of 24h
$ vault write auth/token/roles/zabbix allowed_policies="default" period="24h"
$ vault token create -role=zabbix
#Accessor token check
$ vault list auth/token/accessors
$ vault token lookup -accessor <TOKEN-ID>
#Login/Revoke/Renew with the new token
$ vault login <TOKENID>
$ vault login $VAULT_TOKEN
$ vault token revoke <TOKENID>
$ vault token renew <token>
$ vault token renew -increment=<EXTENSION> <TOKEN>
#Token Capabilities
$ vault token capabilities <TOKEN_ID> <PATH>
#login using the different auth method
$ vault login -method=<auth-method> token=<TOKEN_ID>
#Write Policy for different auth-Methods.
$ vault policy write <POLICY_NAME> <POLICY_FILE_PATH_WITH .HCL_EXTENSION>
#List all enabled policies:
$ vault policy list
#Delete the policy named my-policy:
$ vault policy delete my-policy
#Read the policy
$ vault policy read <POLICY_NAME>
#Wrapping the password like secret-id in approle method
$ vault write -wrap-ttl=60s -f auth/approle/role/jenkins/secret-id
#Generating Orphan Tokens
$ vault token create -orphan
/*Creation of the batch tokens. Notice that the token value is much longer than the service tokens.
This is because batch tokens are encrypted by the Vault's barrier*/
$ vault token create -type=batch -policy="test"