Answers for "secrets kv-v1 in vault"

0

secrets kv-v1 in vault

#Enable Key/value version 1 as secret engine 
 $ vault secrets enable -path="kv-v1" kv

#Put the key for google owned by engineering team this is an example to understand better for path
 $ vault kv put kv-v1/<PATH> <KEY>=VALUE>
 $ vault kv put kv-v1/eng/apikey/google key=<KEY_TO_PUT>
 $ vault kv put kv-v1/<OWNER>/apikey/<APP>

#Read the Value from the above key
 $ vault kv get kv-v1/eng/apikey/google
 $ vault read kv-v1/eng/apikey/google

#Path Convention for storing the certificate
#  kv-v1/<ENVIRONMENT>/cert/<SYSTEM>
 $ vault kv put kv-v1/prod/cert/mysql [email protected]
 $ vault policy write apps - << EOF
# Read-only permit
path "kv-v1/eng/apikey/Google" {
  capabilities = [ "read" ]
}

# Read-only permit
path "kv-v1/prod/cert/mysql" {
  capabilities = [ "read" ]
}
EOF

#Create a new token and use that to check the contents of that 
 $ vault create token -policy=apps -period=24h
 $ VAULT_TOKEN=<TOKEN_FROM_ABOVE> vault kv get -field=key kv-v1/eng/apikey/google
 $ VAULT_TOKEN=<TOKEN> vault kv get -field=cert kv-v1/prod/cert/mysql

#To hide the key output in the CLI  and not visible in history use below 
#Option 1: Use a dash "-"
#An easy technique is to use a dash "-" and then press Enter. This allows you to enter the secret on a new line. After entering the secret, press Ctrl+d to end the pipe which will write the secret to the Vault.

 $ vault kv get kv-v1/eng/apikey/google key=-
 
#Option 2: Read the secret from a file
 $ vault kv put kv-v1/eng/apikey/google @apikey.txt

#Option 3: Disable all vault command history
 $ export HISTIGNORE="&:vault*"
 
#How do I save multiple values at once?
 $ vault kv put kv-v1/dev/config/mongodb url=foo.example.com:35533 \
        db_name=users \
        username=admin password=passw0rd
Posted by: Guest on October-29-2020

Code answers related to "Shell/Bash"

Browse Popular Code Answers by Language