| Date Added | Description | Link |
|---|---|---|
| 2019-11-26 | VaultEnv | https://github.com/channable/vaultenv |
| 2019-11-29 | Vault generic_secret provider | https://www.terraform.io/docs/providers/vault/d/generic_secret.html |
| 2019-11-29 | Vault kv engine | https://www.vaultproject.io/docs/secrets/kv/ |
| 2019-11-29 | Vault Auth Token API | https://www.vaultproject.io/api/auth/token/index.html |
vault server -config=/Users/gnotch/Dropbox/vault/vault.hcl
(by default, 3x with 3 diff unseal keys)
vault operator unseal
vault login
export VAULT_SKIP_VERIFY=true
vault -tls-skip-verify
vault login just creates ~/.vault-token
If you want other processes to use it from the einvronment, you must put the value of the token into env var with
export VAULT_TOKEN=
export VAULT_TOKEN=$(cat ~/.vault-token)
# create path + secrets engine
vault secrets enable -path=winternotch kv
# list secrets
vault secrets list
vault secrets list -detailed
# put
vault kv put winternotch/test foo=no
vault kv put winternotch/test foo=yes bar=no
# get
vault kv get winternotch/test
# list
vault kv list winternotch/
# key storage
vault kv put secret/hello foo=world
# packer variable
{
"variables": {
"my_secret": "{{ vault `/secret/data/hello` `foo`}}"
}
}
# example
vault kv put winternotch/vsphere_username value="[email protected]"
"vsphere_username": "{{ vault `winternotch/data/vsphere_username` `value`}}",
https://www.vaultproject.io/docs/commands/operator/init.html
vault operator init
# only make 1 unseal keys and only require one of them to unseal (sane for single user)
vault operator init \
-key-shares=1 \
-key-threshold=1
# encrypt vault keys with GPG
vault operator init \
-key-shares=3 \
-key-threshold=1 \
-pgp-keys="/Users/gnotch/Dropbox/crt/yubi-20180814-public-gpg.txt"