2017-09-07 09:42:31 +01:00
|
|
|
# vault
|
|
|
|
|
|
2017-09-07 17:50:18 +01:00
|
|
|
> A CLI to interact with HashiCorp Vault.
|
2017-09-07 09:42:31 +01:00
|
|
|
|
|
|
|
|
- Create a new vault, requiring at least 2 out of 5 keyshares to unseal:
|
|
|
|
|
|
|
|
|
|
`vault init -key-shares={{5}} -key-threshold={{2}}`
|
|
|
|
|
|
2017-09-08 06:40:26 +01:00
|
|
|
- Unseal the vault by providing one of the keyshares. Repeat with necessary key-shares until unsealed:
|
2017-09-07 09:42:31 +01:00
|
|
|
|
|
|
|
|
`vault unseal {{key-share-x}}`
|
|
|
|
|
|
|
|
|
|
- Authenticate client against vault, using an authentication token:
|
|
|
|
|
|
|
|
|
|
`vault auth {{authentication-token}}`
|
|
|
|
|
|
2017-09-07 20:30:59 +01:00
|
|
|
- Store a new secret in the vault using the generic back-end called secret:
|
2017-09-07 09:42:31 +01:00
|
|
|
|
2017-09-07 20:30:59 +01:00
|
|
|
`vault write secret/{{hello}} value={{world}}`
|
2017-09-07 09:42:31 +01:00
|
|
|
|
2017-09-07 20:30:59 +01:00
|
|
|
- Read a value from the vault using the generic back-end called secret:
|
2017-09-07 09:42:31 +01:00
|
|
|
|
2017-09-07 20:30:59 +01:00
|
|
|
`vault read secret/{{hello}}`
|
2017-09-07 09:42:31 +01:00
|
|
|
|
2017-09-07 17:50:18 +01:00
|
|
|
- Seal the vault again:
|
2017-09-07 09:42:31 +01:00
|
|
|
|
|
|
|
|
`vault seal`
|
