Back to module

#HashiCorp Vault

Industry-standard secret management.

#Installation

bash
1# Docker
2docker run -d --name vault \
3  -p 8200:8200 \
4  -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' \
5  hashicorp/vault
6
7# CLI
8export VAULT_ADDR='http://127.0.0.1:8200'
9export VAULT_TOKEN='myroot'

#Basic Operations

bash
1# Write secret
2vault kv put secret/myapp api_key=supersecret
3
4# Read secret
5vault kv get secret/myapp
6vault kv get -field=api_key secret/myapp
7
8# List secrets
9vault kv list secret/
10
11# Delete secret
12vault kv delete secret/myapp

#Dynamic Secrets

bash
1# Enable database engine
2vault secrets enable database
3
4# Configure database
5vault write database/config/postgres \
6  plugin_name=postgresql-database-plugin \
7  connection_url="postgresql://{{username}}:{{password}}@postgres:5432/mydb" \
8  allowed_roles="readonly"
9
10# Create role
11vault write database/roles/readonly \
12  db_name=postgres \
13  creation_statements="CREATE ROLE ..." \
14  default_ttl="1h"
15
16# Get dynamic credentials
17vault read database/creds/readonly

[!TIP] Pro Tip: Use dynamic secrets for databases - credentials auto-rotate!