Skip to content

Hashicorp vault test

wordpress meta

title: 'Hashicorp Vault Test'
date: '2020-03-21T08:31:37-05:00'
status: publish
permalink: /hashicorp-vault-test
author: admin
excerpt: ''
type: post
id: 1475
category:
    - Security
tag: []
post_format: []

Recording a quick test of Vault.

hashicorp vault: https://www.vaultproject.io

download vault executable and move to /usr/sbin so we have it in the path for this test. should rather be in /usr/local/bin

```bash $ vault -autocomplete-install $ exec $SHELL

$ vault server -dev ==> Vault server configuration:

         Api Address: http://127.0.0.1:8200
                 Cgo: disabled
     Cluster Address: https://127.0.0.1:8201
          Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
           Log Level: info
               Mlock: supported: true, enabled: false
       Recovery Mode: false
             Storage: inmem
             Version: Vault v1.3.4

WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory and starts unsealed with a single unseal key. The root token is already authenticated to the CLI, so you can immediately begin using Vault. ... ````

new terminal

```bash $ export VAULT_ADDR='http://127.0.0.1:8200' $ export VAULT_DEV_ROOT_TOKEN_ID="<...>"

$ vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version 1.3.4 Cluster Name vault-cluster-f802bf67 Cluster ID aa5c7006-9c7c-c394-f1f4-1a9dafc17688 HA Enabled false

$ vault kv put secret/awscreds-iqonda {AWS_SECRET_ACCESS_KEY=<...>,AWS_ACCESS_KEY_ID=<...>} Key Value --- ----- created_time 2020-03-20T18:58:57.461120823Z deletion_time n/a destroyed false version 4

$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"]' { "AWS_ACCESS_KEY_ID": "<...>", "AWS_SECRET_ACCESS_KEY": "<...>" }

$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"] | .AWS_ACCESS_KEY_ID' <...>

$ vault kv get -format=json secret/awscreds-iqonda | jq -r '.data["data"] | .AWS_SECRET_ACCESS_KEY' ````