Skip to main content

Vault

Required ports:

API: 8200, Cluster: 8201

Environment variables:

export VAULT_ADDR=http://127.0.0.1:8200

Vault init autounseal:

vault operator init -recovery-shares=1 -recovery-threshold=1

Check status:

vault statuscurl http://localhost:8500/v1/catalog/service/vault | jq .dig +short @127.0.0.1 -p 8600

Login to Vault CLI:

vault login xxx

Access UI:

http://x.x.x.x:8200/ui

Read secret via CLI:

vault read secret/data/base_test

Example API call to get secret:

curl \    -H "X-Vault-Token: xxx" \    -X GET \    https://vault.service.consul:8200/v1/secret/data/base-test

IAM auto-auth:

vault auth enable awsvault policy write "example-policy" -<<EOFpath "secret/example_*" {  capabilities = ["create", "read"]}EOFvault write auth/aws/role/role_iam_luiz_tf_test auth_type=iam bound_iam_principal_arn=arn:aws:iam::xxx:role/role_iam_luiz_tf_test  policies=example-policy max_ttl=500hvault login -address=https://vault.service.consul:8200 -method=aws header_value=vault.service.consul role=role_iam_luiz_tf_test