This assumes the following has already been done.
- Hashicorp Vault has been installed
- Hashicorp Vault has been initialized
- Hashicorp Vault has been unsealed
Let's say the secrets engine has been enabled with -path=secret/
~]# vault secrets enable -path=secret/ kv
Success! Enabled the kv secrets engine at: secret/
And let's say approle has been enabled and there is a role named "my-role" and contains a policy named "my-policy".
~]$ vault read auth/approle/role/my-role
Key Value
--- -----
policies [my-policy]
In this example, since the secrets engine has been enabled with -path=secret/ the policy path will need to begin with secret/
Let's say "my-policy" permits the following capabilities to "secret/my_path/*".
~]$ vault policy read my-policy
path "secret/my_path/*" {
capabilities = ["create", "delete", "list", "patch", "read", "update"]
}
Let's say you created a secret named demo at secret/my_path/demo using the vault kv put command and that you have the secret read permission.
The vault kv get command can be used to display the keys and vaults in a secret.
~]# vault kv get -mount=approle my_path/demo
Key Value
--- -----
created_time 2021-08-20T06:23:36.4062144572
deletion_time n/a
destroyed false
version 1
===== Data =====
Key Value
--- -----
foo bar
The -format option can be used to return the output in a particular format, such as JSON.
~]# vault kv get -format=json secret/demo
{
"request_id": "880b5500-53a6-64d3-298e-0c65cac6d566",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"data": {
"foo": "bar"
},
"metadata": {
"created_time": "2023-12-04T15:32:33.683476784Z",
"custom_metadata": null,
"deletion_time": "",
"destroyed": false,
"version": 1
}
},
"warnings": null
}
Did you find this article helpful?
If so, consider buying me a coffee over at 