Bootstrap FreeKB - Hashicorp Vault - Login to the vault using the REST API
Hashicorp Vault - Login to the vault using the REST API
Updated:   |  Hashicorp Vault articles

This assumes you have installed the Hashicorp vault and that the vault is up and running and that you have unsealed the vault.

A POST request can be submitted to the /v1/auth/approle/login endpoint to login to the Hashicorp Vault. Here is an example using cURL.

curl \
--request POST \
--url https://vault.example.com/v1/auth/approle/login \
--data '{"role_id": "abc123ef-456a-abcd-1234-abcdefg12345", "secret_id": "xyz123xy-z123-xyz1-23xy-z123xyz123xy" }'

 

Something like this should be returned.

{
 "request_id":"5fa03d55-3a98-5eac-c477-15749d3e1554",
 "lease_id":"",
 "renewable":false,
 "lease_duration":0,
 "data":null,
 "wrap_info":null,
 "warnings":null,
 "auth":{
  "client_token":"hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF",
  "accessor":"WFA7VlSkLgNvhFwE2w9lGzfG",
  "policies":["default","my_policy"],
  "token_policies":["default","my_policy"],
  "metadata":{"role_name":"my-role"},
  "lease_duration":7200,
  "renewable":true,
  "entity_id":"57e8744f-ff37-6127-5565-2a53d1dd4200",
  "token_type":"service",
  "orphan":true,
  "mfa_requirement":null,"num_uses":0
 }
}

 

Notice in this example that the client_token is hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF. You would use the client token is subsequent requests. For example, in a GET request to retrieve a secret.

curl \
--request GET \
--header "X-Vault-Token: hvs.CAESIM-sHUpvPJCeoSHl1dI26p8q3-ZO3_OhDVZbTw65IaGFGiUKHGh2cy53WUFVY25NZ1ZqRjBFOW1GMHlWMFkweTQQh5iAAxgF" \
--url https://vault.example.com/v1/my_team/data/my_secret

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 8a5168 in the box below so that we can be sure you are a human.