-
-
Save auth-day/be91b9c8b061c2cfe2bc5ac5b2260ba9 to your computer and use it in GitHub Desktop.
https://github.com/hashicorp/vault API usage example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install https://www.vaultproject.io/ | |
brew install vault | |
# Start dev vault server in a separate terminal | |
vault server -dev | |
# ==> Vault server configuration: | |
# ... | |
# Unseal Key: 7ACQHhLZY5ivzNzhMruX9kSa+VXCah3y87hl3dPSWFk= | |
# Root Token: 858a6658-682e-345a-e4c4-a6e14e6f7853 | |
# Check that it works | |
export ROOT_TOKEN=858a6658-682e-345a-e4c4-a6e14e6f7853 | |
curl http://127.0.0.1:8200/v1/sys/init | |
# {"initialized":true} | |
# Use root token | |
export VAULT_TOKEN=$ROOT_TOKEN | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/token/lookup-self | |
# {"request_id":"782a5bb9-a93a-c941-6e9e-df0f4a8c470e","lease_id":"","renewable":false,"lease_duration":0,"data":{"accessor":"818a0619-cb14-c773-00a8-98a721b31037","creation_time":1484065896,"creation_ttl":0,"display_name":"root","explicit_max_ttl":0,"id":"858a6658-682e-345a-e4c4-a6e14e6f7853","meta":null,"num_uses":0,"orphan":true,"path":"auth/token/root","policies":["root"],"ttl":0},"wrap_info":null,"warnings":null,"auth":null} | |
# Enable approle auth | |
curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"type":"approle"}' http://127.0.0.1:8200/v1/sys/auth/approle | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/sys/auth | |
# {"token/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"token based credentials","type":"token"},"approle/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"","type":"approle"},"request_id":"eca2e6ac-7e92-9370-f224-e1827d40df7a","lease_id":"","renewable":false,"lease_duration":0,"data":{"approle/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"","type":"approle"},"token/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"token based credentials","type":"token"}},"wrap_info":null,"warnings":null,"auth":null} | |
# Create policy | |
curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"rules": "{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}"}' http://127.0.0.1:8200/v1/sys/policy/dev | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/sys/policy/dev | |
# {"name":"dev","rules":"{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}","request_id":"b171e046-ce5a-d55d-2fd6-20ef3bc01adc","lease_id":"","renewable":false,"lease_duration":0,"data":{"name":"dev","rules":"{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}"},"wrap_info":null,"warnings":null,"auth":null} | |
# Create roles | |
curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"dev"}' http://127.0.0.1:8200/v1/auth/approle/role/app | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role\?list\=true | |
# {"request_id":"8de3b02d-bbe3-b8b1-5072-c6ff26ef8633","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["app"]},"wrap_info":null,"warnings":null,"auth":null} | |
# Get token for app | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role/app/role-id | |
# {"request_id":"de5753ba-adb4-7691-f38a-23c9e7eb2caf","lease_id":"","renewable":false,"lease_duration":0,"data":{"role_id":"00f01bdc-62b4-7abf-a7d6-f190d370a576"},"wrap_info":null,"warnings":null,"auth":null} | |
curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role/app/secret-id | |
# {"request_id":"40de755e-e9a7-d07e-e487-cb5b9db5a3c2","lease_id":"","renewable":false,"lease_duration":0,"data":{"secret_id":"f7208480-4665-4062-72ee-d9d575b02a59","secret_id_accessor":"a8f9ba04-cd88-8087-b1cf-9d0dbf38c0fa"},"wrap_info":null,"warnings":null,"auth":null} | |
curl -X POST -d '{"role_id":"00f01bdc-62b4-7abf-a7d6-f190d370a576","secret_id":"f7208480-4665-4062-72ee-d9d575b02a59"}' http://127.0.0.1:8200/v1/auth/approle/login | |
# {"request_id":"b71c3ce5-1d00-5924-a24a-3124c58cd6f8","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":null,"auth":{"client_token":"69d26d5d-7bae-0688-9682-f1a3a8272cb8","accessor":"90c300cb-2533-7253-fa79-8aa3332abfbe","policies":["default","dev"],"metadata":{},"lease_duration":2764800,"renewable":true}} | |
export APP_TOKEN=69d26d5d-7bae-0688-9682-f1a3a8272cb8 | |
# Access as app | |
export VAULT_TOKEN=$APP_TOKEN | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/token/lookup-self | |
# {"request_id":"06c1db47-e418-49f6-5eb3-d32c8d3b16b5","lease_id":"","renewable":false,"lease_duration":0,"data":{"accessor":"90c300cb-2533-7253-fa79-8aa3332abfbe","creation_time":1484066058,"creation_ttl":2764800,"display_name":"approle","explicit_max_ttl":0,"id":"69d26d5d-7bae-0688-9682-f1a3a8272cb8","meta":{},"num_uses":0,"orphan":true,"path":"auth/approle/login","policies":["default","dev"],"renewable":true,"ttl":2764762},"wrap_info":null,"warnings":null,"auth":null} | |
curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"password":"drowssap"}' http://127.0.0.1:8200/v1/secret/user1 | |
curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/secret/user1 | |
# {"request_id":"1a8eba9b-a557-6eb1-139b-89f6204479bd","lease_id":"","renewable":false,"lease_duration":2764800,"data":{"password":"drowssap"},"wrap_info":null,"warnings":null,"auth":null} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment