Last active
May 29, 2023 12:16
-
-
Save exAspArk/e210523a4bcb988cdfb24a114d46ddf0 to your computer and use it in GitHub Desktop.
https://github.com/hashicorp/vault API usage example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install https://www.vaultproject.io/ | |
| brew install vault | |
| # Start dev vault server in a separate terminal | |
| vault server -dev | |
| # ==> Vault server configuration: | |
| # ... | |
| # Unseal Key: 7ACQHhLZY5ivzNzhMruX9kSa+VXCah3y87hl3dPSWFk= | |
| # Root Token: 858a6658-682e-345a-e4c4-a6e14e6f7853 | |
| # Check that it works | |
| export ROOT_TOKEN=858a6658-682e-345a-e4c4-a6e14e6f7853 | |
| curl http://127.0.0.1:8200/v1/sys/init | |
| # {"initialized":true} | |
| # Use root token | |
| export VAULT_TOKEN=$ROOT_TOKEN | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/token/lookup-self | |
| # {"request_id":"782a5bb9-a93a-c941-6e9e-df0f4a8c470e","lease_id":"","renewable":false,"lease_duration":0,"data":{"accessor":"818a0619-cb14-c773-00a8-98a721b31037","creation_time":1484065896,"creation_ttl":0,"display_name":"root","explicit_max_ttl":0,"id":"858a6658-682e-345a-e4c4-a6e14e6f7853","meta":null,"num_uses":0,"orphan":true,"path":"auth/token/root","policies":["root"],"ttl":0},"wrap_info":null,"warnings":null,"auth":null} | |
| # Enable approle auth | |
| curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"type":"approle"}' http://127.0.0.1:8200/v1/sys/auth/approle | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/sys/auth | |
| # {"token/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"token based credentials","type":"token"},"approle/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"","type":"approle"},"request_id":"eca2e6ac-7e92-9370-f224-e1827d40df7a","lease_id":"","renewable":false,"lease_duration":0,"data":{"approle/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"","type":"approle"},"token/":{"config":{"default_lease_ttl":0,"max_lease_ttl":0},"description":"token based credentials","type":"token"}},"wrap_info":null,"warnings":null,"auth":null} | |
| # Create policy | |
| curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"rules": "{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}"}' http://127.0.0.1:8200/v1/sys/policy/dev | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/sys/policy/dev | |
| # {"name":"dev","rules":"{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}","request_id":"b171e046-ce5a-d55d-2fd6-20ef3bc01adc","lease_id":"","renewable":false,"lease_duration":0,"data":{"name":"dev","rules":"{\"name\": \"dev\", \"path\": {\"secret/*\": {\"policy\": \"write\"}}}"},"wrap_info":null,"warnings":null,"auth":null} | |
| # Create roles | |
| curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"policies":"dev"}' http://127.0.0.1:8200/v1/auth/approle/role/app | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role\?list\=true | |
| # {"request_id":"8de3b02d-bbe3-b8b1-5072-c6ff26ef8633","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["app"]},"wrap_info":null,"warnings":null,"auth":null} | |
| # Get token for app | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role/app/role-id | |
| # {"request_id":"de5753ba-adb4-7691-f38a-23c9e7eb2caf","lease_id":"","renewable":false,"lease_duration":0,"data":{"role_id":"00f01bdc-62b4-7abf-a7d6-f190d370a576"},"wrap_info":null,"warnings":null,"auth":null} | |
| curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/approle/role/app/secret-id | |
| # {"request_id":"40de755e-e9a7-d07e-e487-cb5b9db5a3c2","lease_id":"","renewable":false,"lease_duration":0,"data":{"secret_id":"f7208480-4665-4062-72ee-d9d575b02a59","secret_id_accessor":"a8f9ba04-cd88-8087-b1cf-9d0dbf38c0fa"},"wrap_info":null,"warnings":null,"auth":null} | |
| curl -X POST -d '{"role_id":"00f01bdc-62b4-7abf-a7d6-f190d370a576","secret_id":"f7208480-4665-4062-72ee-d9d575b02a59"}' http://127.0.0.1:8200/v1/auth/approle/login | |
| # {"request_id":"b71c3ce5-1d00-5924-a24a-3124c58cd6f8","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":null,"auth":{"client_token":"69d26d5d-7bae-0688-9682-f1a3a8272cb8","accessor":"90c300cb-2533-7253-fa79-8aa3332abfbe","policies":["default","dev"],"metadata":{},"lease_duration":2764800,"renewable":true}} | |
| export APP_TOKEN=69d26d5d-7bae-0688-9682-f1a3a8272cb8 | |
| # Access as app | |
| export VAULT_TOKEN=$APP_TOKEN | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/auth/token/lookup-self | |
| # {"request_id":"06c1db47-e418-49f6-5eb3-d32c8d3b16b5","lease_id":"","renewable":false,"lease_duration":0,"data":{"accessor":"90c300cb-2533-7253-fa79-8aa3332abfbe","creation_time":1484066058,"creation_ttl":2764800,"display_name":"approle","explicit_max_ttl":0,"id":"69d26d5d-7bae-0688-9682-f1a3a8272cb8","meta":{},"num_uses":0,"orphan":true,"path":"auth/approle/login","policies":["default","dev"],"renewable":true,"ttl":2764762},"wrap_info":null,"warnings":null,"auth":null} | |
| curl -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"password":"drowssap"}' http://127.0.0.1:8200/v1/secret/user1 | |
| curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://127.0.0.1:8200/v1/secret/user1 | |
| # {"request_id":"1a8eba9b-a557-6eb1-139b-89f6204479bd","lease_id":"","renewable":false,"lease_duration":2764800,"data":{"password":"drowssap"},"wrap_info":null,"warnings":null,"auth":null} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment