export VAULT_ADDR=http://0.0.0.0:8200 # Need to set the environment variable to use vault command
vault server -dev # Starts a development server
vault server -config=vault.json # Starts a production server using a configuration file
vault status # Shows status
vault kv put secret/secretName key=value # Creates a key value pair secret.
vault kv get secret/secretName # Gets a key value pair secret.
vault secrets list # Lists enabled secrets
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_11f34df4 per-token private secret storage
identity/ identity identity_56c1e7b0 identity store
secret/ kv kv_6ee539d0 key/value secret storage
sys/ system system_9594e67c system endpoints used for control, policy and debugging
vault secrets enable database # enables the database secret
vault path-help database # pritns paths for database secrets
vault auth enable userpass # Enables the user and password authentication method.
vault write auth/userpass/users/vaultuser password=password # Creates a password for vaultuser
vault login -method=userpass username=vaultuser password=password # Logs into the vault using the userpass method along with supplied username and method
vault login <token> # Default login method is using a token
vault token create # Creates a new token. Tokens are created in a chain and when the parent is revoked, all children are revoked as well.
vault list auth/token/accessors # All accessores of a token that were created
vault token lookup -accessor <token> # Lists accessors for token
vault policy write policyName polcy.hcl # Creates a new policy
vault policy list # Lists policies
vault operator init # Initiates a new vault
vault operator seal # Seals a vault
vault operator unseal <key> # Unseals a vault. For production envrionments you need three of the five keys by default
vault write ssh/creds/admin ip=127.0.0.1 # Creates a OTP for host. Will need to add the vault pam module to the sshd configuration
vault token create -policy=policyName # Creates a new token with a policy.
vault auth enable approle # Enables approle authentication
vault write auth/approle/role/roleName policies=policyName # Associates a policy to an approle.
vault token create -wrap -ttl=5m -policy=policyName # Creates a tempory token that will be placed in a cubbyhole that will only be good for 5 minutes