HashiCorp Vault Read Write and Delete secrets - Part 3 | HashiCorp Vault tutorial series

Rahul Wagh
18 Oct 202207:01

Summary

TLDRThe video script provides a comprehensive guide on managing secrets using HashiCorp Vault's command line interface. It walks through the essential operations of writing, reading, and deleting key-value pair secrets, emphasizing the importance of enabling custom paths within the secret engine for storing and retrieving data. The tutorial also touches on viewing secrets in JSON format and listing all available secrets at a particular path. It sets the stage for future discussions on enabling AWS secret engines and managing them effectively.

Takeaways

  • 🔑 Installed and started the Vault server in development mode for performing operations.
  • 📝 Performed basic operations using the command line interface of Vault: read, write, and delete.
  • 🔒 Wrote secrets by defining key-value pairs and storing them at a specified custom path in the Vault server.
  • 💡 Explained the syntax of the Vault 'put' command for writing secrets into the Vault server.
  • 🛠️ Demonstrated how to enable a custom path in the secret engine for storing key-value pairs.
  • 🔍 Showed how to read secrets from Vault, including the ability to output in JSON format.
  • 🗑️ Described the process of deleting secrets from the Vault using the 'delete' command.
  • 📋 Listed all available secrets at a particular path using the 'list' command.
  • 🔄 Verified the deletion of secrets by attempting to read the deleted secret and confirming no value was found.
  • 🚀 Discussed the plan for the next session, which includes further exploration of the secret engine and managing AWS secret engine.

Q & A

  • What was the first step taken in the script regarding Vault?

    -The first step taken in the script was installing and starting the Vault server in development mode.

  • What operations were performed using the Vault command line interface?

    -The operations performed using the Vault command line interface were read, write, and delete.

  • How is a secret written to the Vault server?

    -A secret is written to the Vault server by using the 'put' command followed by the path and the key-value pair representing the secret.

  • What is a custom path in Vault and how is it used?

    -A custom path in Vault is a user-defined route where secrets are stored. It is used to organize and access secrets efficiently.

  • What is the significance of the 'secret engine' in HashiCorp Vault?

    -The 'secret engine' in HashiCorp Vault is a mechanism that manages the storage and access of secrets. It requires enabling a custom path before storing secrets in it.

  • How can you read a secret from the Vault server?

    -You can read a secret from the Vault server using the 'vault kv get' command followed by the path of the secret.

  • Is it possible to view secrets in a JSON format in Vault?

    -Yes, it is possible to view secrets in a JSON format by specifying the 'format' as 'json' in the 'vault kv get' command.

  • How can you list all available secrets at a particular path?

    -You can list all available secrets at a particular path using the 'vault secret list' command followed by the path.

  • What command is used to delete a secret from Vault?

    -The 'vault kv delete' command is used to delete a secret from Vault, followed by the path of the secret.

  • How can you verify the deletion of a secret?

    -You can verify the deletion of a secret by attempting to read the secret using the 'vault kv get' command. If the secret has been deleted successfully, the command will return a 'no value found' message.

  • What will be discussed in the next session of the script?

    -In the next session, the script will discuss more about the secret engine, how to enable and disable the key-value pair secret engine, and additional commands to manage the secret engines.

Outlines

00:00

🔧 Introduction to Vault Server Operations

This paragraph introduces the setup and basic operations of the Vault server. It explains the process of installing and starting the Vault server in development mode. The main focus is on performing read, write, and delete operations using the command line interface of Vault. The paragraph details the syntax and usage of commands for these operations, including the need to specify the type of secret being stored and the path where it will be stored. It also touches on the concept of a secret engine in the HashiCorp ecosystem and the necessity of enabling custom paths within the secret engine before storing secrets.

05:01

📋 Listing and Deleting Secrets in Vault

This paragraph delves into the commands for listing all available secrets at a specific path and deleting secrets from the Vault server. It starts by explaining how to list the parts defined inside the secret engine, including custom paths and default ones created by the HashiCorp server. The paragraph then describes the command for deleting a previously created secret, emphasizing the success message received upon deletion. To confirm the deletion, it instructs how to use the get command to read the same secret, which should now result in a 'no value found' message, indicating successful deletion.

Mindmap

Keywords

💡Vault

Vault is a tool for securely storing and managing sensitive information, such as tokens, passwords, and other credentials. In the context of the video, it is the primary tool being used for secret management. The script discusses installing and operating the Vault server, as well as performing operations like read, write, and delete on secrets within the Vault.

💡Command Line Interface (CLI)

The Command Line Interface, often abbreviated as CLI, is a way of interacting with a computer or application where the user issues commands in the form of lines of text. In the video, the CLI is used to interact with the Vault server, allowing the user to perform operations like reading, writing, and deleting secrets.

💡Secrets

In the context of the video, secrets refer to sensitive data such as API keys, passwords, or other confidential information that needs to be securely stored and managed. The video demonstrates how to write (create), read (retrieve), and delete these secrets within the Vault system.

💡Key-Value Pair

A key-value pair is a fundamental data structure used in computing where each item is stored as a pair of a unique key and its associated value. In the video, this concept is used to describe how secrets are stored in Vault, with each secret having a unique identifier (key) and its corresponding data (value).

💡Path

In the context of the video, a path refers to the location within the Vault server where a secret is stored. Paths are used to organize and access secrets in a structured manner, similar to how files are organized in a file system.

💡Secret Engine

A Secret Engine in the Vault ecosystem is a component that manages a specific type of secret, such as key-value secrets or AWS credentials. The video discusses enabling custom paths within a secret engine to store and manage different kinds of secrets.

💡Enable

In the context of the video, 'enable' refers to the action of activating a feature or path within the Vault server. This is a necessary step before storing secrets in a new custom path, allowing the Vault to recognize and manage secrets at that location.

💡Read Operation

A read operation in the context of the video is the process of retrieving or accessing a stored secret from the Vault server. This is one of the core operations performed on secrets, allowing users to view the values associated with their keys.

💡Delete Operation

A delete operation is the process of removing a secret from the Vault server. This is an essential part of secret management, ensuring that sensitive data can be securely removed when it is no longer needed.

💡List Command

The list command in the video is used to display all available secrets or paths within the Vault server. This helps users understand the current organization and content of their Vault, allowing them to manage secrets more effectively.

💡JSON Format

JSON, or JavaScript Object Notation, is a lightweight data interchange format that is easy for humans to read and write, and for machines to parse and generate. In the video, the JSON format is used as an option for outputting the data from the Vault server in a structured and machine-readable way.

Highlights

Installation and starting of Vault server in development mode.

Performing operations using the command line interface of Vault.

Executing read, write, and delete operations on secrets.

Writing secrets into the Vault server using key-value pairs.

Defining a custom path for storing secrets in the Vault.

Using the 'put' command to write secrets into the Vault.

Enabling a custom path within the secret engine for storing key-value pairs.

Successfully enabling the path and storing the first secret.

Reading secrets from the Vault using the 'get' command.

Fetching secrets in JSON format using Vault commands.

Listing all available secrets at a particular path using Vault.

Deleting secrets from the Vault with the 'delete' command.

Verifying the deletion of secrets by attempting to read the deleted secret.

An overview of managing secrets through the Vault server's command line interface.

Introduction to the concept of secret engines in HashiCorp Vault.

Explanation of key-value pair secrets and their usage in Vault.

Upcoming session on enabling and managing AWS secret engine and key-value pair secret engine.

Transcripts

play00:00

all right so till now what we have done

play00:02

so far we have installed the Vault

play00:04

server and as well as we have started

play00:06

the Vault server into the development

play00:08

mode so the next thing which we are

play00:10

going to do we are just going to perform

play00:11

some operation using the command line

play00:13

interface of Vault and the operation

play00:16

which we are going to perform is the

play00:18

read write and delete so using this

play00:21

operation we are just going to insert or

play00:24

we are just going to write the secret we

play00:26

are just going to fetch or to read the

play00:28

secret as well as when we are done with

play00:30

all this we are just going to delete the

play00:32

secret which we have written previously

play00:34

so here on to the screen you can see I

play00:36

have written some example command for

play00:38

read write and delete but I'm just gonna

play00:41

explain each command in more detail

play00:43

let's start with the First Command that

play00:45

is the right command and here you will

play00:47

see the command start with the keyword

play00:49

world so this is the first thing which

play00:52

you need to write over here whenever you

play00:54

are using the command line interface of

play00:55

your wall the second thing is you need

play00:58

to Define like what kind of a secret

play01:00

you're going to store so here we are

play01:03

just storing the key and value so key K

play01:05

and V is the abbreviation for a key and

play01:08

value so that's why you need to mention

play01:10

what kind of a secret you are storing so

play01:12

that means you are storing key value

play01:14

pair

play01:15

second we are just going to write so

play01:17

that's why we need to mention put over

play01:20

here

play01:21

so that you can ah give the instruction

play01:23

to our wall that we are just going to

play01:25

write this secret into our vault server

play01:30

second you need to define the path where

play01:33

you are going to store this secret so

play01:35

this is the path this is a custom path

play01:37

you can write any path of your choice so

play01:40

here I have written a path my slash path

play01:43

so this is the path where our secrets

play01:46

will be stored all right the next thing

play01:49

is the actual value and since we are

play01:51

using the key value pair so we need to

play01:54

define a key first and then its value so

play01:57

here you will notice this is the key and

play01:59

this is the value so this is the key ah

play02:02

for our secret and this is the value for

play02:04

our secret so this is the typical syntax

play02:08

of our Hashi core write or a put

play02:11

operation there is also one more

play02:13

important concept of a secret engine in

play02:15

the hashicorp world so if you notice

play02:17

over here in this right command we have

play02:20

mentioned the path over here

play02:22

this is the path so whenever you specify

play02:25

a new custom path so this is my custom

play02:28

path over here so if you are working

play02:30

with the hashicorp world and if you need

play02:32

a new custom part then you need to

play02:34

enable this custom path into the secret

play02:37

engine I'm just gonna show the command

play02:39

to enable that so here if you notice

play02:42

over here so this is the command for

play02:43

enabling the path for inside your secret

play02:46

engine so this is the command how it

play02:49

starts with the Vault then you need to

play02:51

specify secret then you need to specify

play02:53

the keyword enable and then you need to

play02:55

specify the path so this is the thing

play02:58

which you need to mention inside your

play03:00

hashicop server so that it can enable

play03:03

that particular path inside your secret

play03:05

engine and apart from that you need to

play03:08

mention what it is so it is a key value

play03:10

pair kind of for Secrets which you are

play03:12

planning to store so this is the

play03:14

important command which you need to run

play03:16

before you start writing or inserting

play03:19

your secret let's switch over to the

play03:21

terminal and is my terminal and the

play03:24

first thing which I'm just gonna start

play03:25

I'm just gonna enable the path in my

play03:28

secret engine so this is the command

play03:29

which I'm just gonna run so that will

play03:31

enable the path my

play03:34

so here you can see this is the

play03:35

successful message which I got after

play03:38

that I'm just gonna insert my first

play03:39

secret key value pair

play03:42

and here you can see uh success message

play03:45

and the data written into the path my

play03:47

slash path now after writing like how to

play03:50

read the secret from our Hashi curve

play03:52

fault so here you can see on to the

play03:55

screen this is the command vault key

play03:57

value get and the path name so this is

play04:00

the command which I'm gonna use so I'm

play04:02

just talking about this command

play04:04

okay so I'm just gonna get back to my

play04:07

terminal once again and I'm just gonna

play04:09

make some space and hit enter and here

play04:11

you can see I'm just trying to read the

play04:14

secret stored at my slash path there is

play04:18

also one more cool feature of our

play04:20

hashicorp world you can read the secret

play04:22

in the Json format also and the command

play04:25

for that is I'm just gonna clear the

play04:27

screen over here and paste the command

play04:29

over here so here you can see this is

play04:31

the output in the Json format so what

play04:33

you need to do is vault key value get

play04:36

and you need to specify the format Json

play04:39

after that the path where your key value

play04:42

or the secrets has been stored so this

play04:44

is how you can generate the output in

play04:46

the Json format as well all right so now

play04:48

we have seen the right operation we have

play04:50

seen the read operation and also we have

play04:52

seen how to enable the path in the

play04:54

secret engine so the next command which

play04:57

we are gonna see is the delete command

play04:59

how we are going to delete the secret

play05:01

from the world but before that there is

play05:03

also one more import concept or one more

play05:06

important command to list all the

play05:08

available Secrets at particular path

play05:12

so I'll just go back to my terminal and

play05:15

I'm just gonna run command Vault secret

play05:17

list

play05:19

so here you can see these are the parts

play05:21

which are defined inside my secret

play05:24

engine so here you will find my path

play05:26

also so this is the my custom path which

play05:29

I have created apart from that these are

play05:31

the default ones so this is secret this

play05:34

is this this is identity and this is

play05:36

Cubby Hole so these are the four the

play05:39

other four which by default created by

play05:41

hashicop server and apart from that if

play05:44

you run this command Vault secret list

play05:46

then you will find all the available

play05:47

path which are defined inside your Vault

play05:50

server so this is how you can run this

play05:53

command to view or to list all the

play05:56

secret path available into your

play05:58

hashicorp server all right let's run the

play06:00

delete command so that we can delete the

play06:03

secret which we have created and the

play06:05

command for that is vault key value that

play06:08

is KB delete and the path that is my

play06:11

slash path and it will delete the secret

play06:13

which we have created previously simply

play06:16

hit enter and as you can see this is the

play06:18

success message and the data has been

play06:20

deleted from my path and just to verify

play06:23

let's run the get command once again to

play06:25

read the same secret which we have just

play06:27

deleted so just simply hit enter onto

play06:30

your terminal and here you can see no

play06:33

value found at my slash path that means

play06:36

we have successfully deleted our key

play06:38

value secret which we have stored

play06:40

previously all right so now you know

play06:42

like how you can read write and delete

play06:44

the secrets from your hashikov Vault

play06:46

server in the next session we are going

play06:48

to talk more about the secret engine and

play06:51

we will be taking a look how to enable

play06:52

the AWS secret engine how to enable and

play06:55

disable the key value pair secret engine

play06:57

and some more commands to manage the

play07:00

secret engines

Browse More Related Video

HashiCorp Vault Secret Engine and Secret Engine path - Part 4 | HashiCorp Vault tutorial series

How to Propagate Secrets Everywhere with External Secrets Operator (ESO) and Crossplane

AWS Cloudformation Step by Step Tutorial - Create a DynamoDB Table!

Unreal Engine C++ Project Setup, From Scratch

How to Make Viral Monetizable Faceless YouTube Videos ($300/Day)

Why you can’t articulate like you think

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
VaultOpsSecretManagementDevOpsSecurityHashiCorpCommandLineDataProtectionAWSIntegrationTechTutorial