Hashicorp Vault


Installation of vault can be simplified using helm. There is an official helm chart for this at https://www.vaultproject.io/docs/platform/k8s/helm

helm repo add hashicorp https://helm.releases.hashicorp.com
$ cat config.yamlserver:
nodeSelector: |
node-type: vault
$ helm install -f config.yaml vault hashicorp/vault
Kubernetes label “vault” would match-up the nodeSelector

Starting up

If all went well, one would see the following. On a side note, don’t worry if the pod/vault-0 does not show as Running . Most likely, it wouldn’t and I took this screenshot after I had gotten it up and fully running 😁

Using Vault

Once three keys are provided, the vault would be accessible using the GUI. Please use the initial root token mentioned above to login (using token as the method of login).

Choose KV
Provide a Path to the newly created KV Secret Engine. Make sure to choose version 2.
Now that `mypath1` is created, we are ready to add secrets
Created a secret named `path` and I am using JSON values on it.
curl -H "X-Vault-Token: $VAULT_KEY" localhost:8200/v1/mypath1/data/path1 -s | jq
REST API to access my secret. Note, I am using `VAULT_KEY` from my “initial root token”
I have added a “userpass” as a new authentication method
curl localhost:8200/v1/auth/userpass/login/test_user -d '{"password": "test"}' -s | jq
Generate a client token for a naive “userpass” based auth
path "mypath1/*" {
capabilities = ["create", "read", "update", "delete", "list"]
Create an entity that enables a client token to allow access to secret



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store