HashiCorp Vault: CLI Commands Reference
Table of Contents
Section titled “Table of Contents”Vault Notes
Section titled “Vault Notes”There are several OS variables in play here. Most importantly VAULT_TOKEN, VAULT_URL, and VAULT_NAMESPACE. Additionally, review ~/.vault-token to ensure it gets updated.
To login
Section titled “To login”vault login -method ldap username=csteinerTo view who you are
Section titled “To view who you are”vault token lookupvault read auth/approle/rolevault read auth/approle/role/<approle>vault read auth/approle/role/<approle>/role-idvault write -f auth/approle/role/<approle>/secret-idList out keys associated with a secret-id
Section titled “List out keys associated with a secret-id”vault list auth/approle/role/<approle>/secret-idRevoke all secret ids
Section titled “Revoke all secret ids”for acc in $(vault list -format=json auth/approle/role/<role_name>/secret-id \ | jq -r '.[]'); do vault write auth/approle/role/<role_name>/secret-id-accessor/destroy \ secret_id_accessor="$acc"doneNew secret id forever
Section titled “New secret id forever”vault write auth/approle/role/<role_name> secret_id_ttl=0