Skip to content
Half Stack Python

Vault Notes

Vault Notes

Section titled “Vault Notes”

There are several os variables in play here Most importantly VAULT_TOKEN, VAULT_URL, and VAULT_NAMESPACE Additionally, review ~/.vault-token to ensure it gets updated

To login

Section titled “To login”
Terminal window
vault login -method ldap username=csteiner

To view who you are

Section titled “To view who you are”
Terminal window
vault token lookup
vault read auth/approle/role
vault read auth/approle/role/<approle>
vault read auth/approle/role/<approle>/role-id
vault write -f auth/approle/role/<approle>/secret-id

List out keys associated with a secret-id

Section titled “List out keys associated with a secret-id”
Terminal window
vault list auth/approle/role/<approle>/secret-id

Revoke all secret ids

Section titled “Revoke all secret ids”
Terminal window
for acc in $(vault list -format=json auth/approle/role/<role_name>/secret-id \
            | jq -r '.[]'); do
    vault write auth/approle/role/<role_name>/secret-id-accessor/destroy \
        secret_id_accessor="$acc"
done

New secret id forever

Section titled “New secret id forever”
Terminal window
vault write auth/approle/role/<role_name> secret_id_ttl=0