In the last article we got introduced to vault . Here we will start with the installation of vault on CentOS 7 machine and get our hands dirty.
Login to a Centos 7 machine and execute the below commands
yum install epel-release -y yum install wget unzip -y wget https://releases.hashicorp.com/vault/1.5.0/vault_1.5.0_linux_amd64.zip unzip vault_1.5.0_linux_amd64.zip mv vault /usr/bin/ vault
On executing the above command we will get the below output. That means our vault is successfully installed.
Initialize vault server in development mode
Vault server basically operates in two modes dev and prod .To practice, test and play around with vault dev mode is good and should be enabled before moving to production so that there are no gaps and production setup is flawless.
Note that in dev mode data is not very secure and is stored in "in-memory mode", this means that data will be lost if we restart the vault server.
To start the vault in dev mode execute the below command
[root@linuxadvise vault]# vault server -dev
Now open a duplicate window and execute command to check the status . We will see that below error will be encountered.
[root@linuxadvise ~]# vault status Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client
To get rid of this we have to export an environment variable.
Edit the file /root/.bashrc and add the below line
Save and exit the file and execute
[root@linuxadvise ~]# source /root/.bashrc
[root@linuxadvise ~]# vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version 1.5.0 Cluster Name vault-cluster-797c94a3 Cluster ID 1dbbd3ae-6773-3b60-feef-843455d14dc6 HA Enabled false
Our First Secret
Login to the vault console. We don't have any secrets as of now. Let's create one.
Let us create a secret named "mysecret"
Let's suppose the name of the entity is "credential" , we give it's value ( that needs to be secret) like shown below.
Vault provides us with an ability to maintain different versions of credentials that we store.Anytime we can get details of the old passwords and also the update history.Also a deleted version can be restored at a later point of time until it is permanently removed.
Let's try the command line
Now we will try to do the same thing using the command line.
To get any related help , execute
vault kv -h
To create a secret execute below command
vault kv put secret/other-secret user=admin1 vault kv put secret/other-secret user=admin2 # will create another version vault kv put secret/other-secret user=admin3 # will create yet another version
To view the contents
vault kv get secret/other-secret
To view a specific version
vault kv get -version=2 secret/other-secret
To delete a specific version
vault kv delete -versions=2 secret/other-secret
To un-delete a version
vault kv undelete -versions=2 secret/other-secret
To permanently delete a version
vault kv destroy -versions=2 secret/other-secret
Delete a secret permanently
vault kv metadata delete secret/other-secret
Alright so this is how things work at a basic level with vault . In the next article we are going to discuss about secrets engine. Keep following up :-)