In the last articles , I explained about how to install vault and create secrets , now I am going to cover in detail , what secret engines are ?
Secret engines are components which store,generate or encrypt data.
You can store secret based on a specific secret engine and each offers certain features.
There are multiple secret engines that are available. Examples are as below
A secret engine is enabled at a given path.once enabled, the secrets are stored inside that path.
Secret Engine Life cycle
Most secret engines can be enabled,tuned and moved via CLI/API
Enable : This enables secret engine at a given path . By default they are enabled at their "type"(e.g. aws enables at /aws)
Disable : This disables an existing secrets engine. When a secrets engine is disabled, all its secrets are revoked.
Move: This moves the path for an existing secrets engine
Let me start with the simple type of secret engine that is KV(Key/Value) type
It is used to store the arbitrary secrets within the configured physical storage for vault.
Key names must always be strings.
Login to the console and enable the engine
The engine is configured. Now under the "Secrets Engine", newly created engine will be visible.
All these steps were done via the GUI, here is what you need to execute to do the same thing with CLI
vault secrets enable -version=2 -path=mykvpath kv vault secrets disable mykvpath/
This was the high level overview about vault secrets engine. In the next article I am going to discuss about Dynamic Secrets