2015-04-22 22:09:12 +00:00
|
|
|
|
<script type="text/x-handlebars" data-template-name="welcome">
|
|
|
|
|
|
<p>
|
2015-04-23 03:50:05 +00:00
|
|
|
|
This tutorial is great for getting familiar with the command line
|
|
|
|
|
|
interface to Vault. As soon as you opened this terminal, you connected to a real in-memory Vault server.
|
|
|
|
|
|
Any commands you enter will work as they would with Vault normally, but leaving this page
|
2015-04-23 03:21:15 +00:00
|
|
|
|
will end the session.
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
Please note that this is running in a shared environment, so avoid setting any real secrets.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:50:05 +00:00
|
|
|
|
<strong>Use the command "next" to move forward</strong>.
|
2015-04-23 03:21:15 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>This will work throughout
|
|
|
|
|
|
the tutorial, along with "previous" to go back a step.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<script type="text/x-handlebars" data-template-name="steps">
|
|
|
|
|
|
<p>
|
|
|
|
|
|
This tutorial will cover the following steps:
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<ul>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<li>- Initializing and unsealing your Vault</li>
|
2015-04-23 01:48:24 +00:00
|
|
|
|
<li>- Authorizing your requests to Vault</li>
|
2015-04-22 22:09:12 +00:00
|
|
|
|
<li>- Mounting a backend</li>
|
|
|
|
|
|
<li>- Reading, writing and deleting secrets</li>
|
2015-04-23 01:48:24 +00:00
|
|
|
|
<li>- Sealing your Vault</li>
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</ul>
|
|
|
|
|
|
<p>
|
2015-04-23 03:50:05 +00:00
|
|
|
|
<strong>Again, use "next" to move to the first step – initializing your Vault</strong>.
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</p>
|
2015-04-23 01:48:24 +00:00
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<script type="text/x-handlebars" data-template-name="init">
|
2015-04-22 22:09:12 +00:00
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
To get started, we need to initialize an instance of Vault for you
|
|
|
|
|
|
to work with.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
While initializing, you can configure the seal behavior
|
|
|
|
|
|
of Vault.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:50:05 +00:00
|
|
|
|
Initialize Vault now, with 1 unseal key, using the command:
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<code>vault init -key-shares=1 -key-threshold=1</code>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
You'll notice Vault prints out several keys here. Don't clear your terminal,
|
|
|
|
|
|
as these are needed in the next few steps.
|
2015-04-22 22:09:12 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
2015-04-22 22:15:45 +00:00
|
|
|
|
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<script type="text/x-handlebars" data-template-name="unseal">
|
|
|
|
|
|
<p>
|
|
|
|
|
|
When a Vault server is started, it starts in a sealed state.
|
|
|
|
|
|
In this state, Vault is configured to know where and how to access the
|
|
|
|
|
|
physical storage, but doesn't know how to decrypt any of it.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Vault encrypts data with an encryption key. This key is encrypted with the "master key", which
|
|
|
|
|
|
isn't stored. Decrypting the master key requires a threshold of shards. In this example,
|
|
|
|
|
|
we use one shard to decrypt this master key for simplicity.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Unseal the Vault:
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
<code>vault unseal <key 1></code>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
2015-04-23 01:48:24 +00:00
|
|
|
|
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<script type="text/x-handlebars" data-template-name="auth">
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Before performing any operation with Vault, the
|
|
|
|
|
|
connecting client must be authenticated. Authentication is
|
|
|
|
|
|
the process of verifying a person or machine is who they say
|
|
|
|
|
|
they are and assigning an identity to them. This identity is then
|
|
|
|
|
|
used when making requests with Vault.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
For simplicity, we'll use the root token we generated on init in Step 2. This
|
|
|
|
|
|
output should be available in the scrollback.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Authorize with a client token:
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
<code>vault auth <root token></code>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
2015-04-23 01:48:24 +00:00
|
|
|
|
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<script type="text/x-handlebars" data-template-name="mounts">
|
2015-04-22 22:15:45 +00:00
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
Before performing any operation with Vault, the
|
|
|
|
|
|
connecting client must be authenticated. Authentication is
|
|
|
|
|
|
the process of verifying a person or machine is who they say
|
|
|
|
|
|
they are and assigning an identity to them. This identity is then
|
|
|
|
|
|
used when making requests with Vault.
|
2015-04-23 01:48:24 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
For simplicity, we'll use the root token we generated on init in Step 2. This
|
|
|
|
|
|
output should be available in the scrollback.
|
2015-04-23 01:48:24 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
Authorize with a client token:
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
<code>vault auth <root token></code>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<script type="text/x-handlebars" data-template-name="secrets">
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Before performing any operation with Vault, the
|
|
|
|
|
|
connecting client must be authenticated. Authentication is
|
|
|
|
|
|
the process of verifying a person or machine is who they say
|
|
|
|
|
|
they are and assigning an identity to them. This identity is then
|
|
|
|
|
|
used when making requests with Vault.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
For simplicity, we'll use the root token we generated on init in Step 2. This
|
|
|
|
|
|
output should be available in the scrollback.
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Authorize with a client token:
|
|
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
|
|
|
|
|
<code>vault auth <root token></code>
|
|
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<script type="text/x-handlebars" data-template-name="seal">
|
|
|
|
|
|
<p>
|
|
|
|
|
|
Before performing any operation with Vault, the
|
|
|
|
|
|
connecting client must be authenticated. Authentication is
|
|
|
|
|
|
the process of verifying a person or machine is who they say
|
|
|
|
|
|
they are and assigning an identity to them. This identity is then
|
|
|
|
|
|
used when making requests with Vault.
|
2015-04-23 01:48:24 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
For simplicity, we'll use the root token we generated on init in Step 2. This
|
|
|
|
|
|
output should be available in the scrollback.
|
2015-04-22 22:15:45 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
Authorize with a client token:
|
2015-04-22 22:15:45 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
<p>
|
2015-04-23 03:21:15 +00:00
|
|
|
|
<code>vault auth <root token></code>
|
2015-04-22 22:15:45 +00:00
|
|
|
|
</p>
|
|
|
|
|
|
</script>
|
