1.5 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docs | Secret Backend: Generic | docs-secrets-generic | The generic secret backend can store arbitrary secrets. |
Generic Secret Backend
Name: generic
The generic secret backend is used to store arbitrary secrets within
the configured physical storage for Vault. If you followed along with
the getting started guide, you interacted with a generic secret backend
via the secret/ prefix that Vault mounts by default.
Writing to a key in the secret/ backend will replace the old value,
the sub-fields are not merged together.
Quick Start
The generic backend allows for writing keys with arbitrary values. The
only value that is special is the lease key, which can be provided with
any key to restrict the lease time of the secret. This is useful to ensure
clients periodically renew so that key rolling can be time bounded.
As an example, we can write a new key "foo" to the generic backend mounted at "secret/" by default:
$ vault write secret/foo zip=zap lease=1h
Success! Data written to: secret/foo
This writes the key with the "zip" field set to "zap" and a one hour lease. We can test this by doing a read:
$ vault read secret/foo
Key Value
lease_id secret/foo/e4514713-d5d9-fb14-4177-97a7f7f64518
lease_duration 3600
lease 1h
zip zap
As expected, we get the value previously set back as well as our custom lease. The lease_duration has been set to 3600 seconds, or one hour as specified.