# Hashicorp Vault

Permissions: 

* Vault URL
* Vault Engine Name
* Vault Token (For non-expiring static token)
  * Token
* Vault AppRole (For time-bound dynamic token)
  * Vault Namespace
  * Vault Role ID
  * Vault Secret ID<br>

To get Vault Role ID and Secret ID on Hashicorp Cloud Dedicated Vault

<pre class="language-bash"><code class="lang-bash">
<strong>export VAULT_ADDR="&#x3C;VAULT-TOKEN>"; export VAULT_NAMESPACE="&#x3C;VAULT-NAMESPACE>"
</strong>
export VAULT_TOKEN="&#x3C;VAULT_TOKEN>"

vault auth enable approle

vault write auth/approle/role/ozone-access \
    secret_id_ttl=0 \
    token_ttl=20m \
    token_max_ttl=30m

vault read auth/approle/role/ozone-access/ozone-access

vault write -f auth/approle/role/ozone-access/secret-id

vault write auth/approle/login role_id="&#x3C;role-id>" secret_id="&#x3C;secret-id>"

<strong># Create a my-policy.hcl file for ozone-secret-store Vault Engine
</strong># my-policy.hcl
path "ozone-secret-store/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

vault policy write my-policy my-policy.hcl


vault write auth/approle/role/ozone-access token_policies="ozone-secret-store"
</code></pre>