In-Product Guides
  • Page
  • AWS
  • GCP
  • ACZ
  • Bitbucket
  • GitHub
  • GitLab
  • Azure DevOps
  • Azure Container Registry
  • Azure AKS
  • GCR
  • GKE
  • Google Cloud Build
  • Amazon EKS
  • Amazon ECR
  • SonarQube
  • Minio
  • Docker
  • New Relic
  • Stackhawk
  • Snyk
  • Jira
  • Jenkins
  • Jfrog
  • Sysdig Secure
  • Azure DevOps Repos
  • Terraform Cloud
  • Microsoft Teams
  • Quay
  • Dynatrace
  • Azure KeyVault
  • Google Secret Manager
  • AWS Secrets Manager
  • Hashicorp Vault
Powered by GitBook
On this page

Hashicorp Vault

Permissions:

  • Vault URL

  • Vault Engine Name

  • Vault Token (For non-expiring static token)

    • Token

  • Vault AppRole (For time-bound dynamic token)

    • Vault Namespace

    • Vault Role ID

    • Vault Secret ID

To get Vault Role ID and Secret ID on Hashicorp Cloud Dedicated Vault


export VAULT_ADDR="<VAULT-TOKEN>"; export VAULT_NAMESPACE="<VAULT-NAMESPACE>"

export VAULT_TOKEN="<VAULT_TOKEN>"

vault auth enable approle

vault write auth/approle/role/ozone-access \
    secret_id_ttl=0 \
    token_ttl=20m \
    token_max_ttl=30m

vault read auth/approle/role/ozone-access/ozone-access

vault write -f auth/approle/role/ozone-access/secret-id

vault write auth/approle/login role_id="<role-id>" secret_id="<secret-id>"

# Create a my-policy.hcl file for ozone-secret-store Vault Engine
# my-policy.hcl
path "ozone-secret-store/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

vault policy write my-policy my-policy.hcl


vault write auth/approle/role/ozone-access token_policies="ozone-secret-store"
PreviousAWS Secrets Manager

Last updated 8 months ago