hashicorp vault kv put creating new version code example

Example 1: secrets kv-v2 in vault

#Enable KV-V2 engine 
 $ vault secrets enable -path=secret kv-v2

# If the KV version is version:1, upgrade it to version:2
 $ vault kv enable-versioning secret/

#Put the data in the secret
 $ vault kv put secret/customer/novopay name="NovoPay Pvt Limited" \
        contact_email="[email protected]"  # ---------->This is Version 1
#Create another data in same path
 $ vault kv put secret/customer/novopay name="NovoPay Pvt Limited" \
        contact_email="[email protected]" # -------->This is Version 2

#Read the secret from the same path
 $ vault kv get secret/customer/novopay 

#For Specific Version search
 $ vault kv get -version=2 secret/customer/novopay
 
#Merge rest fields from same path while updating just one
 $ vault kv patch secret/customer/novopay contact_email="[email protected]"

#Get the metadata from the path defined 
 $ vault kv metadata get secret/customer/novopay

#Limit the number of versions to retain in kv-v2 
 $ vault write secret/config max_versions=4

#check the changes 
 $ vault read secret/config

#Configure the secret at path secret/customer/novopay to limit secrets to a maximum of 4 versions.
 $ vault kv metadata put -max-versions=4 secret/customer/novopay

#Get the metadata of the secret defined at the path secret/customer/novopay
 $ vault kv metadata get secret/customer/novopay
 
#Delete multiple versions
 $ vault kv delete -versions="4,5" kv/customer/novopay
 
#Undelete the Version on the path
 $ vault kv undelete -versions=5 kv/customer/novopay
 
#Permanentely delete the version is through destroy
 $ vault kv destroy -versions=4 kv/customer/novopay
 
#Delete all versions from the defined path
 $ vault kv metadata delete kv/customer/novopay
 
#Configure the automatic deletion of versions after sepcified time
 $ vault kv metadata put -delete-version-after=40s kv/customer/novopay
 
#Vault has another cool  feature of check and set operation to stop unintentional 
#secret overwrite. When you pass the cas flag to Vault, it first checks if the key already exists.
 $ vault read kv/config # ----> cas_required setting is false
 $ vault write kv/config cas-required=true

#Enable the same on the path inside the kv 
 $ vault kv metadata put -cas-required=true kv/customer/novopay

#Once check-and-set is enabled, every write operation requires the cas parameter with the current verion of the secret. Set cas to 0 when a secret at that path does not already exist.
 $ vault kv put -cas=0 kv/customer/novopay name="Example Co." partner_id="123456789"
 $ vault kv put -cas=1 secret/partner name="Example Co." \
      partner_id="ABCDEFGHIJKLMN"

Example 2: vault Key-value insert from CLI

/*Put the value in the Vault from Powershell/CLI:-
I have put secret name second-secret and user and password as Ankit1 this would be 
by default referred as Version 1*/
 vault kv put secret/second-secret user=Ankit1

//Get or read the secret kv's this will provide only the latest version created 
 vault kv get secret/second-secret
//for specific version
 vault kv get -version=1 secret/second-secret
//Delete a particular version note here the  -version flag has "s"
 vault kv delete -versions=2 secret/second-secret
//Undelete the Version
 vault kv undelete -versions=2 secret/second-secret
//Permanently Destroy/Delete the version from secret
 vault kv destroy -versions=2 secret/second-secret
//Delete the secret 
 vault kv metadata delete secret/second-secret

//Get list of Secrets created 
 vault kv list secret
//Get metadata from particular secret created e.g here second-secret
 vault kv metadata get secret/second-secret

hashicorp vault kv put creating new version code example

Example 1: secrets kv-v2 in vault

Example 2: vault Key-value insert from CLI

Tags:

Php Example

Related

Recent Posts