here’s a shorthand to get the right curl command
vault secrets list -output-curl-string
you are now ready to proceed
token=`vault print token`
curl -s -H "X-Vault-Token: $token" \
$VAULT_ADDR/v1/sys/mounts | jq
as well as
curl -s -H "X-Vault-Token: $token:" \
$VAULT_ADDR/v1/sys/health | jq
retrieve secrets
# expected OK (covered by policy)
curl -s -H "X-Vault-Token: $token" \
$VAULT_ADDR/v1/secret/data/devops/fluentbit | jq
# expected NOK (not covered by policy)
curl -s -H "X-Vault-Token: $token" \
$VAULT_ADDR/v1/secret/data/devops/another| jq
#!/bin/bash
set -e
[[ -z $1 ]] && echo VAULT_ADDR? && exit 1
VAULT_ADDR=$1
token=`grep -vE '^#|^$' $HOME/.vault_token_ansible_secrets`
curl -s -H "X-Vault-Token: $token" \
$VAULT_ADDR/v1/infra/data/devops/ansible-secrets | jq -r '.data.data'
more options
# -H "X-Vault-Request: true"
# -H 'accept: */*'
# -H 'accept: application/json'
https://developer.hashicorp.com/vault/api-docs
https://tekanaid.com/posts/hashicorp-vault-api-tutorial-and-pro-tips/ ==> fine intro
https://developer.hashicorp.com/well-architected-framework/security/security-cicd-vault
https://docs.gitlab.com/ci/secrets/hashicorp_vault/
https://developer.hashicorp.com/vault/api-docs/auth/token
https://www.tinfoilcipher.co.uk/2020/04/13/hashicorp-vault-tokens-and-the-rest-api/ ==> vault token create from api
https://stackoverflow.com/questions/53710132/store-and-retrieve-files-from-hashicorp-vault ==> write through api