Secret Storage
Encrypt and store data in the storage backend of your choice.
Secrets for applications and systems need to be centralized and static IP-based solutions don't scale in dynamic environments with frequently changing applications and machines.
Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity.
Dynamic secrets are ephemeral, programmatically generated when they are accessed and do not exist until they are read, reducing risk of someone stealing them or another client using the same secrets. Dynamic secrets can be revoked immediately after use, minimizing the life of the secret.
CODE:
$ cat audit.log | jq {
"time": "2018-08-27T13:17:11.609621226Z",
"type": "response",
"auth": {
"client_token": "hmac-sha256:5c40f1e051ea75b83230a5bf16574090f697dfa22a78e437f12c1c9d226f45a5",
"accessor": "hmac-sha256:f254a2d442f172f0b761c9fd028f599ad91861ed16ac3a1e8d96771fd920e862",
"display_name": "token",
"metadata": null,
"entity_id": ""
}
}
CODE:
$ vault read database/creds/readonly
Key Value
--- -----
lease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809
lease_duration 1h0m0s
lease_renewable true
password A1a-w2xv2zsq4r5ru940
username v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434
[ … ]
$ vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809
Key Value
--- -----
lease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809
lease_duration 1h0m0s
lease_renewable true
$ vault leas