ยปSecrets Management
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log.
Secrets Management guides demonstrate features in Vault to securely store your secrets.
Static Secrets guide walks you through the steps to write secrets in Vault, and control who can access them.
Versioned KV Secret Engine guide demonstrates the secret versioning capabilities provided by KV Secret Engine v2.
Secret as a Service: Dynamic Secrets guide demonstrates the Vault feature to generate database credentials on-demand so that each application or system can obtain its own credentials, and its permissions can be tightly controlled.
Database Root Credential Rotation guide walks you through the steps to enable the rotation of the database root credentials for those managed by Vault.
Cubbyhole Response Wrapping guide demonstrates a secure method to distribute secrets by wrapping them where only the expecting client can unwrap.
One-Time SSH Password guide demonstrates the use of SSH secrets engine to generate a one-time password (OTP) every time a client wants to SSH into a remote host.
Build Your Own Certificate Authority guide walks you through the use of the PKI secrets engine to generate dynamic X.509 certificates.
Direct Application Integration guide demonstrates the usage of Consul Template and Envconsul tool to retrieve secrets from Vault with no or minimum code change to your applications.