Key/Value CRUD Ops
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 53 minutes
Welcome back to the vault training in this lesson, we're going to create our first secret. In fact, we're gonna go beyond that and perform all the crowd ops. Now, when I use the term crowd, I'm using it as an acronym to me and create,
retrieve, update and delete. So we're gonna create secrets, retrieve sequence, updates secrets and even delete secrets in this video. Before we get to that,
let's have a quiz on some of the material we've learned thus far. What are the three native ways to interact with? Vault
Web user interface. Jason Files Seelye, http ap I open SSL client libraries or get up the native waste interact with vault hit Pause if you want,
and moving forward with the answers. We talked about the three ways to interact with vault, the Web user interface, the command line interface and ultimately, both of those really feed through the http rest a p I that that's the main way of interacting with vault.
So but the other two are mechanisms that vault itself provides for you to interact.
Jason files Jason's the formatting that's used for data exchange in return. When you're interacting with the a p I. But just having a Jason file is not going to allow you to do much with vault. You have tow, send it to the sea ally or uploaded through arrest. Request using the http ap I open SSL
has has nothing to do with interacting with vault other than that's a mechanism to ssh into
You're Lennox servers. Um,
client libraries air very useful for different programming languages. But those ultimately abstract interacting using the http a p i and then get hub is is a great utility, but it's not a method to interact with vault directly in issue vault commands.
So jumping over to our vault Web interface,
This is where we're gonna create our very first secret. So we go to secrets we're gonna go to secret. So this is a key value secrets engine. We're gonna create a secret you can call the secret whatever you want. I'm going to say Call it first, um,
weaken. Worry about visions and all this other stuff in a second.
What is the version? Data. So what is the information that the secrets of the key value secrets are secrets where the value of the different secrets are a bunch of two key values. So we could say message equals Hello, world, right? The very most simple message. And that is the secret.
I could add additional key value pairs to this secret,
but for this example, I'm not going to do it. Let's just go ahead and click Save. We have now created our first secret in vault.
But how do we access the secret? Well, we can read it through the web interface.
Um, let's go ahead and access the secret using the command line interface that we have. And so here, coming back to the terminal that we were using in recent
examples, I'm going to give a little more space over here to the main terminal on the left. That's our actual vault server.
Go vault, Cavey, get secrets first,
and there we go. We have now retrieved the secret using vaults command line interface and you can see here it has additional metadata about the secret in terms of win was created, wasn't deleted, has not been destroyed. This is the first version of that secret. But more importantly, what's the date of the secret? And that is a message
the key being message in the value being Hello, world.
I'm gonna go ahead and clear the screen and let's go ahead and update that secret by running the vault command. And we're going to do this through the CLI. So we're doing vault key value. Key value is a sub command that vault provides, which makes it very convenient to interact with the key values style secret store.
Um, and in this case, we're gonna be updating. So we're going to use the put command Cavey put, and we need to identify our secret, which is in the path of secret. First, let's give it a message. We can keep the same message that we had before
and then just add a new key to the key value pair
and we'll call it source equals C ally.
And as we can see, we get feedback from Bolt confirming that indeed this was created and we've now actually ended up creating version two off this particular secret.
So let's go ahead and try and retrieve this secret.
And when we do this time we see were retrieving version two because it's the current version and we didn't specify we wanted an older version that we were retrieving, as well as the fact that the data the key value pairs now includes the new key value pair, which was source equals C ally that we just added
gonna go ahead and clear out screen again.
So far, we have created a secret. We have updated that secret. And of course, we've retrieved that secret to round out the crowd acronym. We want to perform the delete operation. Let's go ahead and do that. But we're gonna use the http rest a p i for interacting with vault and performing this particular operation. The command.
The curl command itself
is posted on the Get a page. Feel free to copy that and directly paste it into your console. One thing you'll notice is that the dash dash request is delete. That's the particular http method that we're gonna be using curls going to be using when it's sending this command to vault. And that's what's gonna tell vault, that we're not trying to retrieve this secret,
but to go ahead and delete this secret.
You see, there's not much in terms of return value from vault, based on the request that we just sent. But the thing we can go ahead and do is we can attempt to retrieve this secret again. So do vault key value. Get the secret the first secret
and you can see instead of returning key value pairs like it's done in the past.
It's returning some metadata about the secret telling me when it was created, but also telling me that it was just deleted. And it was version two that was deleted. So that's confirming to us that version two of this secret was just deleted as a result of running that command
that wraps up this lesson. What did we do? We created our first secret. In fact, we created one. We retrieved it, we updated it and we even deleted it. And we interacted with the key value secret engine. Using a variety of methods, we used the Web interface, the command line interface and the rest a p I