From 33e2792d32de72898e2f6e3482092e0d312c050d Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 17 Jul 2024 09:48:12 +0000 Subject: [PATCH] docs: create DevOps/Hashicorp-Vault/Vault-cheat-sheet --- DevOps/Hashicorp-Vault/Vault-cheat-sheet.md | 330 ++++++++++++++++++++ 1 file changed, 330 insertions(+) create mode 100644 DevOps/Hashicorp-Vault/Vault-cheat-sheet.md diff --git a/DevOps/Hashicorp-Vault/Vault-cheat-sheet.md b/DevOps/Hashicorp-Vault/Vault-cheat-sheet.md new file mode 100644 index 0000000..910c2be --- /dev/null +++ b/DevOps/Hashicorp-Vault/Vault-cheat-sheet.md @@ -0,0 +1,330 @@ +--- +title: Vault Cheat Sheet +description: +published: true +date: 2024-07-17T09:48:03.975Z +tags: vault, cheat, sheet +editor: markdown +dateCreated: 2024-07-17T09:48:03.975Z +--- + +# Vault Cheat Sheet + + +

Vault Commands Cheat Sheet

+

Secrets Management

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CommandDescription
vault kv putCreates or updates a key-value pair in a secret backend.
vault kv getRetrieves the value of a specific key in a secret backend.
vault kv deleteDeletes a key-value pair from a secret backend.
vault kv listLists all keys in a secret backend.
vault kv metadata getRetrieves the metadata of a specific key in a secret backend.
vault kv metadata deleteDeletes the metadata of a specific key in a secret backend.
vault kv metadata listLists the metadata for all keys in a secret backend.
vault kv enable-versioningEnables versioning for a secret backend.
vault kv disable-versioningDisables versioning for a secret backend.
vault kv undeleteRestores a deleted key-value pair in a secret backend.
vault kv destroyPermanently removes a key-value pair in a secret backend.
vault kv undelete-metadataRestores a deleted key's metadata in a secret backend.
vault kv destroy-metadataPermanently removes a key's metadata in a secret backend.
+

Authentication

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CommandDescription
vault loginAuthenticates a user to Vault.
vault logoutLogs out the currently authenticated user.
vault token createCreates a new token for authentication.
vault token revokeRevokes a token, rendering it invalid.
vault token lookupRetrieves information about a token.
vault token renewRenews the lease of a token, extending its validity period.
vault token revoke-prefixRevokes all tokens with a given prefix.
vault auth enableEnables an authentication method in Vault.
vault auth disableDisables an authentication method in Vault.
vault auth listLists all enabled authentication methods in Vault.
+

Policies

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Secrets Engines

+
CommandDescription
vault policy writeCreates or updates a policy with the specified name.
vault policy readRetrieves the contents of a policy.
vault policy deleteDeletes a policy.
vault policy listLists all policies in Vault.
vault policy capabilitiesDisplays the capabilities of a policy.
vault write auth/token/roles/my-roleCreates or updates a token role.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CommandDescription
vault secrets enableEnables a secrets engine in Vault.
vault secrets disableDisables a secrets engine in Vault.
vault secrets listLists all enabled secrets engines in Vault.
vault secrets tuneAdjusts the configuration of a secrets engine.
vault secrets moveMoves a secrets engine from one path to another.
vault secrets migrateMigrates secrets from one secrets engine to another.
vault secrets upgradeUpgrades the version of a secrets engine.
vault secrets path-helpDisplays help information for a secrets engine's path.
+

Auditing and Logging

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CommandDescription
vault audit enableEnables an audit device in Vault to log events.
vault audit disableDisables an audit device in Vault.
vault audit listLists all enabled audit devices in Vault.
vault audit hashHashes a single audit log file for integrity verification.
vault audit recoverRecovers and replays the audit log from a specified path.
vault audit migrateMigrates audit devices from one path to another.
vault audit purgePurges audit log files from a specified path.
vault monitorMonitors the activity of secrets engines and authentication requests in real-time.
vault read sys/audit-hashRetrieves the current hash of the audit log file.
+

Key Management

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Miscellaneous

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CommandDescription
vault operator initInitializes a new Vault instance with a master key share.
vault operator unsealUnseals the Vault by providing a master key share.
vault operator sealSeals the Vault, making it inaccessible.
vault operator rekeyRekeys the Vault, rotating the encryption keys.
vault operator rotateRotates the underlying encryption keys for the transit secrets engine.
vault operator generate-rootGenerates a new root token for disaster recovery.
CommandDescription
vault statusDisplays the current status of the Vault.
vault versionDisplays the version information of the running Vault server.
vault list sys/mountsLists all the mounted secret backends.
vault auth token/lookup-selfRetrieves information about the currently authenticated token.
vault auth token/revoke-selfRevokes the currently authenticated token.
vault path-helpDisplays help information for a specific Vault path.
vault policy validateValidates the syntax of a policy without saving it.
`vault secrets
\ No newline at end of file