DEV Community: Tushar Rajpoot The latest articles on DEV Community by Tushar Rajpoot (@tush_tr). https://dev.to/tush_tr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F946535%2Fc4e71183-419e-4f62-9b11-18c4197fbf2d.JPEG DEV Community: Tushar Rajpoot https://dev.to/tush_tr en What is Hashicorp Vault? Manage your secrets in production. Tushar Rajpoot Sat, 04 Mar 2023 16:46:09 +0000 https://dev.to/tush_tr/what-is-hashicorp-vault-manage-your-secrets-in-production-4n4a https://dev.to/tush_tr/what-is-hashicorp-vault-manage-your-secrets-in-production-4n4a <h2> What is hashicorp vault? </h2> <p>It's a cloud-agnostic secrets management system.</p> <p>API-driven</p> <p>It allows you to safely store and manage sensitive data in hybrid cloud environments</p> <p>Used to generate dynamic short-lived credentials, or encrypt application data on the fly.</p> <h2> What is a secret? </h2> <p>Usernames and passwords</p> <p>Certificates</p> <p>SSH Keys</p> <p>API keys</p> <p>Encryption keys</p> <p>What problems does vault solve?<br> Secrets sprawl</p> <p>Below are some common places where secrets get stored:</p> <p>On a developer's computer in excel or notepad files</p> <p>Hard-coded into the source code.</p> <p>On a sticky note under an engineer's keyboard</p> <p>In a version control system such as GitHub and sometimes exposed publicly.</p> <p>Vault use cases<br> Secrets management</p> <p>Centrally store, access, and distribute secrets.<br> Encrypting application data</p> <p>Keep application data secure with centralized key management<br> Identity-based Access</p> <p>Authenticate and access different clouds, systems, and endpoints using trusted identities.<br> Secret management<br> KV Secrets Engine<br> The idea is to share between the client and the vault. (A client could be a person, user, or application)</p> <p>The client makes a call to the vault with a specific path(In the vault everything is path based)</p> <p>Vault checks its policy for authorizing the client to share the secrets.</p> <p>Encrypting Application Data<br> Vault provides an EAAS(Encryption as a service), also called a transit secrets engine inside the vault.</p> <p>So after encrypting the application data using a vault, now the web server can use or store that data in a database for the next use cases.</p> <p>Vault will not store data, only pass it back to requesting client.</p> <p>Basic Vault CLI commands<br> Vault by itself will give you a list of many Vault CLI commands.(starts with common ones)</p> <p><code>$ vault<br> $ vault version # tells the version of vault<br> $ vault read # used to read secrets from vault<br> $ vault write #used to write secrets to vault<br> $ vault write -h # -h, -help and --help flags can be added</code></p> <p>to get help for any vault CLI command.</p> software productivity discuss