DEV Community

Cover image for What all we can do through Vault UI
Payalsasmal
Payalsasmal

Posted on

What all we can do through Vault UI

This actually helps people who are running vault in production as a containerized application and they don't have access to exec of the pod in PROD to run vault cli commands.

We can do so many things using vault ui, listing few of them.

Vault UI CLI

I was thinking what we can do through vault CLI option which is present in UI and I learned how to use api explorer.

1.Clicked on vault UI CLI.

Alt Text

2.Write api in CLI and press enter. This is an api explorer. You can see warning like below after pressing enter.

Alt Text

Alt Text

3.Now you can close the CLI and you can see lots of api endpoints. There is a filter section as well, you can search the endpoints there.

Alt Text

4.It has 4 section- auth, secrets, identity and system. You can click on each section and use the endpoints based on your requirements.

Alt Text

5.Suppose I wanted to create one more root token. If your login root token is having capability to create then you can do that.
I searched with token and got so many options.

Alt Text

6.Now I want to create a token if I revoke this logged in token then the new token should not be revoked. So, I preferred orphan token here. Click on orphan token endpoint then clicked on Try it Out and I got the below option.

Alt Text

7.Clicked on Execute- send a request with your token to vault and got below response. Here client_token is the root token and others option is the lookup of this token.

Alt Text

NOTE- There are so many things we can do through api explorer so go ahead and explore it.

Vault Username & Password authentication

This authentication allow user to create user and password to login to the vault ui. This is more secure than root token auth
as we can also attach to the custom policy on this authentication.

Let's have a look how to do this.

1.Clicked on Access and then Enable new method.

Alt Text

2.Clicked on Username & Password and then Next.

Alt Text

3.Provide the path name and click on Hide Method Options, you can see lots of option like what kind of token will be created like default, services or batch for this authentication and many more options. Clicked on Enable Method.

Alt Text

4.This page will appear to update the configuration. If you want, you can update or click on userpass(path name in the left corner) if you don't want to update anything.

Alt Text

5.Click on Create user.

Alt Text

6.Provide user and password.

Alt Text

7.You can see there is an option called Tokens. Clicked on this and you can see attach policies, provide the type of token etc.

Alt Text

8.You can save and able to login through username and password.

Alt Text

NOTE: If you are not attaching any policy here it will attach to the default policy and default policy has all kind of capabilities, so make sure while attaching to any policy.

Top comments (6)

Collapse
 
chiragshah profile image
Chirag Shah

Thanks for sharing. Very useful!

Collapse
 
payalsasmal profile image
Payalsasmal

Glad you liked it.

Collapse
 
rrrrnaveen profile image
rrrrnaveen

Hi Payalsasmal,

I just started the vault and tried your command and Iam getting different screen.
Do I need to enable anything?Please see the screenshot attached.
Thanks Again.

Collapse
 
payalsasmal profile image
Payalsasmal

Hi,
I am not seeing any screenshot. could you please attach again?

Collapse
 
thekrprince profile image
Kumar Prince • Edited

Nice 🔥

Collapse
 
payalsasmal profile image
Payalsasmal

Thank you 🙂