Skip to content

Key Value Version 1

Jump to bottom
SaiHemanthBR edited this page Oct 29, 2021 · 1 revision

This page of the documentation describes the API for KV v1 secrets engine.

For general information about the usage and operation of the KV v1 secrets engine, please see the Vault KV v1 documentation. For information about HTTP API for the KV v1 secrets engine, please see the Vault KV v1 API documentation.

This documentation assumes the KV secrets engine is enabled at the /secret path in Vault. Since it is possible to enable secrets engines at any location, please update your vault calls accordingly.

Table of Contents

Read Secret

This function reads a secret from the KV v1 secrets engine at the given path.

Parameters

  • method (string: <required>) – Must be read.
  • path (string: <required>) – Specifies the path of the secret to read.

Example

const secret = await vault({
    method: 'read',
    path: 'secret/api-keys/webApp'
});

Output

{
    request_id: 'fc1777d8-58d9-cd23-883e-5f95d083dc75',
    lease_id: '',
    renewable: false,
    lease_duration: 2764800,
    data: {
        name: 'vault-api',
        secret: '899d353b-c562-4fc9-9906-d307800db742',
        token: '3ee5a702-a4d1-4846-ba7e-13437e8d873d'
    },
    wrap_info: null,
    warnings: null,
    auth: null,
    statusCode: 200
}

List Secrets

This function returns a list of key names at the specified location. Folders are suffixed with /. The specified path must be a folder.

Parameters

  • method (string: <required>) – Must be list.
  • path (string: <required>) – Specifies the path of the secret to list. (Must be a folder.)

Example

const res = await vault({
    method: 'list',
    path: 'secret/api-keys'
});

Output

{
    request_id: '79f4ac64-fd2b-8db6-b216-4931241e9efa',
    lease_id: '',
    renewable: false,
    lease_duration: 0,
    data: {
      keys: ['user/', 'test', 'webApp' ]
    },
    wrap_info: null,
    warnings: null,
    auth: null,
    statusCode: 200
}

Create/Update Secret

This function creates or updates a secret at the specified location. If the token calling does not have permission to create or update the secret, an error is thrown.

Parameters

  • method (string: <required>) – Must be write.
  • path (string: <required>) – Specifies the path of the secret to create or update.
  • data (map: <required>) – Specifies the key-value secret data to be created or updated.

Example

const res = await vault({
    method: 'write',
    path: 'secret/api-keys/webApp',
    data: {
        "name": "vault-api",
        "secret": "899d353b-c562-4fc9-9906-d307800db742",
        "token": "3ee5a702-a4d1-4846-ba7e-13437e8d873d"
    }
});

Output

{ statusCode: 204 }

Delete Secret

This function deletes a secret at the specified path.

Parameters

  • method (string: <required>) – Must be delete.
  • path (string: <required>) – Specifies the path of the secret to delete.

Example

const secret = await vault({
    method: 'delete',
    path: 'secret/api-keys/webApp'
});

Output

{ statusCode: 204 }

Copyright © 2021 Sai Hemanth Bheemreddy

Home
Engines
Configs
Advanced
Misc

Clone this wiki locally