Enable KV Secrets Engine
  • Dark
    Light
  • PDF

Enable KV Secrets Engine

  • Dark
    Light
  • PDF

Enable KV Secrets Engine

To enable the KV Secrets Engine for Vault:

  1. Run the command vault secrets enable kv-v2 to enable the KV Secrets Engine. V2 is the recommended version for Vault.

    Figure 1: Enable KV Engine

    Enable KV Engine

  2. Navigate to /opt/pronghorn/current and edit the properties.json file with the location of the token.txt file. More information on the token file can be found in the Vault properties section below.

    Figure 2: Edit Properties

    Edit Properties

Vault Properties

To use Vault, there must be a vaultProps section within the properties.json file.

Property Required Default Description
url Yes http://localhost:8200 The default URL to connect to Vault, including the hostname and port.
token Yes /file/path/token.txt The file path to a document containing a token. The token is used for authentication to access Vault secrets.
endpoint Yes secret/data The endpoint for the Secrets Engine type that is used.

The vaultProps can be configured with the following properties:

"vaultProps": {
    "url": "http://localhost:8200",
    "token": "/opt/vault/token.txt",
    "endpoint": "kv-v2/data"
  }

Since pathing to the Secrets Engine can be whatever you set as a unique endpoint, the following URL sample is presented with v1 as a hard-coded file path in IAP where the actual vault token is stored.

Example: URL Structure

http://localhost:8200/v1/kv-v2/data

For more information on using Vault: