.png?sv=2019-07-07&sig=h7ngnNzHw6uuUBerp%2B1pbmBqiLsYN4V3z4pw4cE74GE%3D&spr=https%2Chttp&st=2023-10-02T14%3A11%3A10Z&se=2023-10-02T14%3A21%3A10Z&srt=o&ss=b&sp=r){kind=logo}
Enable KV Secrets Engine
- 13 Jun 2022
-
DarkLight
-
PDF
Enable KV Secrets Engine
- Updated on 13 Jun 2022
-
DarkLight
-
PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Enable KV Secrets Engine
To enable the KV Secrets Engine for Vault:
-
Run the command
vault secrets enable kv-v2to enable the KV Secrets Engine. V2 is the recommended version for Vault.Figure 1: Enable KV Engine
-
Navigate to
/opt/pronghorn/currentand edit theproperties.jsonfile with the location of the token.txt file. More information on the token file can be found in the Vault properties section below.Figure 2: Edit Properties
Vault Properties
To use Vault, there must be a vaultProps section within the properties.json file.
| Property | Required | Default | Description |
|---|---|---|---|
| url | Yes | http://localhost:8200 |
The default URL to connect to Vault, including the hostname and port. |
| token | Yes | /file/path/token.txt |
The file path to a document containing a token. The token is used for authentication to access Vault secrets. |
| endpoint | Yes | secret/data |
The endpoint for the Secrets Engine type that is used. |
The vaultProps can be configured with the following properties:
"vaultProps": {
"url": "http://localhost:8200",
"token": "/opt/vault/token.txt",
"endpoint": "kv-v2/data"
}
Since pathing to the Secrets Engine can be whatever you set as a unique endpoint, the following URL sample is presented with v1 as a hard-coded file path in IAP where the actual vault token is stored.
Example: URL Structure
http://localhost:8200/v1/kv-v2/data
For more information on using Vault:
-
See the official HashiCorp Vault Secrets Engine documentation.
-
Refer to the Secrets Engines tutorial.
