环境: Ubuntu 20
1. 安装
$git clone https://github.com/hashicorp/vault.git
$cd vault
$make bootstrap
$make dev
$./bin/vault -h
$vault server -help
Start a Vault server in development mode (dev server).
$vault server -dev
输出:
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variables:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: AxFYcA2JU1YL0pXYs6u3gM637lElUnPrUxOdUZpt+jo=
Root Token: hvs.d2WEiHMGwosbpbsxbYb33LK5
Development mode should NOT be used in production installations!
2. 设置环境变量
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN="hvs.d2WEiHMGwosbpbsxbYb33LK5"
3. 验证
[02/26/24]seed@VM:~/.../bin$ vault status
输出:
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.17.0-beta1
Build Date 2024-02-23T14:05:10Z
Storage Type inmem
Cluster Name vault-cluster-2c2df0fa
Cluster ID 84029ddd-0a24-1c64-3b8a-a67dfc45e212
HA Enabled false
4. 测试
[02/26/24]seed@VM:~/.../bin$ vault kv put secret/hello foo=world
== Secret Path ==
secret/data/hello
======= Metadata =======
Key Value
--- -----
created_time 2024-02-26T08:09:43.714281865Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 1
[02/26/24]seed@VM:~/.../bin$ vault kv get secret/hello
== Secret Path ==
secret/data/hello
======= Metadata =======
Key Value
--- -----
created_time 2024-02-26T08:09:43.714281865Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 1
=== Data ===
Key Value
--- -----
foo world
$ vault kv delete secret/hello
Success! Data deleted (if it existed) at: secret/data/hello