<img align=right src=images/HashiCorp_PrimaryLogo_Black_RGB.png width=150>
<img src=images/hex2021.png width=100 align="left">

# Static Secrets (v2)
---
Key/Value Secrets engine is used to store arbitrary secrets.  It can be a generic Key-Value store that stores one value for a key. Or Versioning can be enabled and a number of versions for each key will be stored.

**Prerequisites:**
* Vault binary

EXECUTE the following command in SEPARATE window
```
VAULT_UI=true VAULT_REDIRECT_ADDR=http://127.0.0.1:8200 evault server -log-level=trace -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-ha -dev-transactional
```
 
### Setup
**Note**:  
* Run > Render All Markdown Cells
* Edit > Clear all outputs

In [None]:
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_SKIP_VERIFY=true

In [None]:
vault status

In [None]:
unset VAULT_TOKEN
vault login root
vault secrets list

---
### Demo: Your First Secret
Now that the Vault server is up and running, let's get read and write your first secret.  One of the core features of Vault is the ability to read and write arbitrary secrets securely.  Secrets are written to Vaul are encrypted and then written to backend storage.

Let's write a secret to Key/Value secret engine.  
   
**Note**:  
* Run > Render All Markdown Cells
* Edit > Clear all outputs

### Write key/value secrets
This writes multiple data, `username` and `password`, to the path `secret/training`.  The `secret/` prefix is where the secret engine is.  Vault offers the concepth of paths which means that engines, policies, and data can be applied to different paths to control access.

In [None]:
vault kv put secret/training username="student01" password="pAssw0rd"

### Read the secrets

In [None]:
vault kv get -version=4 secret/training

In [None]:
vault kv get -format=json secret/training | jq -r .data.data

**Read specific key only**

In [None]:
vault kv get -field=username secret/training

### Update Secrets
**Update specific key**

In [None]:
vault kv patch secret/training course="Vault 101"

&nbsp;

In [None]:
vault kv get secret/training

### List all the secret keys stored in the K/V Secret backend

In [None]:
vault kv list secret

&nbsp;

In [None]:
vault kv get -version=2 secret/training

## Deleting and destroying secrets

**Deleting is a soft delete**   
It will mark the version as deleted and populate a deletion_time timestamp. Soft deletes do not remove the underlying version data from storage, which allows the version to be undeleted. 

In [None]:
vault kv delete secret/training

In [None]:
vault kv undelete -versions=2 secret/training

In [None]:
vault kv get -version=2 secret/training

**Destroying a version permanently deletes the underlying data.**

In [None]:
vault kv destroy -versions=1 secret/training

In [None]:
vault kv get -version=1 secret/training

**Key metadata**
Deleting the metadata key will cause all metadata and versions for that key to be permanently removed.

In [None]:
vault kv metadata get secret/training

**Permanently delete all metadata and versions for a key**

In [None]:
vault kv metadata delete secret/training

---
## API

In [None]:
#-output-curl-string
vault kv put -output-curl-string  secret/apikey/google apikey="xvafdoygad1114"

**execute the cURL command**

In [None]:
curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" \
   -d '{"data":{"apikey":"xvafdoygad1155"},"options":{}}' \
   http://127.0.0.1:8200/v1/secret/data/apikey/google

**Read the secret **

In [None]:
curl -s -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/secret/data/apikey/google | jq '.data.data.apikey'

In [None]:
vault kv get secret/apikey/google

**Delete the secret**

In [None]:
curl -s -X DELETE -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/secret/data/apikey/google 

---
### Via UI
Open a web browser and visit http://127.0.0.1:8200/ui/vault Use TOKEN and Sign in


**From the Secrets Engines** list, select**secret**, then **apikey > google**.  Version 1 of this scret has been deleted as a resulf oa API request. 

**TODO:**. 
- 

&nbsp;

---
#### Thank you.
<img src=images/HashiCorp_PrimaryLogo_Black_RGB.png width=100 align="left">