<img align=right src=images/HashiCorp_PrimaryLogo_Black_RGB.png width=150>
<img src=images/acme.jpeg width=100 align="left">

# Static Secrets
---
Key/Value Secrets engine is used to store arbitrary secrets.  It can be a generic Key-Value store that stores one value for a key. Or Versioning can be enabled and a number of versions for each key will be stored.

**Prerequisites:**
* Vault binary

EXECUTE the following command in SEPARATE window
```
VAULT_UI=true VAULT_REDIRECT_ADDR=http://127.0.0.1:8200 evault server -log-level=trace -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-ha -dev-transactional
```
 
### Setup

In [2]:
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=root
export VAULT_SKIP_VERIFY=true

In [None]:
vault status

In [4]:
vault secrets list -detailed

[0mPath          Plugin       Accessor              Default TTL    Max TTL    Force No Cache    Replication    Seal Wrap    External Entropy Access    Options           Description                                                UUID
----          ------       --------              -----------    -------    --------------    -----------    ---------    -----------------------    -------           -----------                                                ----
cubbyhole/    cubbyhole    cubbyhole_93280a06    n/a            n/a        false             local          false        false                      map[]             per-token private secret storage                           9f9e69f5-16a5-8791-4eae-ac999044bd9b
identity/     identity     identity_1694b8f9     system         system     false             replicated     false        false                      map[]             identity store                                             74e59276-8929-4ff9-9d97-92eeb44384e0
secret/     

---
### Demo


**Write key/value secrets**

In [5]:
vault kv put secret/training username="student01" password="pAssw0rd"

[0mKey              Value
---              -----
created_time     2021-01-05T13:44:37.211097Z
deletion_time    n/a
destroyed        false
version          1[0m


**Read the secrets**

In [22]:
vault kv get secret/training

[0mKey              Value
---              -----
created_time     2021-01-05T13:48:41.959785Z
deletion_time    2021-01-05T13:52:35.163032Z
destroyed        true
version          2[0m
[0m[0m


**Read specific key only**

In [10]:
vault kv get -field=username secret/training


[0mstudent01[0m


**Update specific key**

In [11]:
vault kv patch secret/training course="Vault 101"

[0mKey              Value
---              -----
created_time     2021-01-05T13:48:41.959785Z
deletion_time    n/a
destroyed        false
version          2[0m


In [12]:
vault kv get secret/training

[0mKey              Value
---              -----
created_time     2021-01-05T13:48:41.959785Z
deletion_time    n/a
destroyed        false
version          2[0m
[0m[0m
[0mKey         Value
---         -----
course      Vault 101
password    pAssw0rd
username    student01[0m


### List all the secret keys stored in the K/V Secret backend

In [24]:
vault kv list secret

[0mKeys
----
training[0m


**Delete Secrets**   

In [25]:
vault kv get secret/training

[0mKey              Value
---              -----
created_time     2021-01-05T13:48:41.959785Z
deletion_time    2021-01-05T13:52:35.163032Z
destroyed        true
version          2[0m
[0m[0m


**To permanently delete secret/company , use vault kv destroy or vault kv metadata delete commands instead.**

In [26]:
vault kv destroy -versions 2 secret/training

[0mSuccess! Data written to: secret/destroy/training[0m


In [30]:
vault kv get secret/apikey/google

[0mKey              Value
---              -----
created_time     2021-01-05T13:58:39.426588Z
deletion_time    n/a
destroyed        false
version          1[0m
[0m[0m
[0m===== Data =====[0m
[0mKey       Value
---       -----
apikey    xvafdoygad1114[0m


## API

In [27]:
vault kv put -output-curl-string secret/apikey/google apikey="xvafdoygad1114"

curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"data":{"apikey":"xvafdoygad1114"},"options":{}}' http://127.0.0.1:8200/v1/secret/data/apikey/google


**execute the cURL command**

In [35]:
curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" \
   -d '{"data":{"apikey":"xvafdoygad1114"},"options":{}}' \
   http://127.0.0.1:8200/v1/secret/data/apikey/google



**Read the secret **

In [45]:
curl -s -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/secret/data/apikey/google | jq 

[1;39m{
  [0m[34;1m"request_id"[0m[1;39m: [0m[0;32m"74acefcb-cd5d-e045-1c36-91fc3c9ee588"[0m[1;39m,
  [0m[34;1m"lease_id"[0m[1;39m: [0m[0;32m""[0m[1;39m,
  [0m[34;1m"renewable"[0m[1;39m: [0m[0;39mfalse[0m[1;39m,
  [0m[34;1m"lease_duration"[0m[1;39m: [0m[0;39m0[0m[1;39m,
  [0m[34;1m"data"[0m[1;39m: [0m[1;39m{
    [0m[34;1m"data"[0m[1;39m: [0m[1;30mnull[0m[1;39m,
    [0m[34;1m"metadata"[0m[1;39m: [0m[1;39m{
      [0m[34;1m"created_time"[0m[1;39m: [0m[0;32m"2021-01-05T14:01:16.500349Z"[0m[1;39m,
      [0m[34;1m"deletion_time"[0m[1;39m: [0m[0;32m"2021-01-05T14:04:10.838107Z"[0m[1;39m,
      [0m[34;1m"destroyed"[0m[1;39m: [0m[0;39mfalse[0m[1;39m,
      [0m[34;1m"version"[0m[1;39m: [0m[0;39m3[0m[1;39m
    [1;39m}[0m[1;39m
  [1;39m}[0m[1;39m,
  [0m[34;1m"wrap_info"[0m[1;39m: [0m[1;30mnull[0m[1;39m,
  [0m[34;1m"auth"[0m[1;39m: [0m[1;30mnull[0m[1;39m
[1;39m}[0m


**Delete the secret**

In [44]:
curl -s -X DELETE -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/secret/data/apikey/google 

---
### Via UI
Open a web browser and visit http://127.0.0.1:8200/ui/vault Use TOKEN and Sign in


**From the Secrets Engines** list, select**secret**, then **apikey > google**.  Version 1 of this scret has been deleted as a resulf oa API request. 

&nbsp;

---
#### Thank you.
<img src=images/HashiCorp_PrimaryLogo_Black_RGB.png width=100 align="left">