Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Secrets Management Administration

Configuring Hashicorp Vault Proxy with CSM

search

Please Note:

printsuggest an editpdf paneldownload

Configuring Hashicorp Vault Proxy with CSM

copy link to clipboardPrerequisites

  1. Install Hashi Vault on your machine. Refer this link for installation details.

  2. Run the below command to install Hashi Vault CLI.

    sudo apt update && sudo apt install vault

copy link to clipboardSteps

To configure Hashicorp Vault Proxy with CipherTrust Secrets Management (CSM), perform the following steps:

  1. Set akeyless-vault url in: VAULT_ADDR environment variable.

    Syntax

    export VAULT_ADDR=IP <CipherTrust Manager-IP>/akeyless-hvp/

    Example

    export VAULT_ADDR=https://54.224.103.148/akeyless-hvp/

  2. Configure the authentication token that will be used by Vault CLI to fetch secrets from Akeyless Vault. Set your Akeyless token in ~/.vault-token. Supported tokens: Permanent token must be in the following structure: Access-ID+..+Access-Key

    Example

    p-XXXXX..XXXXXXXXXXX

copy link to clipboardGetting dynamic secret using Vault CLI

To get dynamic secret using Vault CLI, run:

Syntax

vault read {producer-type}/creds/{full/path/to/producer-name}

The supported producer types:

"*"
"db"
"mysql"
"mssql"
"mongodb"
"rdp"
"rabbitmq"
"chef"
"aws"
"azure"

Example Request 1

vault read */creds/prod/ds-db1
vault read db/creds/prod/ds-db1
vault read mysql/creds/prod/ds-db1

Example Response 1

Key                Value
---                -----
lease_id           */creds/prod/ds-db1/vTyDFRr5m01gVaNBYsokIRop
lease_duration     768h
lease_renewable    true
password           of6B6IY/~+i$$Z80
username           tmp.rnnds.hOKbRAqI5j

Example Request 2

vault read */creds/my-aws-producer
vault read aws/creds/my-aws-producer

Example Response 2

Key                  Value
---                  -----
lease_id             */creds/my-aws-producer/25F5E8gupyoi2dQIynoM9nff
lease_duration       768h
lease_renewable      true
access_key_id        AKIA6IR7NIGBGGDIWW7I
secret_access_key    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
username             tmp.JJRXoSsvDuj1Dp

copy link to clipboardWorking with static secrets

copy link to clipboardCreating/updating secret

To create a new static secret in Akeyless Vault, run:

vault kv put secret/{secret-name} {my-key}={my-value}

If a static secret already exists, then it will add a new version for that secret.

copy link to clipboardGetting details of secrets

To get the value of a secret from Akeyless Vault, run:

vault kv get secret/{secret-name}

To get a specific version of the secret, use the version flag.

Example

vault kv get -version=3 secret/{secret-name}

Default value is the latest version.

copy link to clipboardDeleting secrets

To delete a secret from Akeyless Vault, run:

vault kv delete secret/{secret-name}

To delete a list of specific versions from Akeyless Vault, use the versions flag, run:

Example

vault kv delete -versions=2,6,15 secret/{secret-name}

To delete all versions, set versions to 0 or -1.

Example

vault kv delete -versions=0 secret/{secret-name}

OR

vault kv delete -versions=-1 secret/{secret-name}

For more details, refer to Hashicorp Vault Proxy documentation.

On this page