Use KV Secrets Engine for Secrets Versioning

KV secrets engine is essentially a key-value store. It’s a simple and flexible way to store secrets. One of its strongest features is secret versioning, which lets you track changes to your secrets and revert to a specific version of secret if needed.

Prerequisites

You need a running Vault cluster. Refer to the Shortcut “Run HashiCorp Vault with Helm” for a refresher on running Vault.

Get Started with KV Secrets Engine

  1. Enable KV secrets engine (version 2):

    vault secrets enable -path=kv-v2 kv-v2

    You should get an output like this:

    A screenshot of a computer Description automatically generated

    You can check all the secrets engines using this command:

    vault secrets list

    You should see an output like this:

    A screenshot of a computer Description automatically generated

  2. Write a kv-v2 secret:

    vault kv put kv-v2/my-secret test="shortcuts"

    Your output should look something like the following:

    A screenshot of a computer Description automatically generated

    Notice the version 1 in the output.

  3. Write another version of the same secret:

    vault kv put kv-v2/my-secret test="shortcuts-new"

    Now notice that it says version 2:

    A screenshot of a computer Description automatically generated

  4. Read the secret you just created:

    vault kv get ...

Get Use KV Secrets Engine for Secrets Versioning now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial