Learning how to use the HashiCorp Vault API is key to really understanding how Vault works.
Video
Below is a video explanation and demo.
Video Chapters
You can skip to the relevant chapters below:
Overview
This blog post is a Vault API Tutorial for beginners. Learning how to use the Vault API is key to understanding Vault. I also share with you a couple of pro tips that will help you use the API faster and better.
HashiCorp Vault is the prominent secrets management solution today. It is currently used by the top financial institutions and enterprises in the world. I’ve created this HashiCorp Vault API tutorial for you!
This tutorial is a subset of a much larger course that is eight hours long. That course is called HashiCorp Vault 101 – Certified Vault Associate. It will help you dig deeper and be ready for the vault associate exam. You can find this course and others by going to the TeKanAid courses site.
Code
Pre-requisites
The following is required to follow along:
- A terminal running HashiCorp Vault OSS
- GitLab Free Account
Pro Tips for the Vault API
I trust you’ll find these two tips helpful.
1. The first one allows you to access the OpenAPI documentation for the Vault API
2. The second is a helpful CLI command to get the curl API equivalent for the Vault CLI command
Remember to also consult the API documentation. It’s extremely helpful when you are writing policies and trying to figure out the paths.
1. Try out the Vault API Explorer in the UI
This uses the OpenAPI standard to allow you to try different commands in the UI. It’s very helpful when testing.
This is what the Vault API Explorer looks like:
You can try out an endpoint using the Authentication mechanism you’ve used to authenticate in the UI:
Now you can find out what curl command to use:
Finally, you can see the server response and server response codes:
2. The -output-curl-string Flag
This flag helps you figure out what API curl command to use if you know the equivalent Vault CLI command. Instead of executing the request, print an equivalent curl command string and exit. The default is false.
Run this command:
vault secrets list -output-curl-string
Expected Output:
curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/sys/mounts
Run this command:
vault kv put -output-curl-string secret/test foo=bar
Expected Output:
curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"data":{"foo":"bar"},"options":{}}' http://127.0.0.1:8200/v1/secret/data/test
Conclusion
This blog post was a quick tutorial on how to use the Vault API. We also saw a couple of pro tips when using the Vault API. If you’re interested in learning more about Vault and perhaps even becoming Vault certified, check out my HashiCorp Vault 101 – Certified Vault Associate