HashiCorp Vault API Tutorial and Pro Tips

Learning how to use the HashiCorp Vault API is key to really understanding how Vault works.

Video

Below is a video explanation and demo.

Video Chapters

You can skip to the relevant chapters below:

  • 00:00 – Introduction
  • 00:29 – Vault API Explanation
  • 05:52 – Hands-on Demo

Overview

This blog post is a Vault API Tutorial for beginners. Learning how to use the Vault API is key to understanding Vault. I also share with you a couple of pro tips that will help you use the API faster and better.

HashiCorp Vault is the prominent secrets management solution today. It is currently used by the top financial institutions and enterprises in the world. I’ve created this HashiCorp Vault API tutorial for you!

This tutorial is a subset of a much larger course that is eight hours long. That course is called HashiCorp Vault 101 – Certified Vault Associate. It will help you dig deeper and be ready for the vault associate exam. You can find this course and others by going to the TeKanAid courses site.

Code

Pre-requisites

The following is required to follow along:

  • A terminal running HashiCorp Vault OSS
  • GitLab Free Account

Pro Tips for the Vault API

I trust you’ll find these two tips helpful.
1. The first one allows you to access the OpenAPI documentation for the Vault API
2. The second is a helpful CLI command to get the curl API equivalent for the Vault CLI command

Remember to also consult the API documentation. It’s extremely helpful when you are writing policies and trying to figure out the paths.

1. Try out the Vault API Explorer in the UI

This uses the OpenAPI standard to allow you to try different commands in the UI. It’s very helpful when testing.

How to access the Vault API Explorer
How to access the Vault API Explorer

This is what the Vault API Explorer looks like:

The Vault API Explorer
The Vault API Explorer

You can try out an endpoint using the Authentication mechanism you’ve used to authenticate in the UI:

Trying out an Endpoint
Trying out an Endpoint

Now you can find out what curl command to use:

Getting the curl Command to Use
Getting the curl Command to Use

Finally, you can see the server response and server response codes:

Server Response and Response Codes
Server Response and Response Codes

2. The -output-curl-string Flag

This flag helps you figure out what API curl command to use if you know the equivalent Vault CLI command. Instead of executing the request, print an equivalent curl command string and exit. The default is false.

Run this command:

vault secrets list -output-curl-string

Expected Output:

curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/sys/mounts

Run this command:

vault kv put -output-curl-string secret/test foo=bar

Expected Output:

curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"data":{"foo":"bar"},"options":{}}' http://127.0.0.1:8200/v1/secret/data/test 

Conclusion

This blog post was a quick tutorial on how to use the Vault API. We also saw a couple of pro tips when using the Vault API. If you’re interested in learning more about Vault and perhaps even becoming Vault certified, check out my HashiCorp Vault 101 – Certified Vault Associate

References

Suggested Reading

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top