Prerequsites
Create dynamic secret producer according to the documentation here.
Configuring Hashicorp Vault Proxy
- Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
- Now, you'll need to configure the authentication token that would be used by Vault CLI to fetch secrets from Akeyless Vault.
Set your Akeyless token in ~/.vault-token
Supported tokens:
(a) Permanent token in the following structure: Access-ID+”..”+Access-Key, in example:
p-XXXXX..XXXXXXXXXXX
(b) Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.
Get dynamic secret with Vault CLI
vault read {producer-type}/creds/{full/path/to/producer-name}
Supported producer types:
"*"
"db"
"mysql"
"mssql"
"mongodb"
"rdp"
"rabbitmq"
"chef"
"aws"
Example:
vault read */creds/prod/ds-db1
vault read db/creds/prod/ds-db1
vault read mysql/creds/prod/ds-db1
Key Value
--- -----
lease_id */creds/prod/ds-db1/vTyDFRr5m01gVaNBYsokIRop
lease_duration 768h
lease_renewable true
password of6B6IY/~+i$$Z80
username tmp.rnnds.hOKbRAqI5j
vault read */creds/my-aws-producer
vault read aws/creds/my-aws-producer
Key Value
--- -----
lease_id */creds/my-aws-producer/25F5E8gupyoi2dQIynoM9nff
lease_duration 768h
lease_renewable true
access_key_id AKIA6IR7NIGBGGDIWW7I
secret_access_key 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
username tmp.JJRXoSsvDuj1Dp
Updated 3 months ago