Writing a Secret
Let’s start by writing a secret. This is done very simply with the
vault kv command, as shown below:
$ vault kv put secret/hello foo=world Success! Data written to: secret/hello
This writes the pair
foo=world to the path
secret/hello. We’ll cover paths in more detail later, but for now it is important that the path is prefixed with
secret/, otherwise this example won’t work. The
secret/ prefix is where arbitrary secrets can be read and written.
You can even write multiple pieces of data, if you want:
$ vault kv put secret/hello foo=world excited=yes Success! Data written to: secret/hello
vault kv put is a very powerful command. In addition to writing data directly from the command-line, it can read values and key pairs from
STDIN as well as files. For more information, see the command documentation.
Warning: The documentation uses the
key=value based entry throughout, but it is more secure to use files if possible. Sending data via the CLI is often logged in shell history. For real secrets, please use files. See the link above about reading in from
STDIN for more information.