Create paths and store secrets from json file

1,215 views
Skip to first unread message

Chris Murphy

unread,
Apr 24, 2016, 10:36:23 AM4/24/16
to Vault

Hi Guys,

I have a excel sheet with 10 machines and username and password for each machine

1. Would like to store them in vault ...
2. Using the http api to post them to vault.
3. I convert the excel sheet to json format.

Here is the post I am using

curl -H "X-Vault-Token: 1234-1234-1234-1234-1234" -H "Content-Type: application/json" -X POST -d '@test.json' http://10.12.12.111:8200/v1/secret/machines/

I get error about machines/ can't end in / so I remove it.

curl -H "X-Vault-Token: 1234-1234-1234-1234-1234" -H "Content-Type: application/json" -X POST -d '@test.json' http://10.12.12.111:8200/v1/secret/machines

So what I tried to do is put all machines ip address under machines and the username and password per machine

/secret/machines/10.1.12.10 username=test2 password=test2
/secret/machines/10.1.12.11 username=test3 password=test3
/secret/machines/10.1.12.12 username=test4 password=test4
/secret/machines/10.1.12.13 username=test5 password=test5

Here is my json file format

 {"Machine": "10.1.12.10", "Username": "test2", "password": "test2"},
{"Machine": "10.1.12.11", "Username": "test3", "password": "test3"},
{"Machine": "10.1.12.12", "Username": "test4", "password": "test4"},
{"Machine": "10.1.12.13", "Username": "test5", "password": "test5"},

Looking for the format to upload the json to vault or if a page about vault json format data page is available would be great....??? Thanks


vishal nayak

unread,
Apr 24, 2016, 7:00:57 PM4/24/16
to vault...@googlegroups.com
Hi Chris,

There is no format data page available, since there is no custom format that Vault accepts. Vault API accepts any data that is in JSON format.

If you want to index data against the IP, then you can call:

curl -v -XPOST -H "x-vault-token:123" "http://127.0.0.1:8200/v1/secret/machines/10.1.12.10" -d '{"username":"test2","password":"test2"}'
or
vault write secret/machines/10.1.12.10 username=test2 password=test2

To read them back,
curl -v -XGET -H "x-vault-token:123" "http://127.0.0.1:8200/v1/secret/machines/10.1.12.10"
or
vault read secret/machines/10.1.12.10

The payload provided for the POST call can take any other information along with username and password, as long as the data is in JSON format.
Note that the data you store as a secret will be leased.

Hope this helps!

Regards,
Vishal



--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/22ee12a1-c795-4f1f-8dcc-89540b9a08fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
vn

Chris Murphy

unread,
Apr 25, 2016, 3:53:53 AM4/25/16
to Vault

Thanks Vishal Nayak

But I know this manual input of secrets. This manual input is great if you have 5 or 6 secrets not when you have a high number of secrets to input.

So I am looking for some way to post multiple paths with secrets to vault. Using HTTP API is great with JSON file. This is so bulk upload of secrets can be done fast.

vishal nayak

unread,
Apr 25, 2016, 5:43:24 AM4/25/16
to vault...@googlegroups.com
Hi Chris,

Vault currently does not support enabling multiple paths through a single (upload) call.

If there is bulk data, parsing it and calling Vault API for each data should be scripted at the client side.

Regards,
Vishal



--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b89bbb57-60c9-485c-93e7-1d4b38582c41%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
vn
Reply all
Reply to author
Forward
0 new messages