Commands Cheat Sheet
Try DrDroid: AI Agent for Debugging
Connection
export VAULT_ADDR='https://vault.example.com:8200'
Set Vault server address
export VAULT_TOKEN='your-token'
Set Vault authentication token
vault login
Interactive login to Vault
vault login -method=github token=
Login with GitHub auth method
vault login -method=userpass username=user password=pass
Login with username/password
Key Management
vault secrets list
List available secrets engines
vault kv get secret/path
Read a secret from KV store
vault kv put secret/path key=value
Write a secret to KV store
vault kv delete secret/path
Delete a secret
vault kv metadata get secret/path
Get metadata for a secret
Policy Management
vault policy list
List policies
vault policy read policy-name
Read a policy
vault policy write policy-name policy-file.hcl
Create/update a policy
vault policy delete policy-name
Delete a policy
Auth Methods
vault auth list
List auth methods
vault auth enable method-name
Enable an auth method
vault auth disable method-name
Disable an auth method
vault write auth/method-name/config param=value
Configure auth method
Token Management
vault token create
Create a new token
vault token lookup
Look up token information
vault token renew
Renew token
vault token revoke token
Revoke a token
Secret Engines
vault secrets enable -path=path type
Enable a secrets engine
vault secrets disable path
Disable a secrets engine
vault secrets tune -default-lease-ttl=1h path
Tune secrets engine configuration
PKI Management
vault write pki/root/generate/internal common_name="example.com"
Generate root CA
vault write pki/roles/my-role allowed_domains=example.com
Create a PKI role
vault write pki/issue/my-role common_name=test.example.com
Issue certificate
SSH Management
vault write ssh/creds/role-name ip=1.2.3.4
Generate SSH credentials
vault ssh -role=role-name [email protected]
SSH using Vault
Database Management
vault write database/config/my-db plugin_name=mysql
Configure database connection
vault read database/creds/my-role
Generate database credentials