Published on

Listing and deleting secrets in Vault

Authors

Vault is a tool from Hashicorp that is designed to make it easier to work with secrets. One of the things I needed to do today was clean up some secrets we had in our dev environment so that we can redeploy an app we have together with it's secrets.

This ended up not being too hard to do the key thing to understand is how your application stores the secret e.g. it uses vault to write it under say secret/username for an identity store. Vault is essentially a key value store.

What you need to do first is download the platform specific binary you need for Vault which you can do here. Then to interact with vault using this cli you need to setup a few command line variables:

export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN=<vaultTokenHereNoQuotesNeeded>

The above assumes vault is running on the same machine, if not adjust your address variable accordingly. You also need to insert your vault root token which you would have been given when you unsealed vault.

To list possible secret stores run:

vault secrets list

To delete specific secrets run:

> vault delete secret/secret-name-from-list
Success! Data deleted (if it existed) at: secret/secret-name-from-list

As mentioned before you need to look at your application to understand what your secret keys look like.