- Docker engine
- Bring up the services
docker-compose up -d- Set
VAULT_ADDRtohttp://localhost:8200
export VAULT_ADDR=http://localhost:8200- Authenticate to the Vault server
The root token is
my-very-secure-token. Invoke
vault loginand enter the token. You should see something similar to
❯ vault login
Token (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token my-very-secure-token
token_accessor Z1bCSbdcB2hpBVNKqPBMgTLm
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]- Obtain temporary DB credentials
vault read database/creds/my-roleYou should see something similar to
❯ vault read database/creds/my-role
Key Value
--- -----
lease_id database/creds/my-role/35T7z6wxQrDI9vxt6RCqyuxj
lease_duration 1h
lease_renewable true
password Pp3II5kyP-pH6plI0Vm3
username v-token-my-role-3WeK7qYp0cXt9D8L12zF-1673199871Use the generated credentials to connect to the PostgreSQL server
psql -h localhost -U <username> postgresExample:
❯ psql -h localhost -U v-token-my-role-vcdtHQwytCvVR6yk6zgW-1673200121 postgres
Password for user v-token-my-role-vcdtHQwytCvVR6yk6zgW-1673200121:
psql (14.6 (Homebrew))
Type "help" for help.
postgres=> \dt
Did not find any relations.
postgres=> \qvault kv get my.secrets/dev