Installing Vault with Helm

1. Create a values.yaml file on your local

   # File: values.yaml
   injector:
     enabled: false
   server:
     auditStorage:
       enabled: true
       size: 1Gi
       storageClass: csi-disk
     dataStorage:
       enabled: true
       size: 1Gi
       storageClass: csi-disk
     ingress:
       enabled: true
       hosts:
         - host: vault-🚒.pea-workshops.odd.works
       ingressClassName: nginx
   

2. Add repo

   helm repo add hashicorp <https://helm.releases.hashicorp.com>
   

3. Update repo

   helm repo update
   

4. Install Vault

   helm -n vault-🚒 install vault-🚒 hashicorp/vault -f values.yaml
   

5. Check pods

   kubectl -n vault-🚒 get pods
   

6. Execute to the pod

   kubectl -n vault-🚒 exec -it vault-🚒-0 -- sh
   

Key/Value (KV)

1. Log in

   vault login
   

2. Enable KV v2 at path secret

   vault secrets enable -path=secret kv-v2
   

3. Write a secret

   vault kv put secret/myapp username=admin password=pass123
   

4. Read a secret

   vault kv get secret/myapp
   

5. Update a secret

   vault kv put secret/myapp username=admin password=newpass456
   

6. Delete a secret version (soft delete)

   vault kv delete secret/myapp
   

Golang

// File: main.go
package main

import (
	"fmt"
	"log"
	"os"

	"github.com/hashicorp/vault/api"
)

func main() {
	client, err := api.NewClient(&api.Config{
		Address: "<https://vault-atb.pea-workshops.odd.works>",
	})
	if err != nil {
		log.Fatal(err)
	}

	client.SetToken(os.Getenv("VAULT_TOKEN"))

	secret, err := client.Logical().Read("secret/data/myapp")
	if err != nil {
		log.Fatal(err)
	}

	if secret != nil {
		data := secret.Data["data"].(map[string]interface{})
		fmt.Println("🍊 Retrieved secret data with Golang:")
		fmt.Println("Username:", data["username"])
		fmt.Println("Password:", data["password"])
	}
}

Run

go mod tidy

export VAULT_TOKEN=🚒
go run main.go

Python