Reputation: 276
How to enable a kv secret engine in vault using HTTP APIs
I was trying to enable kv secret engine at secret path in my vault setup.. I can easily do it using CLI
vault secrets enable -path=secret kv
But I have to make it work using Vault's HTTP APIs.
I have gone through documentation but could not find any endpoint for the above command.
Thanks in advance
Upvotes: 6
Views: 6680
Answers (2)
Reputation: 582
By default vault enables secret engine for version v1 (by just specifying kv). Version v1 does not have support for API calls or metadata for external integration. So we need to enable engine for v2 version by specifying kv-v2
vault secrets enable -path=secret kv-v2
Upvotes: 1
Reputation: 21035
This is covered under the System Backend/sys/mounts API reference page.
Issue a POST request to /v1/sys/mounts/<mountpoint> with a payload containing the type (kv) and various configuration options. For KV, you probably want to specify version: 2 (or type kv-v2) unless you want to stick to V1.
See the above link for details on the possible parameters.
Here is the example from the docs:
payload.json:
{
"type": "aws",
"config": {
"force_no_cache": true
}
}
Request:
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/mounts/my-mount
Upvotes: 8
Related Questions
- Vault - How can I get list of secrets by API request
- Hashicorp Vault cli return 403 when trying to use kv
- Can't get vault kv-v2 secret using curl
- Access HashiCorp Vault KV secret using node-vault
- How to inject vault and consume hashicorp vault secrets?
- hashicorp vault - unable to list a secret using the API but can successfully verify using CLI
- Unable to read Vault secrets - using Vault Sidecar Injector
- Cannot get vault kv-v2 secrets in Quarkus using token auth
- Using Hashicorp Packer with Vault Secret Engine KV2
- Vault: how to get list of kv secrets