Vault

Basic Commands

Create policy:

my-read-only.hcl:

path "secret/my-secret" {
  capabilities = ["read"]
}

vault policy write my-read-only ./my-read-only.hcl

Create token with specific policy:

vault token create -display-name='my read only token' -ttl=2h -policy=my-read-only

Revoke token (for example when token was leaked to GitHub):
```
vault token revoke "${TOKEN}"
```

enable MFA:

Enable the

vault secrets enable totp

Return an base64 encoded QR code:

vault write totp/keys/test generate=true issuer='Michal Czeraszkiewicz' account_name="contact@czerasz.com"

Scan the QR code with Google Authenticator

Verify the code:

vault write totp/keys/test code=123123