HCP CLI overview for HCP Vault Secrets
The HCP CLI supports HCP Vault Secrets using the vault-secrets
command group.
Refer to the HCP CLI section for a
complete list of all supported vault-secrets
commands.
Login to HCP Vault Secrets
You can login interactively using a web browser or configure the hcp
CLI for non-interactive workflows.
The hcp auth login
command will authenticate you with the HashiCorp Cloud Platform.
Open a terminal and run
hcp auth login
.$ hcp auth login
A new browser window will open.
Log into the HCP Portal using your username and password.
Return to the terminal, the
Successfully logged in!
message appears.The
auth login
command will try to configure default organization and project. When multiple organizations or projects are detected, you will be prompted to runhcp profile init
.Run
hcp profile init
to configure (or update) the default profile.$ hcp profile init
Use the arrow keys on the keyboard to select an organization.
Example output:
Use the arrow keys to navigate: ↓ ↑ → ← and / toggles search? Multiple organizations found. Please select the one you would like to configure.: > example-org-1 example-org-2 example-org-1----- Organization -----Name: example-org-1ID: 11111111-1111-1111-1111-s3sam3st33t
Use the arrow keys on the keyboard to select a project.
Example output:
✓ Organization with name "example-org-1" and ID "11111111-1111-1111-1111-s3sam3st33t" selectedUse the arrow keys to navigate: ↓ ↑ → ← and / toggles search? Multiple projects found. Please select the one you would like to configure.: > ProductionProject DevelopmentProject----- Project -----Name: ProductionProjectID: 11111111-1111-1111-1111-c00k1300Description:
When prompted, type
y
toconfigure any service related config
. Selectvault-secrets
, then select the desired app.Example output:
✓ Organization with name "hashicorp-edu-org" and ID "2570acc0-8d87-4443-a8a8-fcf8cacf750d" selected✓ Project with name "ProductionProject" and ID "43c763b4-d3f4-4fda-b245-2ab9d0f5d257" selectedWould you like to configure any service related config (y/n)? y✔ Vault SecretsUse the arrow keys to navigate: ↓ ↑ → ← and / toggles search? Multiple apps found. Please select the one you would like to configure.: > ExampleApplication WebApplication----- Apps -----Name: ExampleApplicationDescription
You can now use the
hcp
CLI.$ hcp vault-secrets open <secret-name> Secret Name: secret-nameType: kvCreated At: 2024-10-02T13:21:13.417ZLatest Version: 1Value: example
Create a secret
Use the vault-secrets
command family to create secrets.
You can create a secret by specifying a data file, or piping the secret using STDIN.
$ echo -n "WorstPasswordEver" | hcp vault-secrets secrets create password --data-file=-Secret Name Created At Latest Versionpassword 2024-10-04T16:35:14.958Z 1 ✓ Successfully created secret with name "password" To read your secret, run: $ hcp vault-secrets secrets read password --app ExampleApplication
Read a secret
Use the vault-secrets
command family to open secrets.
The open
command returns the value of a secret.
$ hcp vault-secrets secrets open passwordSecret Name: passwordType: kvCreated At: 2024-10-04T16:35:14.958ZLatest Version: 1Value: WorstPasswordEver
Delete a secret
Use the vault-secrets
command family to delete secrets.
The delete
command to remove a secret.
$ hcp vault-secrets secrets delete password✓ Successfully deleted secret with name "password"
Logout of HCP Vault Secrets
Use the auth
command family to logout.
$ hcp auth logoutSuccessfully logged out