HashiCorp Cloud Platform
Install HCP Vault Secrets CLI
Before you can interact with HCP Vault Secrets using the command-line interface (CLI), the vlt
CLI must be installed and configured.
Once installed, you can choose to authenticate interactively using your HCP Portal credentials, or non-interactively using a HCP service principal.
Prerequisites
- An existing HCP account
- Completed the Create a secret in HCP Vault Secrets tutorial
- Homebrew installed
Install HCP Vault Secrets CLI
The HCP Vault Secrets CLI is available for download from releases.hashicorp.com/vlt as a zip archive and via popular package managers.
MacOS users can use Homebrew to install the CLI. Refer to the Homebrew installation instructions if it is not already installed.
Open a new terminal.
Install the HashiCorp tap.
$ brew tap hashicorp/tap
Install the HCP Vault Secrets CLI.
$ brew install vlt
Verify the installation.
$ vlt Usage: vlt [--version] [--help] <command> [<args>] Available commands are: apps Lists the apps in the project config Lists or updates the current config login Login to the Vault Secrets web services logout Log out of the Vault Secrets web services run Run a process while injecting secrets as ENV vars secrets Lists the secrets in an app version Shows the vlt cli version and golang version
Configure the HCP Vault Secrets CLI
Interactive logins launch a web browser to have you authenticate with your HCP user account through a supported authorization method such as username and password, single sign-on (SSO), or GitHub.
Refer to the HCP Vault Secrets documentation to review HCP roles and permissions.
Log in to HCP Vault Secrets using the interactive login.
$ vlt login
A new browser will open, log into your HCP account. Once complete, your browser will display
Login is successful. You may close the browser and return to the command line.
.Return to the terminal session.
Example output:
2023/05/25 09:39:59 No credentials found, proceeding with browser login. The default web browser has been opened at https://auth.idp.hashicorp.com/oauth2/auth. Please continue the login in the web browser. Success! Successfully logged in
Before proceeding with the HCP Vault Secrets CLI, it must be configured. Run
vlt init
to configure the CLI.$ vlt config init
If you are a member of multiple HCP organizations, you will be prompted to select the organization you wish to use. Use the arrow keys to select the HCP organization.
Example output:
Use the arrow keys to navigate: ↓ ↑ → ← ? Multiple Organizations found please select the one you would like to configure.: > vault-edu-org hashicorp-education hashicorp-edu-org ----- Organization ----- Name: vault-edu-org ID: 12cd56-88d2-69fb-8cc1-s3sAm3st State: ACTIVE
If you have multiple projects in your HCP organization, you will be prompted to select the project you wish to use. Use the arrow keys to select the HCP project.
Use the arrow keys to navigate: ↓ ↑ → ← ? Multiple projects found. Please select the one you would like to configure.: DevelopmentProject > Production ----- Organization ----- Name: Production ID: 12cd56-704c-46af-8ba5-mAtr3x Description: State: ACTIVE
Select the
WebApplication
application you created in the previous tutorial.Use the arrow keys to navigate: ↓ ↑ → ← ? Select an Application name: ▸ WebApplication Successfully wrote configuration to system
Run
vlt secrets list
to review the existing secrets.$ vlt secrets list Name Latest Version Created At username 2 2023-05-24T12:22:18.395Z
Next steps
In this tutorial you installed and configured the HCP Vault Secrets CLI, and authenticated using the interactive and non interactive methods.
In the next tutorial you will learn how to retrieve a secret using the command line interface (CLI) and API which will allow you to automate secret retrieval from HCP Vault Secrets.