Beginner - trying to get started - making this harder than it needs to be

briandunbar · August 15, 2020, 12:47am

What I want to do is …

execute a script on a server
that plucks login credentials from vault

I think using the vault API is the way to go forward. What I would love is a clean tutorial walking me through my first script. Any other documents or advice is appreciated.

For what it’s worth …

I have is a LDAP login to our organization’s vault server. So far I can …

Login to vault from CLI (vault login)
Grab a secret (vault kv get)

Thanks,

joatmon08 · August 25, 2020, 5:29pm

Hi Brian,

This is actually a very nuanced problem! The cleanest way to implement the workflow you’ve outlined is to use Vault Agent, which will:

Authenticate to vault for you using auto-auth (vault login)
Retrieve a secret and write it to a local file of your choice (vault kv get __ > /tmp/secret)

There is a tutorial for using Vault Agent with AWS.

Hope this helps!

Rosemary