once we have created/stored our secret in the vault, while accessing it via rest apis, we need to provide the credentials like the unseal key etc. I am looking at the best recommended practice to store this key, if any apart from storing in a config file.
You don’t store the unseal key. It is a server operation to unseal Vault, not a client connection. Clients connect with an auth method/token. Never with unseal keys.
Take a look at the tutorials around deploying vault and operation, specifically around seal/unseal:
1 Like
Thanks for the reply mike.
i am mainly looking at where/how best to store the initial details in the client.
for eg: in order to retrieve secret from the vault via api, i will need the vault address (assuming i have access to the url), is that enough to get a auth token ? and use this token to get further info?
That is outlined here: Secure Introduction of Vault Clients | Vault - HashiCorp Learn