How to get private key out of vault

sunil001repo · January 2, 2020, 5:34pm

Hi All,

I am very new to hashicorp vault and have few basic question:

using transit secret engine , is there a way to get private key the way we get public key : GET /transit/keys/:name.

This is required as we are still trying to use own crypto service but use vault for only creating/storing/updating key materials.

michelvocks · January 3, 2020, 10:47am

Hi @sunil001repo!

You have to mark the key exportable (https://www.vaultproject.io/api/secret/transit/index.html#exportable) during key creation/generation.
Afterwards, you can use the key export API endpoint (https://www.vaultproject.io/api/secret/transit/index.html#export-key) to export the private key.

Cheers,
Michel

sunil001repo · January 3, 2020, 3:27pm

Thanks Michel. This is what I was looking for

DevOpsRob · April 20, 2021, 3:15pm

Just to tag on to this, once the key is made exportable, this can not be reveresed.

mirzadipradhana · February 22, 2023, 3:51am

Hi All,
In the web UI, there’s a wrap response for exporting the key. I’ve tried to find the documentation about this but couldn’t find any. My question is can we export the key with wrap response using API? I didn’t see a parameter to enable the wrap response on the documentation. Transit - Secrets Engines - HTTP API | Vault | HashiCorp Developer

thank you

Topic		Replies	Views
Encryption as a Service - with my uploaded public key Vault vault	2	457	January 13, 2022
Import private key to transit Vault	1	170	December 20, 2023
Importing pre-existing rsa-4096 key as a transit key Vault	0	282	July 1, 2021
How to export raw encryption private key Vault vault	1	494	August 15, 2022
Transit RSA and Import only Public Key Vault vault	0	562	June 6, 2022

How to get private key out of vault

Related topics