How to store the content of binary file in Vault?

przemolb · November 9, 2020, 11:51pm

What is the best way to store a content of binary file in Vault ? Any recommendation ?

mikegreen · November 10, 2020, 12:04am

What is the use case you need to store a binary file? I’d say that isn’t a normal thing in Vault.

I’d recommend using transit to encrypt the file but storing the encrypted content in your existing storage/db platform.

przemolb · November 10, 2020, 8:56am

The file has sensitive content (certificates) - it is jks file.

martinhristov90 · November 10, 2020, 9:42am

Hello,

Did you try to convert it to base64 and they put it in Vault ?

Martin

przemolb · November 10, 2020, 2:24pm

No I haven’t. I didn’t know it has to be converted to base64. Once I did that what vault command should I use to write the content to Vault ?

scshitole · November 10, 2020, 10:17pm

I think you can use the API below

curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/transit/encrypt/my-key

atomlab · August 11, 2021, 2:11pm

I use base64 for store all binary content or something like this.

Encode and put to vault

base64 --wrap=0 /tmp/cert.p12  | vault kv put mysecrets/my-cert key=-

Get from vault and decode

vault kv get -field=key mysecrets/my-cert | base64 --decode --ignore-garbage > /tmp/my-cert.p12

Topic		Replies	Views
Loading/Storing binary files as secrets Vault	2	4540	May 4, 2021
Download files in vault Vault	1	1846	March 2, 2021
How to store a file content in Hashicorp KV Secret engine as value through cmd line or script Vault vault	1	8199	November 15, 2022
Storing files in Vault? Vault	1	1366	July 13, 2020
Store ssl certificates in vault Vault	6	18768	January 20, 2025