Hello,
I’m still looking into the documentation, but if someone has a knowledge on this that will be great.
Is KV-2 the default secret engine on Vault v1.8.x?
Thank you,
Laurentius Purba
If you mean does
vault secrets enable kv
No, that still mounts v1.
However
vault secrets enable kv-v2
enables the kv v2 engine.
KV isn’t deprecated, it’s just a version-less version of the two. If you don’t need secret versioning it’s a smaller footprint. I, personally, like the safety of v2 but you’re not forced to use it.
Thanks @aram .
My bad, I should have clearly stated my question.
If I want to install vault v1.8, fresh install, is kv2 the default secret engine?
Yes, if you use:
vault secrets enable kv-v2
Hmm. That’s not my question. So, I guess by default only cubbyhole is the default engine. The others, we should explicitly enable it.
But, if I run it in -dev mode, then the default is kv2 as per this link.
The answer is still the same as above, so if you answer as to why you care that would be a better question and we can arrive at an answer.
The answer - Yes for a -dev server but no for a prod server, per the docs:
For v1.18.x (latest)
...
Additionally, when running a dev-mode server, the v2 kv secrets engine is enabled by default at the path demo/ (for non-dev servers, it is currently v1). It can be disabled, moved, or enabled multiple times at different paths. Each instance of the KV secrets engine is isolated and unique.
...
Hi @laurentiuspurba - there are no default secrets engines, other than cubbyhole as you mentioned.
If you run in dev mode, then yes there is an example secrets engine enabled by default, but that is only in dev mode.
If you are new to Vault, check out