I don’t understand how can I make a call from a script ( python for example) to my vault.
I made a vault like in the tutorial with this config file :
listener “tcp” {
address = “127.0.0.1:8200”
tls_disable = “true”
}
I created an entitie named Tom with the password Jerry, Tom has access to the path :
kv secrets/animals mouse=rat
In the policies I said that Tom could only " read" information in this path.
Okay now that you have the explanation of how I made my vault example, I don’t understand how am I suppose to get an access to my vault and how can I ask something like " Hey vault I’m Tom my password is Jerry give me the value of Mouse in secrets/animals"
I don’t know if my question is clear, don’t hesitate to ask more explanation from me.
I’d suggest reviewing the API documentation as it’s been very helpful for me over the years.
But to more directly answer your question you’ll need to login and collect the resulting client token and then pass that token in as the value of the X-Vault-Token header in subsequent requests.
For example, reading a secret in KV v1 or KV v2.
Yeah I checked the API but my problem is on a much simple thing : I don’t understand what is the url that I need to use to make my request.
When I will make my script I will have to do something like :
client =hvac.client(url='url I need to use ')
And the as u mentionned I checked the API docs and I will have to do something like :
login_response=client.auth.ldap.login(
username=os.environ[‘Tom’],
password=os.environ[‘Jerry’],
)
client.is_authenticated()
My problem is what url I need to use to talk to my vault. Thus don’t hesitate to correct me if I’m doing this the wrong way.
A little precsion moreover, my vault is on a server and I want to talk to my vault with any computer.
Another thing am I forced to use tokens to communicate with vault or is it possible to just log in with username passwords ?
Thanks a lot for your answers it’s very kind
The vault binary has a very nice -output-curl-string parameter that produces what URL it is using to accomplish what you’re asking. It prints out a full curl equivalent with the parameters and values that you need.
It’s more of a replacement for systems that do not/cannot have the vault binary but it’s very useful for writing scripts/policies as well.
