Managing Paths and Secrets
You can add, edit or delete paths and secrets in your Vault service instance. A path specifies the storage location of your secret. Vault service storage mechanism is similar to virtual file system. When you create an instance of Vault service, the default storage location is defined by a specific path that is equivalent to the home directory in a file system.
About This Task
You can either use REST APIs to manage the paths or use the Vault dashboard UI. For more information on Vault dashboard, see vault-service-using-dashboard.html#task_aa8e373e-b952-4c12-a9e8-b1114219b0a4.
To construct the URL for Vault service API, you can get the path to Vault service from your VCAP_SERVICES environment variable. For example, you can construct your URL to perform an operation as follows:
https://predix-vault-asv.gecis.io/v1/auth/token/<api_suffix>
Procedure
- Retrieve the secret at the specified location.
Method:
GET
URL:
/secret/<path>
Parameters: None
Returns:
{ "auth":null, "data":{ "foo":"bar" }, "lease_duration":2764800, "lease_id":"", "renewable":false }
- Return a list of key names at the specified location. Folders are suffixed with
/
. The input must be a folder; list on a file will not return a value. The values themselves are not accessible via this command.Note: Policy-based filtering is not performed on keys. Therefore do not encode sensitive information in key names.Method:
LIST/GET
URL:
/secret/<path>
(LIST) or/secret/<path>?list=true
(GET)Parameters: None
The example below shows output for a query path of
secret/
when there are secrets atsecret/foo
andsecret/foo/bar
.Returns:
{ "auth":null, "data":{ "foo":"bar" }, "lease_duration":2764800, "lease_id":"", "renewable":false }
- Stores a secret at the specified location.
Method:
POST/PUT
URL:
/secret/<path>
Parameters: (key) Specify a key name paired with an associated value to be stored at the given path. You can specify multiple key/value pairs. You can retrieve all values using the read operation.
Returns: A 204 response code.
- Delete the secret at the specified location.
Method:
DELETE
URL:
/secret/<path>
Parameters: None
Returns: A 204 response code.