Managing Paths and Secrets

You can add, edit or delete paths and secrets in your Vault service instance. A path specifies the storage location of your secret. Vault service storage mechanism is similar to virtual file system. When you create an instance of Vault service, the default storage location is defined by a specific path that is equivalent to the home directory in a file system.

About This Task

You can then add sub paths to the default path to define additional storage locations or nodes. The sub-paths are equivalent to the hierarchy of folders and sub-folders in a file system. The secrets are stored under a path as key value pairs.

You can either use REST APIs to manage the paths or use the Vault dashboard UI. For more information on Vault dashboard, see vault-service-using-dashboard.html#task_aa8e373e-b952-4c12-a9e8-b1114219b0a4.

To construct the URL for Vault service API, you can get the path to Vault service from your VCAP_SERVICES environment variable. For example, you can construct your URL to perform an operation as follows:

https://predix-vault-asv.gecis.io/v1/auth/token/<api_suffix>

Procedure

You can use the Vault service APIs to perform the following tasks:

Retrieve the secret at the specified location.

Method: GET

URL: /secret/<path>

Parameters: None

Returns:

{
"auth":null,
"data":{
    "foo":"bar"
    },
"lease_duration":2764800,
"lease_id":"",
"renewable":false
}

Return a list of key names at the specified location. Folders are suffixed with /. The input must be a folder; list on a file will not return a value. The values themselves are not accessible via this command.
Note: Policy-based filtering is not performed on keys. Therefore do not encode sensitive information in key names.
Method: LIST/GET
URL: /secret/<path> (LIST) or /secret/<path>?list=true (GET)
Parameters: None
The example below shows output for a query path of secret/ when there are secrets at secret/foo and secret/foo/bar.
Returns:
```
{
"auth":null,
"data":{
    "foo":"bar"
    },
"lease_duration":2764800,
"lease_id":"",
"renewable":false
}
```
Stores a secret at the specified location.
Method: POST/PUT
URL: /secret/<path>
Parameters: (key) Specify a key name paired with an associated value to be stored at the given path. You can specify multiple key/value pairs. You can retrieve all values using the read operation.
Returns: A 204 response code.
Delete the secret at the specified location.
Method: DELETE
URL: /secret/<path>
Parameters: None
Returns: A 204 response code.