Hashicorp Vault 101: Creating your first secret in Vault CLI

2 min readSep 16, 2021

Hashicorp Vault 101 is a series of blog posts, aimed towards making you a zero-to-hero in Vault.

Creating secrets in Vault using CLI

We already discussed interacting with Vault with UI, in this blog, we would be checking how we can also do the same using Vault CLI

To get started we need vault-cli installed on our machine, we need to set a couple of details such as VAULT_HOST & VAULT_TOKEN which provide the details of where the Vault Server is present along with the token.

# Vault Host
export VAULT_ADDR='http://127.0.0.1:8200'# Vault Token
export VAULT_TOKEN=<YOUR_VAULT_TOKEN># Provides Vault Status
vault status

Enabling the secret engine

We first need to enable a secret engine (Key-Value) to store secrets

# Enabling Key-Value Secret engine on /kv path
vault secrets enable -path=kv kv# List the Secrets Engines
vault secrets list

Creating the Secrets

Now since we have created and mounted the key-value secret engine on /kv path.

# Creating Vault secrets
vault kv put kv/user user=admin password=test # Getting Vault Secrets
vault kv get kv/user

Deleting the Secrets

We can delete the secret itself by using the following command

# Deleting the secrets as well
vault kv delete kv/user

Disabling the Secret Engine

We can directly disable a secret engine that will delete all the secrets under it, using the following command.

# Disable Secret Engine
vault secrets disable <SECRET_ENGINE_NAME>