$ vault kv put kv/mycorp/mydepartment/myproject/myapp/myapp-api/config db_type=mysql Success! Data written to: kv/mycorp/mydepartment/myproject/myapp/myapp-api/config $ vault kv put kv/mycorp/mydepartment/myproject/myapp/myapp-api/config db_host=127.0.0.1 Success! Data written to: kv/mycorp/mydepartment/myproject/myapp/myapp-api/config $ vault kv put kv/mycorp/mydepartment/myproject/myapp/myapp-api/config db_port=3306 Success! Data written to: kv/mycorp/mydepartment/myproject/myapp/myapp-api/config
列出键
$ vault secrets list Path Type Accessor Description ---- ---- -------- ----------- cubbyhole/ cubbyhole cubbyhole_e5c17df6 per-token private secret storage identity/ identity identity_f0404cf8 identity store kv/ kv kv_618be90b n/a sys/ system system_053aea79 system endpoints used for control, policy and debugging transit/ transit transit_aaaaf63d n/a $ vault kv list kv Keys ---- mycorp/ $ vault kv list kv/mycorp Keys ---- mydepartment/ $ vault kv list kv/mycorp/mydepartment Keys ---- myproject/ $ vault kv list kv/mycorp/mydepartment/myproject/myapp/myapp-api Keys ---- config $ vault kv list kv/mycorp/mydepartment/myproject/myapp/myapp-api/config No value found at kv/mycorp/mydepartment/myproject/myapp/myapp-api/config
读取键值
$ vault kv get kv/mycorp/mydepartment/myproject/myapp/myapp-api/config ===== Data ===== Key Value --- ----- db_port 3306
$ vault kv delete kv/mycorp/mydepartment/myproject/myapp/myapp-api/config Success! Data deleted (if it existed) at: kv/mycorp/mydepartment/myproject/myapp/myapp-api/config $ vault kv get kv/mycorp/mydepartment/myproject/myapp/myapp-api/config No value found at kv/mycorp/mydepartment/myproject/myapp/myapp-api/config
kv Version 2
kv Version 2 相比 Version 1,有以下改进
version 2 支持多版本管理,默认保留 10 个版本
version 2 支持 patch 操作,可以更新 key,而不是像 version 1 一样直接覆盖
version 2 支持数据回滚操作
version 2 保护了 metadata 元数据信息,里面可以看到多个版本的信息及其数据
使用以下命令启用 version 2 版本的 kv,挂载路径为 kv2
$ vault secrets enable -path=kv2 -version=2 kv Success! Enabled the kv secrets engine at: kv2/ $ vault secrets list Path Type Accessor Description ---- ---- -------- ----------- cubbyhole/ cubbyhole cubbyhole_e5c17df6 per-token private secret storage identity/ identity identity_f0404cf8 identity store kv/ kv kv_618be90b n/a kv2/ kv kv_2b51a6d6 n/a sys/ system system_053aea79 system endpoints used for control, policy and debugging transit/ transit transit_aaaaf63d n/a
以下命令演示了数据的版本回滚操作,可以实现基于以前的版本恢复数据。需要注意的是,执行 rollback 后的 version 值不是回滚的目标版本,而是一个新的版本,只是其数据内容和要回滚的目标版本的数据一致。比如以下示例中,当前 version 为 2,执行了 vault kv rollback -version=1 后,数据版本变成了 version 3,而不是 version 1,但是 version 3 和 version 1 的数据内容一模一样
$ vault kv get kv2/corp/department/project/app/api/config ================= Secret Path ================= kv2/data/corp/department/project/app/api/config
======= Metadata ======= Key Value --- ----- created_time 2023-07-14T02:15:18.525867051Z custom_metadata <nil> deletion_time n/a destroyed false version 2
===== Data ===== Key Value --- ----- db_host lcoalhost db_type mysql $ vault kv rollback -version=1 kv2/corp/department/project/app/api/config Key Value --- ----- created_time 2023-07-14T02:18:34.86076686Z custom_metadata <nil> deletion_time n/a destroyed false version 3 $ vault kv get kv2/corp/department/project/app/api/config ================= Secret Path ================= kv2/data/corp/department/project/app/api/config
======= Metadata ======= Key Value --- ----- created_time 2023-07-14T02:18:34.86076686Z custom_metadata <nil> deletion_time n/a destroyed false version 3
===== Data ===== Key Value --- ----- db_type mysql $ vault kv get -version=1 kv2/corp/department/project/app/api/config ================= Secret Path ================= kv2/data/corp/department/project/app/api/config
======= Metadata ======= Key Value --- ----- created_time 2023-07-14T02:13:57.086632928Z custom_metadata <nil> deletion_time n/a destroyed false version 1
===== Data ===== Key Value --- ----- db_type mysql