Learn how to use the Vault UI to configure and manage HashiCorp Vault
Time to Complete: 25 minutes
Preview Mode: Use Cmd/Ctrl + Shift + V in VSCode to see a nicely formatted version of this lab!
- Create a Codespace from this repo (click the button below).
- Once the Codespace is running, open the integrated terminal.
- Follow the instructions in each lab to complete the exercises.
- After your Codespace starts, click on the "Ports" tab in the bottom panel
- You should see port 8200 forwarded
- Click on the "Open in Browser" icon (globe) for port 8200
- You'll be directed to the Vault UI login page
- Log in using the token:
root
-
Dashboard Overview
- Observe the main dashboard components
- Note the status of your Vault instance
- Check the server configuration details
-
Enable a Secrets Engine
- Click on "Secrets" in the left navigation
- Click "Enable new engine"
- Select "KV" (Key-Value)
- Use path: "kv"
- Choose Version 2
- Click "Enable Engine"
-
Create Secrets
- Navigate to your new KV secrets engine
- Create a new secret path called "webapp"
- Add the following key-value pairs:
database_url: "postgresql://localhost:5432/myapp" api_key: "your-secret-key-123" - Save the secret
-
Create a Policy
- Navigate to "Policies" → "ACL Policies"
- Create a new policy named "webapp-readonly"
- Add the following policy:
path "kv/data/webapp" { capabilities = ["read"] }
-
Enable and Configure Auth Method
- Go to "Access" → "Auth Methods"
- Enable the "Username & Password" auth method
- Create a new user:
- Username: "webapp-user"
- Password: "password123"
- Assign the "webapp-readonly" policy
- Log out of the root account
- Log back in using the webapp-user credentials
- Try to:
- Read the webapp secrets (should succeed)
- Create new secrets (should fail)
- Modify existing secrets (should fail)
Try these additional tasks to deepen your understanding:
- Enable the AWS secrets engine and explore its configuration options
- Create a new mount point for another KV secrets engine
- Generate and rotate credentials
- Explore the built-in help documentation
You've completed the lab when you can:
- Successfully access the Vault UI
- Create and manage secrets
- Create and apply policies
- Configure authentication
- Understand the different UI sections and their purposes
Common Issues:
- Can't access UI: Ensure port 8200 is properly forwarded in your Codespace
- Login fails: Verify you're using the correct token or credentials
- Permission denied: Check the policy assignments and capabilities
Need help? Open an issue in the repository or contact the lab administrator.
Happy Secret Managing! 🔐