HashiCorp Cloud Platform
Create a secret in HCP Vault Secrets
HCP Vault Secrets allows you to centrally manage static secrets. In this tutorial you will create a new secret, review related audit logs, and update the secret to a new version.
Prerequisites
- An existing HCP account
- Completed the previous tutorials in the collection
Access HCP Vault Secrets
Launch the HCP Portal and login. If you have multiple projects, select the project you wish to connect to. This tutorial uses a project named Production.
From the Overview page, click Vault Secrets.
The HCP Vault Secrets Overview page will load.
Create an application
Secrets are organized by a concept known as an application. Applications are typically named after a service or other types of workloads that requires access to one or more secrets. Applications can also be named after business units, departments, or individuals.
In the previous tutorial you created an app named ExampleApp
to demonstrate
how you can manage access to HCP Vault Secrets. You will now create a new app
and create a static secret.
From the HCP Vault Secrets Overview page, click Create first app.
Enter
WebApplication
in the App name field and click Create App.Note
Application names can only contain letters and numbers. They cannot include special characters such as
!
,?
, or white space.You will be re-directed to the WebApplication Secrets page.
Click Audit Logs.
The audit logs allow you to monitor application specific events such as when the application was created, or lifecycle events for each secret. Details include:
- Event: Describes the type of event such as App created, or Secret created.
- Triggered by: Who created the application and where the request originated from
- Scope: The application or secret event where the event was executed
- Interface: Whether the even was triggered from the UI, CLI, or API
- Timestamp: When the event occurred
Click Secrets to return to the WebApplication secrets page.
Add secrets
Now that you have created an application, you can add new secrets as key/value pairs.
From the WebApplication Secrets page, click Create new secret and select Static secret.
Enter
username
in the Name field,database-user
in the Value field, and click Save.Click the view button to reveal the secret.
Click Audit Logs.
The audit logs show two new events: Secret created and Secret viewed.
Click Secrets to return to the WebApplication secrets page.
Edit an existing secret
HCP Vault Secrets supports versioning secrets. You can edit the value of any existing secret, such as changing a username or updating a password.
Click the ellipses and select Edit secret value.
Change
database-user
todb-user
and click Save.Click Audit Logs.
The activity logs show the event Secret updated on the scope of username is now at version 2.
Click Secrets to return to the WebApplication secrets page.
Click username. You can view details about the secret such as viewing and comparing previous versions.
Next steps
In this tutorial you created an application to organize secrets. You then added a new secret, reviewed the activity logs, and updated the version of the secret.
In the next tutorial you will learn how to install and configure the HCP Vault Secrets CLI and authenticate with the HashiCorp Cloud Platform.