HashiCorp Cloud Platform
Install HCP CLI for Vault Secrets
Before you can interact with HCP Vault Secrets using the command-line interface (CLI), you will need to install the HCP CLI and configure it for your HCP environment.
Once installed, you can choose to authenticate interactively using your HCP Portal credentials, or non-interactively using a HCP service principal.
Prerequisites
- An existing HCP account
- Completed the Create a secret in HCP Vault Secrets tutorial
- Homebrew installed
Install HCP CLI
The HCP CLI is available for download from releases.hashicorp.com/hcp
as a zip archive and via popular package managers. To support HCP Vault secrets,
you must use version 0.3.0
or greater.
MacOS users can use Homebrew to install the HCP CLI. Refer to the Homebrew installation instructions if it is not already installed.
Open a new terminal.
Install the HashiCorp tap.
$ brew tap hashicorp/tap
Install the HCP CLI.
$ brew install hashicorp/tap/hcp
Verify the installation.
$ hcp USAGE hcp <command> [Optional Flags] DESCRIPTION The HCP Command Line Interface is a unified tool to manage your HCP services. COMMAND GROUPS auth: Authenticate to HCP. iam: Identity and access management. organizations: Interact with an existing organization. profile: View and edit HCP CLI properties. projects: Create and manage projects. waypoint: Manage Waypoint. COMMANDS version: Display the HCP CLI version. GLOBAL FLAGS --debug Enable debug output. --format=FORMAT Sets the output format. --profile=NAME The profile to use. If omitted, the currently selected profile will be used. --project=ID The HCP Project ID to use. If omitted the current project set in the configuration is used. --quiet Minimizes output.
Configure the HCP CLI for Vault Secrets
Interactive logins launch a web browser to have you authenticate with your HCP user account through a supported authorization method such as username and password, single sign-on (SSO), or GitHub.
Refer to the HCP Vault Secrets documentation to review HCP roles and permissions.
Log in to HCP Vault Secrets using the interactive login.
$ hcp auth login
A new browser will open, log into your HCP account. Once complete, your browser will display
Login is successful. You may close the browser and return to the command line.
.Return to the terminal session.
Example output:
The default web browser has been opened at https://auth.idp.hashicorp.com/oauth2/auth. Please continue the login in the web browser. Success! Successfully logged in!
Create a profile.
$ hcp profile init --vault-secrets
If you are a member of multiple HCP organizations, select the organization you want to use. Use the arrow keys to select the HCP organization.
Example output:
Use the arrow keys to navigate: ↓ ↑ → ← ? Multiple Organizations found please select the one you would like to configure.: > vault-edu-org hashicorp-education hashicorp-edu-org ----- Organization ----- Name: vault-edu-org ID: 12cd56-88d2-69fb-8cc1-s3sAm3st State: ACTIVE
If you have multiple projects in your HCP organization, select the project you want to use. Use the arrow keys to select the HCP project.
Use the arrow keys to navigate: ↓ ↑ → ← ? Multiple projects found. Please select the one you would like to configure.: DevelopmentProject > Production ----- Organization ----- Name: Production ID: 12cd56-704c-46af-8ba5-mAtr3x Description: State: ACTIVE
The HCP CLI will detect the
WebApplication
app you created in an earlier tutorial.$ hcp profile init --vault-secrets ✓ Organization with name "hashicorp-edu-org" and ID "12cd56-88d2-69fb-8cc1-s3sAm3st" selected ✓ Project with name "ProductionProject" and ID "12cd56-704c-46af-8ba5-mAtr3x" selected ✓ App with name "WebApplication" selected
Run
hcp vault-secrets secrets list
to review the existing secrets.$ hcp vault-secrets secrets list Name Latest Version Created At username 2 2023-05-24T12:22:18.395Z
If you create multiple HCP Vault Secrets apps, you can use the
--app
command line parameter followed by the name of the app.
Next steps
In this tutorial you installed and configured the HCP CLI, and authenticated using the interactive and non interactive methods.
In the next tutorial you will learn how to retrieve a secret using the command line interface (CLI) and API. Using the CLI or API will allow you to automate secret retrieval from HCP Vault Secrets.