Retrieve a secret from HCP Vault Secrets
In the previous tutorial, you created a secret and learned how to authenticate with HCP Vault Secrets.
In this tutorial, you will learn how to retrieve secrets using the HCP CLI and HCP Vault Secrets API.
Prerequisites
- An existing HCP account
- Completed the previous HCP Vault Secrets tutorials
- HCP CLI
- jq
- curl (API only)
- HCP service principal with
HCP_CLIENT_ID
andHCP_CLIENT_SECRET
environment variables set
Applications, services, and workflows need to retrieve secrets so teams do not have to store secret information such as usernames and passwords, or API keys in source code.
HCP Vault Secrets provides the flexibility to use either the HCP CLI, or an API to interact with secrets.
Tip
The HCP CLI provides context aware help based on the command or subcommand in use.
Review the available secrets.
You created he
username
secret during the Create a secret in HCP Vault Secrets tutorial.The version was incremented to
2
by changing theusername
value fromdatabase-user
todb-user
.Retrieve details about the
username
secret.You can control the CLI output using the
--format
parameter. Use--format json
to retrieve a secret in JSON format.Retrieve the
username
secret and inject the value into a process.The
run
command runs theenv
command injecting all available secrets from a HCP Vault Secrets application as environment variables.Create a script named
output.sh
.Use the
run
subcommand to runoutput.sh
and show the secret value stored in HCP Vault Secrets.Refer to the HCP Vault Secrets documentation for a list of all available CLI commands.
Next steps
In this tutorial you learned how to retrieve a secret using the HCP Vault Secrets CLI, and API.
You can learn more about supported integrations in the HCP Vault Secrets documentation