Vault Mock Secrets Plugin
Mock is an example secrets engine plugin for HashiCorp Vault. It is meant for demonstration purposes only and should never be used in production.
Usage
All commands can be run using the provided Makefile. However, it may be instructive to look at the commands to gain a greater understanding of how Vault registers plugins. Using the Makefile will result in running the Vault server in dev
mode. Do not run Vault in dev
mode in production. The dev
server allows you to configure the plugin directory as a flag, and automatically registers plugin binaries in that directory. In production, plugin binaries must be manually registered.
This will build the plugin binary and start the Vault dev server:
# Build Mock plugin and start Vault dev server with plugin automatically registered
$ make
Now open a new terminal window and run the following commands:
# Open a new terminal window and export Vault dev server http address
$ export VAULT_ADDR='http://127.0.0.1:8200'
# Enable the Mock plugin
$ make enable
# Create a new user, "john" with password, "password"
$ vault write auth/mock-auth/user/john password=password
To login using the mock auth method:
$ vault write auth/mock-auth/login user=john password=password
Key Value
--- -----
token s.PRjzJuKTWKlYc1jbGPLh5ghX
token_accessor oyQxJRrWnhR8bhoZY0XfMq7b
token_duration 30s
token_renewable true
token_policies ["default" "my-policy" "other-policy"]
identity_policies []
policies ["default" "my-policy" "other-policy"]
token_meta_user john