mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-10 00:27:02 +02:00
51 lines
1.5 KiB
Markdown
51 lines
1.5 KiB
Markdown
---
|
|
layout: "docs"
|
|
page_title: "Secret Backend: Generic"
|
|
sidebar_current: "docs-secrets-generic"
|
|
description: |-
|
|
The generic secret backend can store arbitrary secrets.
|
|
---
|
|
|
|
# Generic Secret Backend
|
|
|
|
Name: `generic`
|
|
|
|
The generic secret backend is used to store arbitrary secrets within
|
|
the configured physical storage for Vault. If you followed along with
|
|
the getting started guide, you interacted with a generic secret backend
|
|
via the `secret/` prefix that Vault mounts by default.
|
|
|
|
Writing to a key in the `secret/` backend will replace the old value,
|
|
the sub-fields are not merged together.
|
|
|
|
## Quick Start
|
|
|
|
The generic backend allows for writing keys with arbitrary values. The
|
|
only value that is special is the `lease` key, which can be provided with
|
|
any key to restrict the lease time of the secret. This is useful to ensure
|
|
clients periodically renew so that key rolling can be time bounded.
|
|
|
|
As an example, we can write a new key "foo" to the generic backend
|
|
mounted at "secret/" by default:
|
|
|
|
```
|
|
$ vault write secret/foo zip=zap lease=1h
|
|
Success! Data written to: secret/foo
|
|
```
|
|
|
|
This writes the key with the "zip" field set to "zap" and a one hour lease. We can test
|
|
this by doing a read:
|
|
|
|
```
|
|
$ vault read secret/foo
|
|
Key Value
|
|
lease_id secret/foo/e4514713-d5d9-fb14-4177-97a7f7f64518
|
|
lease_duration 3600
|
|
lease 1h
|
|
zip zap
|
|
```
|
|
|
|
As expected, we get the value previously set back as well as our custom lease.
|
|
The lease_duration has been set to 3600 seconds, or one hour as specified.
|
|
|