mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00

Randy Fay a192e03fb5 Add cookbook section, with root token generation technique

2016-12-30 09:19:55 -07:00

946 B

Raw Blame History

layout	page_title	sidebar_current	description
docs	Vault Cookbook	docs-cookbook	Vault server how-to cookbook.

Day-to-day tasks with Vault

Generate a root token (when none exists)

It's considered best practice not to keep root tokens around, as they are all-powerful. Instead, if one is absolutely needed, create it using vault's generate-root command:

Unseal the vault. You do not need to be authenticated (you do not need an existing root token).
Generate a one-time password with vault generate-root -genotp
Get the encoded root token: vault generate-root -otp <generated_otp> (Requires a quorum of unseal keys again, so needs to be done <quorum> times.)
Decode the encoded root token with vault generate-root -otp <generated_otp> -decode=<encoded_root_token>

(See vault generate-root -h for information on the alternate technique using a PGP key.)

946 B Raw Blame History

Day-to-day tasks with Vault

Generate a root token (when none exists)

946 B

Raw Blame History