HashiDays One conference. Three cities. Find a city near you
HashiCorp Cloud Platform
HCP Vault Secrets

Create a secret in HCP Vault Secrets

  • 3min
  • |
  • HCP
  • Vault
  • Video

HCP Vault Secrets allows you to centrally manage static secrets. In this tutorial you will create a new secret, review related audit logs, and update the secret to a new version.

Prerequisites

  • An existing HCP account
  • Completed the previous tutorials in the collection

Access HCP Vault Secrets

  1. Launch the HCP Portal and login. If you have multiple projects, select the project you wish to connect to. This tutorial uses a project named Production.

  2. From the Overview page, click Vault Secrets. ui-access-hcp-vault-secrets

  3. The HCP Vault Secrets Overview page will load. ui-hcp-vault-secrets-overview

Create an application

Secrets are organized by a concept known as an application. Applications are typically named after a service or other types of workloads that requires access to one or more secrets. Applications can also be named after business units, departments, or individuals.

Create a new app to manage a static secret.

  1. From the HCP Vault Secrets Overview page, click Create first app. ui-hcp-vault-secrets-create-first-application

    Apps already exist

    If the Overview page lists existing apps, select Apps from the left navigation pane, and then click Create new app.

  2. Enter WebApplication in the App name field and click Create App. ui-hcp-vault-secrets-create-application

    Note

    Application names can only contain letters and numbers. They cannot include special characters such as !, ?, or white space.

    You will be re-directed to the WebApplication Secrets page.

Add secrets

Now that you have created an application, you can add new secrets as key/value pairs.

  1. From the WebApplication Secrets page, click Add secret and select Static secret. ui-hcp-vault-secrets-add-new-secret

  2. Enter username in the Name field, database-user in the Value field, and click Save. ui-hcp-vault-secrets-save-secret

  3. Click the view button to reveal the secret. ui-hcp-vault-secrets-view-value

    The UI provides a quick guide to retrieve the secrets using the CLI and API.

    Command guides

Edit an existing secret

HCP Vault Secrets supports versioning secrets. You can edit the value of any existing secret, such as changing a username or updating a password.

  1. Click the ellipses and select Edit secret value. ui-hcp-vault-secrets-edit-secret

  2. Change database-user to db-user and click Save.

  3. Click username. You can view details about the secret including the versions of the username value. ui-hcp-vault-view-secret-history

Audit log

  1. Click Audit Logs. ui-hcp-vault-secrets-access-audit-logs

    The audit logs allow you to monitor application specific events such as when the application was created, or lifecycle events for each secret.

    ui-hcp-vault-create-application-activity-log

    Details include:

    1. Event: Describes the type of event such as App created, or Secret created.
    2. Triggered by: Who created the application and where the request originated from
    3. Scope: The application or secret event where the event was executed
    4. Interface: Whether the even was triggered from the UI, CLI, or API
    5. Timestamp: When the event occurred

  2. The audit logs show two new events: Secret created and Secret viewed. ui-hcp-vault-create-secret-activity-log

  3. The activity logs show the event Secret updated on the scope of username is now at version 2. ui-hcp-vault-update-secret-activity-log

    You can also find the log entries for app and secret creations, and other events related to the WebApplication app.

Next steps

In this tutorial, you created an application to organize secrets. You then added a new secret, reviewed the activity logs, and updated the version of the secret.

The next step is to install and configure the HCP Vault Secrets CLI and authenticate with the HashiCorp Cloud Platform.

Previous

Learn secrets management

 Next

Install HCP CLI