Tutorial Beginner By Samson Tanimawo, PhD Published Oct 7, 2026 10 min read

HashiCorp Vault for Secrets: 30-Minute Tutorial

Vault for static secrets; the dev mode gets you started without operational complexity.

Step 1: Run Vault dev

vault server -dev, dev mode; root token in console.

Export VAULT_ADDR; vault login.

Step 2: Auth + write

vault kv put secret/myapp api_key=abc123
Verify: vault kv get secret/myapp.

Step 3: Read from app

App reads with vault kv get -format=json secret/myapp or via SDK.

Token must be available; in K8s, use Vault Agent injector.

Step 4: Production considerations

Dev mode is in-memory; production uses HA backend (Consul, Raft).

Auth methods: K8s service accounts, AWS IAM, JWT.

Audit log enabled; encryption keys backed up.

Antipatterns

Dev mode in production. Secrets gone on restart.
Root token in app config. Defeats Vault.
Without auth method per workload. Wide blast radius.

What to do this week

Three moves. (1) Run the tutorial end-to-end on your own laptop / sandbox. (2) Apply the pattern to one production workload. (3) Document the variations you needed; share with the team.