Vault Cheatsheet

Top commands.

Overview

HashiCorp Vault is the secrets-management platform. The cheatsheet captures the commands operators actually use during Vault operations; fluency at the CLI replaces ad-hoc secret storage with controlled, auditable access patterns.

• Secret storage. KV secrets engine for static secrets; produces centralised secret storage.
• Dynamic secrets. Database, AWS, SSH credentials generated on demand; reduces credential lifetime to minutes.
• Encryption-as-a-service. Transit secrets engine; supports application-level encryption without key handling.
• Auth methods plus policies. Token, AppRole, Kubernetes, AWS IAM, OIDC; path-based ACL for fine-grained access.

The approach

The practical approach: dynamic secrets wherever possible, AppRole or Kubernetes auth for service identity, audit everything, document per-service integration. The team’s discipline produces secure secret access at operational scale.

• vault kv put secret/app key=value. Store a secret; the canonical KV write.
• vault kv get secret/app. Read a secret; supports debugging without leaking the secret to logs.
• vault read database/creds/role. Generate dynamic credentials; produces short-lived secrets that expire.
• vault token revoke plus audit enable. Token revoke for incident response; audit log enabled for accountability.

Why this compounds

Vault discipline compounds across services. Each integrated secret grows the team’s centralised control; the team’s security posture grows; new services inherit the secrets pattern.

• Reduced credential lifetime. Dynamic secrets expire; reduces breach exposure window.
• Better audit trail. Every secret access is logged; supports compliance and investigation.
• Centralised control. One place to revoke, rotate, audit; supports incident response.
• Institutional knowledge. Each Vault interaction teaches secrets management; the team’s identity engineering muscle grows.

Vault fluency is an operational discipline that pays off across years. Nova AI Ops integrates with secrets-management telemetry, surfaces patterns, and supports the team’s security discipline.