![How to use the command 'safe' (with examples)](/images/commands/general-7_hua6121dacd6355c6ea670daa7d7ae9847_8242_1110x0_resize_q90_h2_lanczos_2.webp)
How to use the command 'safe' (with examples)
The ‘safe’ command is used to interact with HashiCorp Vault, which is a popular tool for managing secrets and sensitive data. With the ‘safe’ command, you can perform various operations such as setting and retrieving secrets, generating SSH keys, and managing the Vault environment. This article will provide examples of each of these use cases to help you understand how to use the ‘safe’ command effectively.
Use case 1: Adding a safe target
Code:
safe target vault_addr target_name
Motivation: Adding a safe target allows you to specify a Vault server and assign it a friendly name, making it easier to interact with the server.
Explanation:
vault_addr
: The address of the Vault server.target_name
: A friendly name to assign to the target.
Example output:
Successfully added target "my_vault" with address "https://vault.example.com".
Use case 2: Authenticating the CLI client
Code:
safe auth authentication_token
Motivation: Authenticating the CLI client against the Vault server is necessary to perform any operation that requires access to secrets or sensitive data.
Explanation:
authentication_token
: The authentication token generated by the Vault server.
Example output:
Successfully authenticated.
Use case 3: Printing the environment variables
Code:
safe env
Motivation: Printing the environment variables for the current target can be useful to understand the configuration and make troubleshooting easier.
Explanation: This command does not require any arguments.
Example output:
HYDRA_TARGET=my_vault
HYDRA_ADDR=https://vault.example.com
HYDRA_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Use case 4: Displaying a tree hierarchy
Code:
safe tree path
Motivation: Displaying a tree hierarchy of all reachable keys for a given path provides a structured overview of the available secrets.
Explanation:
path
: The path to the secrets in Vault.
Example output:
path/to/secret/
├── key1
├── key2
└── subfolder/
└── nested_key
Use case 5: Moving a secret
Code:
safe move old/path/to/secret new/path/to/secret
Motivation: Moving a secret from one path to another can help in organizing and managing secrets in Vault.
Explanation:
old/path/to/secret
: The current path of the secret.new/path/to/secret
: The new desired path for the secret.
Example output:
Successfully moved secret from "old/path/to/secret" to "new/path/to/secret".
Use case 6: Generating an SSH key-pair
Code:
safe ssh 2048 path/to/secret
Motivation: Generating an SSH key-pair and storing it in Vault provides a centralized location for managing SSH access.
Explanation:
2048
: The desired key size in bits.path/to/secret
: The path in Vault to store the generated key-pair.
Example output:
Successfully generated and stored a 2048-bit SSH key-pair at "path/to/secret".
Use case 7: Setting non-sensitive keys
Code:
safe set path/to/secret key=value
Motivation: Setting non-sensitive keys for a secret allows storing additional metadata or descriptive information.
Explanation:
path/to/secret
: The path of the secret in Vault.key=value
: The key-value pair to set for the secret.
Example output:
Successfully set key "my_key" with value "my_value" for secret at "path/to/secret".
Use case 8: Setting auto-generated password
Code:
safe gen path/to/secret key
Motivation: Setting an auto-generated password for a secret enables easy and secure password management.
Explanation:
path/to/secret
: The path in Vault to store the auto-generated password.key
: The key under which the password will be stored.
Example output:
Successfully generated and set an auto-generated password for key "my_password" in secret at "path/to/secret".
Conclusion
The ‘safe’ command provides a convenient and efficient way to interact with HashiCorp Vault. By following the examples provided in this article, you can easily perform various operations such as managing secrets, generating SSH keys, and organizing your Vault environment. Experimenting with different use cases will help you become more comfortable and proficient with the ‘safe’ command, enabling you to effectively manage and secure your secrets and sensitive data.