Wrapped Secrets
Wrapping and Unwrapping with Vault: A Step-by-Step Guide
We operate a Hashicorp Vault instance for secure secrets management within the Uni Cloud Münster environment.
The Vault provides a centralized location for storing, retrieving, and rotating sensitive credentials, such as passwords, API keys, and certificates. It supports various secret engines, including KV (Key-Value), transit, and PKI.
It is accessible at the URL https://vault.uni-muenster.de.
To access the Vault go to https://vault.uni-muenster.de. Then log in by clicking “Sign in with OIDC Provider” on the Vault login page. You need to authenticate using your university account credentials.
Leave the ‘Role’ field blank unless otherwise specified.
Prerequisite: Install the Vault CLI on your machine by downloading the binary from the official Vault website or by using a package manager.
First configure the VAULT_ADDR
environment variable by running:
export VAULT_ADDR=https://vault.uni-muenster.de
Then, authenticate with Vault using the OIDC method by executing:
vault login -method=oidc
Follow the subsequent OIDC authentication workflow in your web browser to complete the login process.
Wrapping and Unwrapping with Vault: A Step-by-Step Guide