basics

vault is a secrets management engine by hashicorp.

after installing vault:

using concourse as an example:

enable kv store: vault secrets enable -version=2 -path=concourse kv

concourse-policy.hcl:

path "concourse/*" {
  capabilities = ["read"]
}

save the policy: vault policy write concourse ./concourse-policy.hcl

create a token with the above policy: vault token create --policy concourse --period 1h