HashiCorp Developer AI Private beta now available Sign up today
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

HCP CLI overview for HCP Vault Secrets

The HCP CLI supports HCP Vault Secrets using the vault-secrets command group.

Refer to the HCP CLI section for a complete list of all supported vault-secrets commands.

Login to HCP Vault Secrets

You can login interactively using a web browser or configure the hcp CLI for non-interactive workflows.

The hcp auth login command will authenticate you with the HashiCorp Cloud Platform.

  1. Open a terminal and run hcp auth login.

    $ hcp auth login

    A new browser window will open.

  2. Log into the HCP Portal using your username and password.

  3. Return to the terminal, the Successfully logged in! message appears.

    The auth login command will try to configure default organization and project. When multiple organizations or projects are detected, you will be prompted to run hcp profile init.

  4. Run hcp profile init to configure (or update) the default profile.

    $ hcp profile init

  5. Use the arrow keys on the keyboard to select an organization.

    Example output:

    Use the arrow keys to navigate: ↓ ↑ → ←  and / toggles search
? Multiple organizations found. Please select the one you would like to configure.:
  > example-org-1
  example-org-2
  example-org-1

----- Organization -----
Name:   example-org-1
ID:     11111111-1111-1111-1111-s3sam3st33t

  6. Use the arrow keys on the keyboard to select a project.

    Example output:

    ✓ Organization with name "example-org-1" and ID "11111111-1111-1111-1111-s3sam3st33t" selected
Use the arrow keys to navigate: ↓ ↑ → ←  and / toggles search
? Multiple projects found. Please select the one you would like to configure.:
  > ProductionProject
  DevelopmentProject

----- Project -----
Name:        ProductionProject
ID:          11111111-1111-1111-1111-c00k1300
Description:

  7. When prompted, type y to configure any service related config. Select vault-secrets, then select the desired app.

    Example output:

    ✓ Organization with name "hashicorp-edu-org" and ID "2570acc0-8d87-4443-a8a8-fcf8cacf750d" selected
✓ Project with name "ProductionProject" and ID "43c763b4-d3f4-4fda-b245-2ab9d0f5d257" selected

Would you like to configure any service related config (y/n)? y

✔ Vault Secrets
Use the arrow keys to navigate: ↓ ↑ → ←  and / toggles search
? Multiple apps found. Please select the one you would like to configure.:
  > ExampleApplication
  WebApplication

----- Apps -----
Name:   ExampleApplication
Description

  8. You can now use the hcp CLI.

    $ hcp vault-secrets open <secret-name>

Secret Name:    secret-name
Type:           kv
Created At:     2024-10-02T13:21:13.417Z
Latest Version: 1
Value:          example

Create a secret

Use the vault-secrets command family to create secrets.

You can create a secret by specifying a data file, or piping the secret using STDIN.

$ echo -n "WorstPasswordEver" | hcp vault-secrets secrets create password --data-file=-
Secret Name   Created At                 Latest Version
password      2024-10-04T16:35:14.958Z   1

✓ Successfully created secret with name "password"

To read your secret, run:
  $ hcp vault-secrets secrets read password --app ExampleApplication

Read a secret

Use the vault-secrets command family to open secrets.

The open command returns the value of a secret.

$ hcp vault-secrets secrets open password
Secret Name:    password
Type:           kv
Created At:     2024-10-04T16:35:14.958Z
Latest Version: 1
Value:          WorstPasswordEver

Delete a secret

Use the vault-secrets command family to delete secrets.

The delete command to remove a secret.

$ hcp vault-secrets secrets  delete password
✓ Successfully deleted secret with name "password"

Logout of HCP Vault Secrets

Use the auth command family to logout.

$ hcp auth logout
Successfully logged out