Home Security & Privacy Vault Secrets Engines

Vault Secrets Engines Cheat Sheet

Dynamic secrets, AppRoles, and leases

Last Updated: November 21, 2025

Secrets Engines

Engine Use case
kv Store static secrets
database Mint DB credentials
pki Issue TLS certificates
aws Provision IAM creds

Commands

vault secrets enable database
Enable DB engine
vault write database/creds/webapp
Create dynamic creds
vault lease renew
Extend TTL
vault token create -policy=app
Issue app token

Access Patterns

Authenticate via AppRole, limit CIDRs, and rely on short-lived leases for rotation.

Related Cheat Sheets

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

AWS IAM Policies

Design IAM policies and test with the simulator

💡 Pro Tip: Use namespaced policies per app and rotate leases before expiry.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets