Skip to content
Gallery
nytgames
CreativeTech Wiki (internal)
creativeTECH Wiki
Share
Explore
Advertising Website

icon picker
Vault

Vault is a tool for managing secrets and it's fundamental for our applications.

Introduction

Vault is a tool for managing secrets. Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets. It’s important to set it up before starting working on our applications.
NYT VAULT SETUP & DETAILS:
https://security.tech.nyt.net/vaultv2/

Vault Web UI

https://vault-prd.dv.nyt.net/ui/vault/

Vault Login via CLI

https://security.tech.nyt.net/vaultv2/guides/dev/getting-started/#login-to-vault

Set VAULT_ADDR

export VAULT_ADDR="https://vault-prd.dv.nyt.net"

Log into Vault

vault login -method=oidc -path=azuread-oidc

Vault Editing Instructions

READ .ENV

Reads secret .env file and base64 decodes it.
vault read -field=value nytimes/infosec-stink/secret/dotenv.b64 | base64 -d
Reads secret .env file and base64 decodes it into a file for editing.
vault read -field=value nytimes/infosec-stink/secret/dotenv.b64 | base64 -d > /tmp/dotenv

EDIT .ENV

Edit the .env file
nano /tmp/dotenv

SAVE .ENV

Base64 encode the file and save
base64 /tmp/dotenv > /tmp/dotenv.b64
base64 -i /tmp/dotenv -o /tmp/dotenv.b64
Save new env file to vault
vault write nytimes/infosec-stink/secret/dotenv.b64 value=@/tmp/dotenv.b64

Notes

Old note to be checked.
According to Kevin Kronenbitter, the vault path for info-stink env files is nytimes/infosec-stink/secret/<env>/dotenv.b64
I have not found this, yet, to be accurate and am seeking clarification.
/Old note to be checked.

Introduction
Vault Web UI
Vault Login via CLI
Set VAULT_ADDR
Log into Vault
Vault Editing Instructions
READ .ENV
EDIT .ENV
SAVE .ENV
Notes
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.