In this guide, you’ll learn how to authenticate to Vault using an auth method, extract the client token from the API response, store it securely, and use it for subsequent requests. All examples useDocumentation Index
Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
Use this file to discover all available pages before exploring further.
jq to parse JSON.
1. Authenticate and Retrieve a Client Token
When you log in (with any method other than token auth), Vault returns a JSON payload containingauth.client_token. Use curl to send your credentials:
auth.client_token is your Vault token for future API calls.
2. Store the Token
You have two common options for storing the token.| Method | Command Example | Pros & Cons | |
|---|---|---|---|
| File | `curl … | jq -r “.auth.client_token” > token.txt` | Easy persistence; file permissions are critical |
| Environment | `export VAULT_TOKEN=$(curl … | jq -r “.auth.client_token”)` | Session-scoped; not persisted to disk |
Storing tokens in plain text files can expose secrets if file permissions aren’t locked down. Always enforce least-privilege access.
2.1 Save to a File
2.2 Save to an Environment Variable
3. Use the Token in API Requests
Vault supports two header styles for passing the token. Choose one:| Header Style | Example |
|---|---|
| X-Vault-Token | -H "X-Vault-Token: $VAULT_TOKEN" |
| Authorization | -H "Authorization: Bearer $VAULT_TOKEN" |
The most common practice is to use X-Vault-Token.
3.1 Write a Secret
3.2 Read a Secret
auth.client_token, store it securely, and include it in the header for all Vault API calls.