Demo KeyValue Secrets Engine Version 1

1. List Existing Secrets Engines
2. Enable KV v1 at a Custom Path
3. Verify the Engine Version
4. Write Secrets
5. Read Secrets
6. Update Secrets
7. JSON Output & Field Extraction
8. Delete Secrets
9. List Secret Keys
Summary Comparison: KV v1 vs. KV v2
Links and References

Welcome to this step-by-step guide on using the KV secrets engine version 1 in HashiCorp Vault. You will learn how to:

List existing secrets engines
Enable a KV v1 engine at a custom path
Verify the engine version
Write, read, update, and delete secrets
Format output as JSON and extract specific fields
List secret keys

All examples assume you have the Vault CLI installed, authenticated, and are connected to your Vault server via SSH.

1. List Existing Secrets Engines

Inspect which secret engines are currently mounted:

vault secrets list

Example output:

Path	Type	Accessor	Description
cubbyhole/	cubbyhole	cubbyhole_9c6c2ca2	per-token private secret storage
identity/	identity	identity_e55fbf01	identity store
sys/	system	system_ae43616e	control, policy, and debugging
transit/	transit	transit_5bb3af5e	data encryption as a service

No KV engine is enabled yet.

2. Enable KV v1 at a Custom Path

Enable a KV v1 engine at training/:

vault secrets enable -path=training kv

You should see:

Success! Enabled the kv secrets engine at: training/

Re-run the list command:

vault secrets list

Now you’ll spot:

Path	Type	Accessor	Description
training/	kv	kv_11d31683	n/a

3. Verify the Engine Version

Check the detailed mount info to confirm KV v1 (no versioning):

vault secrets list --detailed

Look for an empty Options map (map[]):

Path       Plugin  Accessor      Default TTL  Max TTL  Options  Description
training/  kv      kv_11d31683   n/a          n/a      map[]    n/a

In KV v2, the options map includes "version":"2".

4. Write Secrets

Store a single key/value pair:

vault kv put training/apps/jenkins apikey=fkkj4ifkjwo2

Expected output:

Success! Data written to: training/apps/jenkins

5. Read Secrets

Retrieve the secret:

vault kv get training/apps/jenkins

Key      Value
---      -----
apikey   fkkj4ifkjwo2

6. Update Secrets

KV v1 always overwrites data. To update, write again:

vault kv put training/apps/jenkins user=vault-training-admin

Read back:

vault kv get training/apps/jenkins

Key    Value
----   ----------------------
user   vault-training-admin

To store multiple fields at once:

vault kv put training/apps/jenkins apikey=fkkj4ifkjwo2 user=vault-training-admin

vault kv get training/apps/jenkins

Key      Value
---      ----------------------
apikey   fkkj4ifkjwo2
user     vault-training-admin

7. JSON Output & Field Extraction

Output secret as JSON and parse with jq:

vault kv get -format=json training/apps/jenkins

Sample JSON:

{
  "request_id": "…",
  "lease_id": "",
  "data": {
    "apikey": "fkkj4ifkjwo2",
    "user":   "vault-training-admin"
  }
}

Extract specific fields:

vault kv get -format=json training/apps/jenkins | jq -r .data.apikey
vault kv get -format=json training/apps/jenkins | jq -r .data.user

Using JSON output is useful for automation and scripting.

8. Delete Secrets

Remove the secret at a given path:

vault kv delete training/apps/jenkins

Attempt to read again:

vault kv get training/apps/jenkins

No value found at training/apps/jenkins

9. List Secret Keys

Re-create sample secrets:

vault kv put training/apps/jenkins abc=123
vault kv put training/apps/azuredevops user=administrator

List keys under training/:

vault kv list training/

Keys
----
apps/

List under training/apps/:

vault kv list training/apps/

Keys
----
azuredevops
jenkins

Entries ending with / are subdirectories.
Others are secret paths.

Summary Comparison: KV v1 vs. KV v2

Feature	KV v1	KV v2
Versioning	No	Yes
Metadata & check-and-set	N/A	Supported
Path for data operations	`kv put/get/delete`	`kv/data/...`
Options map (`--detailed`)	`map[]`	`map[version:2]`

Links and References

Watch Video

Working with the KeyValue Secrets Engine

Demo KeyValue Secrets Engine Version 2

Introduction

Create a working Vault server configuration given a scenario

Monitor a Vault Environment

Employ the Vault Security Model

Build Fault-Tolerant Vault Environments

Understand the Hardware Security Module (HSM) Integration

Scale Vault for Performance

Configure Access Control

Configure Vault Agent

Exam Experience and Expectations

Demo KeyValue Secrets Engine Version 1

1. List Existing Secrets Engines

2. Enable KV v1 at a Custom Path

3. Verify the Engine Version

4. Write Secrets

5. Read Secrets

6. Update Secrets

7. JSON Output & Field Extraction

8. Delete Secrets

9. List Secret Keys

Summary Comparison: KV v1 vs. KV v2

Links and References

Watch Video

Introduction

Create a working Vault server configuration given a scenario

Monitor a Vault Environment

Employ the Vault Security Model

Build Fault-Tolerant Vault Environments

Understand the Hardware Security Module (HSM) Integration

Scale Vault for Performance

Configure Access Control

Configure Vault Agent

Exam Experience and Expectations

Documentation Index

​1. List Existing Secrets Engines

​2. Enable KV v1 at a Custom Path

​3. Verify the Engine Version

​4. Write Secrets

​5. Read Secrets

​6. Update Secrets

​7. JSON Output & Field Extraction

​8. Delete Secrets

​9. List Secret Keys

​Summary Comparison: KV v1 vs. KV v2

​Links and References

Watch Video

1. List Existing Secrets Engines

2. Enable KV v1 at a Custom Path

3. Verify the Engine Version

4. Write Secrets

5. Read Secrets

6. Update Secrets

7. JSON Output & Field Extraction

8. Delete Secrets

9. List Secret Keys

Summary Comparison: KV v1 vs. KV v2

Links and References