By default, the Secrets Broker Vault Add-on enables the Key/Value secrets engine in the embedded vault and configures a OneIdentity policy for storing the credentials that are pushed from SPP. Accessing the credentials can be done using the Hashicorp vault CLI or the Hashicorp REST API. The credentials can then be used in other parts of a devops environment as needed. For more information, see KV Secrets Engine - Version 2: Writing/Reading arbitrary data.
-
Get a list of all the accounts whose credentials have been pushed from SPP and are available from the embedded vault, use the following command:
vault kv list oneidentity
-
Get the metadata and credential for a specified account, use the following command:
vault kv get oneidentity/<account/key name>