Namespaces

A Vault Namespace is a logical grouping mechanism within Vault that allows the separation of policies, authentication methods, secrets engines, and other configurations. Essentially, it divides a Vault deployment into different environments or organisational units, providing isolation and control over access and operations. Namespaces allow teams or departments to manage their secrets and configurations independently within a shared Vault infrastructure, improving security and governance.

Create a namespace at the path education/ :

vault namespace create education/

curl --location --request POST 'https://127.0.0.1:8200/v1/sys/namespaces/education'

Headers

Response

{
    "request_id": "1ff6c7cd-60e4-a2e7-2fbb-02cbf6eb3694",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "custom_metadata": {},
        "id": "education",
        "path": "education/"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}

List all namespaces:

Headers

Response

Lookup the namespace information at path education/ :

Headers

Response

Delete the namespace at path education/ :

Headers

Response

Accessing a namespace:

Users can access namespaces by specifying the namespace in the Vault CLI commands or API requests using the -namespace flag or parameter.

Headers

Response

Managing policies within a namespace:

Create a policy specific to the "education" namespace:

Headers

Body

Response

Using secrets engines:

Mount a secrets engine named "kv" within the "education" namespace:

Headers

Body

Response

Creating secrets in KV secrets engine:

You can write a secret to the KV secrets engine. For example, let's add a username and password:

Headers

Body

Response