$ sudo vault server --config vault.example.com.config

$ export VAULT_ADDR="https://vault.example.com:8200"

$ vault status

$ vault init

$ vault unseal

$ vault mounts

$ vault write /secret/secret value="secret"

$ vault list /secret

$ vault auth

$ vault token-create -policy=default

$ vault policy-write ita policy.hcl

$ vault auth-enable github
$ vault write auth/github/config organization=IT-Administrator

$ vault write auth/github/map/teams/administrators value=root

$ vault auth -method=github token=<GitHub Personal Access Token>

$ vault mount ssh

$ vault-ssh-helper -verify-only -config=/etc/vault-ssh-helper.d/config.hcl

$ vault write ssh/roles/ec2instance key_type=otp default_user=ec2-user > cidr_list=w.x.y.z/32

$ vault write ssh/creds/ec2instance ip=w.x.y.z

$ vault ssh -role ec2instance ec2-user@w.x.y.z

$ grep 'avc' /var/log/audit/audit.log | audit2allow -R -M vault.allow
$ semodule -i vault.allow.pp

$ vault mount mysql
$ vault write /mysql/config/connection connection_url=  "user:password@tcp(w.x.y.z:3306)/"

$ vault write /mysql/config/lease lease=1h lease_max=24h

$ vault write /mysql/roles/readonly sql="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';"

$ vault list /mysql/roles
$ vault read /mysql/roles/readonly

$ vault read /mysql/creds/readonly

$ vault mount -path mysql2 mysql

$ vault audit-enable syslog tag="vault" facility="AUTH"