# HashiCorp Key Vault access token
Please check below scenarios and choose the one suits your user case.
## Scenario-1: Existing Hashicorp vault service
1. `token` for accessing the existing vault service. Please contact your vault admin for access token.
2. `vault service address` of the existing vault service
3. Complete \`ddhub\` secret engine creation. You can follow [**How to create ddhub secret engine**](#how-to-create-ddhub-secret-engine) step below to do that.
## Scenario-2: Deploy new HashiCorp vault service and obtain token - run a single container
Please follow below steps to run HashiCorp vault service in a docker container.
In a terminal:
1. Clone git repository [ddhub-client-gateway](https://github.com/energywebfoundation/ddhub-client-gateway)
`git clone https://github.com/energywebfoundation/ddhub-client-gateway.git`
2. Change directory to example directory
`cd ddhub-client-gateway && cd get-started`
3. Start the vault service
`docker compose up vault_demo`
4. You should have the vault service and UI available at port 8200.
5. On a web browser, enter `http://127.0.0.1:8200/ui` in the address bar. Follow starting from step 5. Then, you should have the `root_token`. The `vault server address` is
6. Complete \`ddhub\` secret engine creation. You can follow [**How to create ddhub secret engine**](#how-to-create-ddhub-secret-engine) step below to do that.
## Scenario-3: Deploy new HashiCorp vault service and obtain token - Kubernetes
Please follow the steps below:
1. Follow [Helm chart | Vault | HashiCorp Developer](https://www.vaultproject.io/docs/platform/k8s/helm#using-the-helm-chart) to deploy a HashiCorp vault service in kubernetes.
2. Once your vault service is up and running, on a web browser, enter `http(s)://YOUR_VAULT_ADDRESS/ui` in the address bar. Follow starting from step 5. Then, you should have the `root_token`. The `vault server address` is [http://YOUR\_VAULT\_ADDRESS](http://your_vault_address/)
3. Complete \`ddhub\` secret engine creation. You can follow [**How to create ddhub secret engine**](#how-to-create-ddhub-secret-engine) step below to do that.
## Creating the `ddhub` secret engine
`ddhub` secret engine name needs to align with the value for \`SECRET\_PREFIX\`
There are two options in creating the secret engine:
1. [Creating from CLI Command](#creating-the-ddhub-secret-engine-from-cli-command)
2. [Creating from UI](#creating-the-ddhub-secret-engine-from-ui)
### **Creating the `ddhub` secret engine from CLI command**
Use the following CLI command to create the `ddhub` secret engine:
`vault secrets enable -version=1 -path=ddhub -address="http://127.0.0.1:8200" kv`
### **Creating the `ddhub` secret engine from UI**
Below guide is based on vault UI which is accessible at local port 8200. Please follow your vault service’s UI address.
1\. Visit the vault service UI at [http://localhost:8200](http://localhost:8200/). Key in your token and below screen will be displayed.
2\. Click on `Enable new engine` button and select `KV` from the list of generic secrets engine options.
3\. Click on `Next` button. Put `ddhub` as value on *Path* field and expand the method options, select *Version* `1`.
4\. Scroll down and click on `Enable the engine` button. Finally, on the secret page, the new `ddhub` secret engine is created and listed as illustrated below.
### HashiCorp References
* [Concepts | Vault | HashiCorp Developer](https://www.vaultproject.io/docs/concepts)
* [Vault foundations | Vault | HashiCorp Developer](https://learn.hashicorp.com/collections/vault/getting-started)
* [Seal/Unseal | Vault | HashiCorp Developer](https://www.vaultproject.io/docs/concepts/seal)
