Developer-friendly introduction
What is Vault?
HashiCorp Vault is a secret management system that can really do a lot more than store and provide access control to secrets like passwords or API keys, but that's the most common use-case for developers, so that's what we'll focus on here.
Vault can provide storage for various kinds of secrets, as well as lifecycle-management for keys and certificates, secret management in external services (like databases), and cryptographic services.
And of course access control and audit logging for accessing these.
Basics
Sikt Vault is a HA configured cluster of nodes to provide stability, integrity, capacity and fault tolerance.
All nodes provide an identical API, and any communication with Vault is performed through this API, accessed on this load-balanced URL: https://vault.sikt.no:8200/v1
To talk to most API endpoints, you will always need a token. Vault keeps some properties stored on the token, like what the token gives access to and how long it should be valid. These properties are set when the token is created and cannot be changed afterwards (you would need to renew the token or issue a new one).
Authentication
To make Vault issue a token for you to use, you need to authenticate yourself.
This is done by making calls to an appropriate authentication endpoint.
When you authenticate properly, the endpoint will create a token based on its configuration, and attach the policies you have access to.
A policy is a description of what you have access to, and what you can do with it.
Only Vault admins can modify policies, so this is not something a developer needs to care about.