Vault

Password Management Using Hashicorp Vault

• https://devopscube.com/setup-hashicorp-vault-beginners-guide/
• https://learn.hashicorp.com/vault/getting-started/install
• https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04
• https://github.com/hashicorp/vault-helm/issues/17
• https://developer.hashicorp.com/vault/tutorials/auth-methods/identity
• https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide

https://developer.hashicorp.com/vault/docs/auth/ldap

vault operator init > vault-init.out
vault operator unseal

Use at least 3 keys from init.out in unseal

https://www.vaultproject.io/docs/commands/operator/unseal/

vault auth enable approle
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy

torage "file" {
  path    = "/srv/vault"
}

disable_mlock = true

# consul agent -dev
# storage "consul" {
#   address = "127.0.0.1:8500"
#   path    = "vault"
# }

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = 1
}

# telemetry {
#   statsite_address = "127.0.0.1:8125"
#   disable_hostname = true
# }

#!/usr/bin/env bash

# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &

vault login <token>
vault kv get foo/certs

https://github.com/xuwang/vault-scripts/blob/master/vault-secrets-the-simple-way.md