Difference between revisions of "Vault"

From UVOO Tech Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
- https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04
 
- https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04
 
- https://github.com/hashicorp/vault-helm/issues/17
 
- https://github.com/hashicorp/vault-helm/issues/17
 +
- https://developer.hashicorp.com/vault/tutorials/auth-methods/identity
 +
- https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide
  
  
 +
 +
https://developer.hashicorp.com/vault/docs/auth/ldap
  
 
```
 
```
vault operator init
+
vault operator init > vault-init.out
 
vault operator unseal
 
vault operator unseal
 
```
 
```
 +
Use at least 3 keys from init.out in unseal
 +
 +
https://www.vaultproject.io/docs/commands/operator/unseal/
 +
 +
```
 +
vault auth enable approle
 +
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy
 +
```
 +
 +
```
 +
torage "file" {
 +
  path    = "/srv/vault"
 +
}
 +
 +
disable_mlock = true
 +
 +
# consul agent -dev
 +
# storage "consul" {
 +
#  address = "127.0.0.1:8500"
 +
#  path    = "vault"
 +
# }
 +
 +
listener "tcp" {
 +
  address    = "0.0.0.0:8200"
 +
  tls_disable = 1
 +
}
 +
 +
# telemetry {
 +
#  statsite_address = "127.0.0.1:8125"
 +
#  disable_hostname = true
 +
# }
 +
```
 +
 +
 +
```
 +
#!/usr/bin/env bash
 +
 +
# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1
 +
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &
 +
```
 +
 +
 +
```
 +
vault login <token>
 +
vault kv get foo/certs
 +
```
 +
 +
https://github.com/xuwang/vault-scripts/blob/master/vault-secrets-the-simple-way.md

Latest revision as of 17:54, 6 December 2022

Password Management Using Hashicorp Vault

https://developer.hashicorp.com/vault/docs/auth/ldap 

vault operator init > vault-init.out
vault operator unseal

Use at least 3 keys from init.out in unseal

https://www.vaultproject.io/docs/commands/operator/unseal/ 

vault auth enable approle
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy

torage "file" {
  path    = "/srv/vault"
}

disable_mlock = true

# consul agent -dev
# storage "consul" {
#   address = "127.0.0.1:8500"
#   path    = "vault"
# }

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = 1
}

# telemetry {
#   statsite_address = "127.0.0.1:8125"
#   disable_hostname = true
# }

#!/usr/bin/env bash

# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &

vault login <token>
vault kv get foo/certs

https://github.com/xuwang/vault-scripts/blob/master/vault-secrets-the-simple-way.md

Retrieved from "https://tech.uvoo.io/index.php?title=Vault&oldid=3633"