Difference between revisions of "Vault"
Jump to navigation
Jump to search
| Line 51: | Line 51: | ||
# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1 | # vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1 | ||
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 & | vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 & | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | vault login <token> | ||
| + | vault kv get foo/certs | ||
``` | ``` | ||
Revision as of 17:45, 29 August 2022
Password Management Using Hashicorp Vault
- https://devopscube.com/setup-hashicorp-vault-beginners-guide/
- https://learn.hashicorp.com/vault/getting-started/install
- https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04
- https://github.com/hashicorp/vault-helm/issues/17
vault operator init > vault-init.out vault operator unseal
Use at least 3 keys from init.out in unseal
https://www.vaultproject.io/docs/commands/operator/unseal/
vault auth enable approle vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy
torage "file" {
path = "/srv/vault"
}
disable_mlock = true
# consul agent -dev
# storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
# }
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
# telemetry {
# statsite_address = "127.0.0.1:8125"
# disable_hostname = true
# }
#!/usr/bin/env bash # vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1 vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &
vault login <token> vault kv get foo/certs