Difference between revisions of "Vault"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 19: Line 19:
 
vault auth enable approle
 
vault auth enable approle
 
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy
 
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy
 +
```
 +
 +
```
 +
torage "file" {
 +
  path    = "/srv/vault"
 +
}
 +
 +
disable_mlock = true
 +
 +
# consul agent -dev
 +
# storage "consul" {
 +
#  address = "127.0.0.1:8500"
 +
#  path    = "vault"
 +
# }
 +
 +
listener "tcp" {
 +
  address    = "0.0.0.0:8200"
 +
  tls_disable = 1
 +
}
 +
 +
# telemetry {
 +
#  statsite_address = "127.0.0.1:8125"
 +
#  disable_hostname = true
 +
# }
 +
```
 +
 +
 +
```
 +
#!/usr/bin/env bash
 +
 +
# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1
 +
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &
 
```
 
```

Revision as of 20:52, 3 March 2020

Password Management Using Hashicorp Vault

vault operator init > vault-init.out
vault operator unseal

Use at least 3 keys from init.out in unseal

https://www.vaultproject.io/docs/commands/operator/unseal/ 

vault auth enable approle
vault write auth/approle/role/demo bound_cidr_list=10.0.0.0/16 bind_secret_id=false policies=default-policy

torage "file" {
  path    = "/srv/vault"
}

disable_mlock = true

# consul agent -dev
# storage "consul" {
#   address = "127.0.0.1:8500"
#   path    = "vault"
# }

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = 1
}

# telemetry {
#   statsite_address = "127.0.0.1:8125"
#   disable_hostname = true
# }

#!/usr/bin/env bash

# vault server -dev -config /srv/dev-vault/vault.conf >> /var/log/vault.log 2>&1
vault server -config /srv/vault/vault.conf >> /var/log/vault.log 2>&1 &
Retrieved from "https://tech.uvoo.io/index.php?title=Vault&oldid=437"