{{tag>Brouillon Sécurité PKI MDP}}
= Notes Hashicorp Vault
Hashicorp Vault
Voir :
* https://www.youtube.com/watch?v=I4Xu3DGfk60&list=PLCFwfUlM-doNzjCQDDU9jvZ57tNWX03xy & suite
* https://github.com/mehdilaruelle/vault-youtube/blob/master/vault_auth_demonstration.sh
Voir aussi :
* Akeyless
* OpenBao
Source : https://www.youtube.com/watch?v=vOf0afZP9gE
docker run --cap-add=IPC_LOCK -d -p 8200:8200 --name=dev-vault vault
docker logs dev-vault
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variables:
$ export VAULT_ADDR='http://0.0.0.0:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: fjLp7NUP5GfHPE8fv0UxMM+D1s0xuumy4Xljs6l7Eks=
Root Token: hvs.pSSg3pM9pfk5Ih6HdCi784un
Development mode should NOT be used in production installations!
vault server -dev
VAULT_SKIP_VERIFY=true
curl 127.0.0.1:8200/v1/sys/health |jq .
vault(){ docker exec -ti -e VAULT_ADDR='http://127.0.0.1:8200' -e VAULT_TOKEN=hvs.pSSg3pM9pfk5Ih6HdCi784un dev-vault vault $@ ;}
vault --version
vault token lookup
# vault kv list kv/
Keys
----
plop
vault kv get -format=json -field=data kv/plop
== Autres
vault auth enable userpass
vault write auth/userpass/users/jean password='P@ssw0rd' policies=admins
vault login -method=userpass username=jean password='P@ssw0rd'
vault auth enable -path="custom" approle
vault write auth/approle/role/my-app \
secret_id_ttl=10m \
token_num_uses=0 \
token_ttl=120m \
token_max_ttl=300m \
secret_id_num_uses=1 \
token_policies="app_read"
path "secrets/secret/show/ploppath" {
capabilities = ["read", "create", "update", "delete"]
}