tech:notes_hashicorp_vault
Ceci est une ancienne révision du document !
Notes Hashicorp Vault
Hashicorp Vault
Voir :
- Akeyless
Source : https://www.youtube.com/watch?v=vOf0afZP9gE
docker run --cap-add=IPC_LOCK -d -p 8200:8200 --name=dev-vault vault
docker logs dev-vault
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variables:
$ export VAULT_ADDR='http://0.0.0.0:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: fjLp7NUP5GfHPE8fv0UxMM+D1s0xuumy4Xljs6l7Eks=
Root Token: hvs.pSSg3pM9pfk5Ih6HdCi784un
Development mode should NOT be used in production installations!
vault server -dev
VAULT_SKIP_VERIFY=true
curl 127.0.0.1:8200/v1/sys/health |jq .
vault(){ docker exec -ti -e VAULT_ADDR='http://127.0.0.1:8200' -e VAULT_TOKEN=hvs.pSSg3pM9pfk5Ih6HdCi784un dev-vault vault $@ ;} vault --version vault token lookup
# vault kv list kv/ Keys ---- plop
vault kv get -format=json -field=data kv/plop
Autres
vault auth enable userpass vault write auth/userpass/users/jean password='P@ssw0rd' policies=admins vault login -method=userpass username=jean password='P@ssw0rd'
vault auth enable -path=“custom” approle
vault write auth/approle/role/my-app \
secret_id_ttl=10m \ token_num_uses=0 \ token_ttl=120m \ token_max_ttl=300m \ secret_id_num_uses=1 \ token_policies="app_read"
path “secrets/secret/show/ploppath” {
capabilities = ["read", "create", "update", "delete"]
}
tech/notes_hashicorp_vault.1762793787.txt.gz · Dernière modification : de Jean-Baptiste