Differences

This shows you the differences between two versions of the page.

--- hashicorp_vault [2026/02/13 13:02]
val [Установка и подключение]
+++ hashicorp_vault [2026/03/02 14:20] (current)
val [KV secrets engine]
@@ Line 11: / Line 11: @@
 <code>
-# docker run -d --name my-vault -p 8200:8200 hashicorp/vault:latest
+# docker run -d --name my-vault -p 8200:8200 hashicorp/vault:1.21.3
 # docker logs my-vault
@@ Line 41: / Line 41: @@
 / # vault kv put secret/ansible/openvpn1 \
-username=student \
+username=vagrant \
-password=password
+password=strongpassword
 / # vault kv list secret/ansible/
@@ Line 56: / Line 56: @@
 ...
+UI CLI> vault kv-get secret/ansible/openvpn1
+/ # ###vault kv get -version=3 secret/ansible/openvpn1
 / # ###vault kv delete secret/ansible/openvpn1
@@ Line 79: / Line 82: @@
 / # echo SGVsbG8gV29ybGQK | base64 -d
 </code><code>
-/ # vault write transit/keys/webd-k8s type=rsa-4096
+/ # vault write transit/keys/my-pgcluster type=rsa-4096
+/ # vault write transit/keys/my-keycloak type=rsa-4096
 </code>
 ===== Vault policy =====
+  * [[http://server.corpX.un:8200]]
 <code>
 / # vault policy write ansible-openvpn1 - <<EOF
@@ Line 101: / Line 109: @@
 / # ###vault policy delete ansible-openvpn1
 </code><code>
-/ # vault policy write webd-k8s - <<EOF
+/ # vault policy write my-pgcluster - <<EOF
-path "/transit/encrypt/webd-k8s" {
+path "/transit/encrypt/my-pgcluster" {
   capabilities = ["update"]
 }
-path "/transit/decrypt/webd-k8s" {
+path "/transit/decrypt/my-pgcluster" {
+  capabilities = ["update"]
+}
+EOF
+</code><code>
+/ # vault policy write my-keycloak - <<EOF
+path "/transit/encrypt/my-keycloak" {
+  capabilities = ["update"]
+}
+path "/transit/decrypt/my-keycloak" {
   capabilities = ["update"]
 }
@@ Line 113: / Line 130: @@
 ===== Vault token =====
 <code>
-/ # vault token create -policy="ansible-openvpn1"
+/ # vault token create -policy="ansible-openvpn1" #-ttl=32d
 Key                  Value
 ---                  -----
@@ Line 153: / Line 170: @@
 server|gate# VAULT_ADDR='http://server.corpX.un:8200'
 server|gate#  VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKk
-server|gate#  export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKk
 / # vault write auth/token/roles/ansible-openvpn1-role allowed_policies=ansible-openvpn1 bound_cidrs="192.168.X.0/24"
@@ Line 162: / Line 178: @@
 ...
 </code><code>
-/ # vault write auth/token/roles/webd-k8s allowed_policies=webd-k8s bound_cidrs="192.168.X.0/24"
+/ # vault write auth/token/roles/my-pgcluster allowed_policies=my-pgcluster bound_cidrs="192.168.X.10, 192.168.X.221"
+/ # vault token create -role=my-pgcluster
+</code><code>
+/ # vault write auth/token/roles/my-keycloak allowed_policies=my-keycloak bound_cidrs="192.168.X.10, 192.168.X.221"
-/ # vault token create -role=webd-k8s
+/ # vault token create -role=my-keycloak
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools