User Tools
hashicorp_vault
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
hashicorp_vault [2026/02/13 13:16] val [Vault auth token role] |
hashicorp_vault [2026/02/25 19:53] (current) val [Vault policy] |
||
|---|---|---|---|
| Line 41: | Line 41: | ||
| / # vault kv put secret/ansible/openvpn1 \ | / # vault kv put secret/ansible/openvpn1 \ | ||
| - | username=student \ | + | username=vagrant \ |
| - | password=password | + | password=strongpassword |
| / # vault kv list secret/ansible/ | / # vault kv list secret/ansible/ | ||
| Line 79: | Line 79: | ||
| / # echo SGVsbG8gV29ybGQK | base64 -d | / # echo SGVsbG8gV29ybGQK | base64 -d | ||
| </code><code> | </code><code> | ||
| - | / # vault write transit/keys/webd-k8s type=rsa-4096 | ||
| - | |||
| / # vault write transit/keys/my-pgcluster type=rsa-4096 | / # vault write transit/keys/my-pgcluster type=rsa-4096 | ||
| + | |||
| + | / # vault write transit/keys/my-keycloak type=rsa-4096 | ||
| </code> | </code> | ||
| ===== Vault policy ===== | ===== Vault policy ===== | ||
| + | |||
| + | * [[http://server.corpX.un:8200]] | ||
| + | |||
| <code> | <code> | ||
| / # vault policy write ansible-openvpn1 - <<EOF | / # vault policy write ansible-openvpn1 - <<EOF | ||
| Line 103: | Line 106: | ||
| / # ###vault policy delete ansible-openvpn1 | / # ###vault policy delete ansible-openvpn1 | ||
| </code><code> | </code><code> | ||
| - | / # vault policy write webd-k8s - <<EOF | + | / # vault policy write my-pgcluster - <<EOF |
| - | path "/transit/encrypt/webd-k8s" { | + | path "/transit/encrypt/my-pgcluster" { |
| capabilities = ["update"] | capabilities = ["update"] | ||
| } | } | ||
| - | path "/transit/decrypt/webd-k8s" { | + | path "/transit/decrypt/my-pgcluster" { |
| capabilities = ["update"] | capabilities = ["update"] | ||
| } | } | ||
| EOF | EOF | ||
| - | </code> | + | </code><code> |
| - | <code> | + | / # vault policy write my-keycloak - <<EOF |
| - | / # vault policy write my-pgcluster - <<EOF | + | path "/transit/encrypt/my-keycloak" { |
| - | path "/transit/encrypt/my-pgcluster" { | + | |
| capabilities = ["update"] | capabilities = ["update"] | ||
| } | } | ||
| - | path "/transit/decrypt/my-pgcluster" { | + | path "/transit/decrypt/my-keycloak" { |
| capabilities = ["update"] | capabilities = ["update"] | ||
| } | } | ||
| Line 165: | Line 167: | ||
| server|gate# VAULT_ADDR='http://server.corpX.un:8200' | server|gate# VAULT_ADDR='http://server.corpX.un:8200' | ||
| server|gate# VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKk | server|gate# VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKk | ||
| - | server|gate# export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKk | ||
| / # vault write auth/token/roles/ansible-openvpn1-role allowed_policies=ansible-openvpn1 bound_cidrs="192.168.X.0/24" | / # vault write auth/token/roles/ansible-openvpn1-role allowed_policies=ansible-openvpn1 bound_cidrs="192.168.X.0/24" | ||
| Line 173: | Line 174: | ||
| bound_cidrs [192.168.X.10] | bound_cidrs [192.168.X.10] | ||
| ... | ... | ||
| - | </code><code> | ||
| - | / # vault write auth/token/roles/webd-k8s allowed_policies=webd-k8s bound_cidrs="192.168.X.0/24" | ||
| - | |||
| - | / # vault token create -role=webd-k8s | ||
| </code><code> | </code><code> | ||
| / # vault write auth/token/roles/my-pgcluster allowed_policies=my-pgcluster bound_cidrs="192.168.X.10, 192.168.X.221" | / # vault write auth/token/roles/my-pgcluster allowed_policies=my-pgcluster bound_cidrs="192.168.X.10, 192.168.X.221" | ||
| / # vault token create -role=my-pgcluster | / # vault token create -role=my-pgcluster | ||
| + | </code><code> | ||
| + | / # vault write auth/token/roles/my-keycloak allowed_policies=my-keycloak bound_cidrs="192.168.X.10, 192.168.X.221" | ||
| + | |||
| + | / # vault token create -role=my-keycloak | ||
| </code> | </code> | ||
hashicorp_vault.1770977794.txt.gz · Last modified: 2026/02/13 13:16 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
