Last active
January 17, 2022 15:18
-
-
Save abdennour/da10da25eeb139a214df09bc33e80d3b to your computer and use it in GitHub Desktop.
Vault up and Operations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat vault.hcl | |
# create data container which holds the hcl file | |
docker create -v /config --name config busybox; docker cp vault.hcl config:/config/; | |
docker exec -it config cat /config/vault.hcl | |
docker run -d --name consul -p 8500:8500 consul:v0.6.4 agent -dev -client=0.0.0.0 | |
docker run -d --name vault-dev --link consul:consul -p 8200:8200 --volumes-from config cgswong/vault:0.5.3 server -config=/config/vault.hcl | |
# docker run -d --name vault-dev --volumes-from config --cap-add=IPC_LOCK -e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/config/vault.hcl"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}' --link consul:consul vault server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# define vault cli client | |
alias vault='docker exec -it vault-dev vault "$@"' | |
# point to the running Vault | |
export VAULT_ADDR=http://127.0.0.1:8200 | |
# Unseal process | |
vault init -address=${VAULT_ADDR} > keys.txt | |
cat keys.txt | |
vault unseal -address=${VAULT_ADDR} $(grep 'Key 1:' keys.txt | awk '{print $NF}') | |
vault unseal -address=${VAULT_ADDR} $(grep 'Key 2:' keys.txt | awk '{print $NF}') | |
vault unseal -address=${VAULT_ADDR} $(grep 'Key 3:' keys.txt | awk '{print $NF}') | |
# Check status of Vault | |
vault status -address=${VAULT_ADDR} | |
# Authenticate to Vault | |
export VAULT_TOKEN=$(grep 'Initial Root Token:' keys.txt | awk '{print substr($NF, 1, length($NF)-1)}') | |
vault auth -address=${VAULT_ADDR} ${VAULT_TOKEN} | |
# Write on vault | |
vault write -address=${VAULT_ADDR} secret/api-key value=12345678 | |
# Read with Vault CLI | |
vault read -address=${VAULT_ADDR} secret/api-key | |
vault read -address=${VAULT_ADDR} -field=value secret/api-key | |
# Read with curl | |
curl -H "X-Vault-Token:$VAULT_TOKEN" -XGET http://docker:8200/v1/secret/api-key | |
curl -s -H "X-Vault-Token:$VAULT_TOKEN" -XGET http://docker:8200/v1/secret/api-key | jq -r .data.value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend "consul" { | |
address = "consul:8500" | |
advertise_addr = "consul:8300" | |
scheme = "http" | |
} | |
listener "tcp" { | |
address = "0.0.0.0:8200" | |
tls_disable = 1 | |
} | |
disable_mlock = true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment