vault_approle_demo $ git clone git@github.com:allthingsclowd/vault_approle.git .
Cloning into '.'...
remote: Counting objects: 56, done.
remote: Compressing objects: 100% (42/42), done.
remote: Total 56 (delta 13), reused 52 (delta 12), pack-reused 0
Receiving objects: 100% (56/56), 11.34 KiB | 829.00 KiB/s, done.
Resolving deltas: 100% (13/13), done.
vault_approle_demo $ vagrant up
Bringing machine 'vault01' up with 'virtualbox' provider...
==> vault01: Importing base box 'allthingscloud/go-counter-demo'...
==> vault01: Matching MAC address for NAT networking...
==> vault01: Checking if box 'allthingscloud/go-counter-demo' is up to date...
==> vault01: Setting the name of the VM: vault_approle_demo_vault01_1532685296100_97372
==> vault01: Clearing any previously set network interfaces...
==> vault01: Preparing network interfaces based on configuration...
vault01: Adapter 1: nat
vault01: Adapter 2: hostonly
==> vault01: Forwarding ports...
vault01: 8500 (guest) => 8500 (host) (adapter 1)
vault01: 8200 (guest) => 8200 (host) (adapter 1)
vault01: 22 (guest) => 2222 (host) (adapter 1)
==> vault01: Running 'pre-boot' VM customizations...
==> vault01: Booting VM...
==> vault01: Waiting for machine to boot. This may take a few minutes...
vault01: SSH address: 127.0.0.1:2222
vault01: SSH username: vagrant
vault01: SSH auth method: private key
vault01:
vault01: Vagrant insecure key detected. Vagrant will automatically replace
vault01: this with a newly generated keypair for better security.
vault01:
vault01: Inserting generated public key within guest...
vault01: Removing insecure key from the guest if it's present...
vault01: Key inserted! Disconnecting and reconnecting using new SSH key...
==> vault01: Machine booted and ready!
==> vault01: Checking for guest additions in VM...
vault01: The guest additions on this VM do not match the installed version of
vault01: VirtualBox! In most cases this is fine, but in rare cases it can
vault01: prevent things such as shared folders from working properly. If you see
vault01: shared folder errors, please make sure the guest additions within the
vault01: virtual machine match the version of VirtualBox you have installed on
vault01: your host and reload your VM.
vault01:
vault01: Guest Additions Version: 5.1.34
vault01: VirtualBox Version: 5.2
==> vault01: Setting hostname...
==> vault01: Configuring and enabling network interfaces...
==> vault01: Mounting shared folders...
vault01: /vagrant => /Users/grazzer/vagrant_workspace/vault_approle_demo
vault01: /usr/local/bootstrap => /Users/grazzer/vagrant_workspace/vault_approle_demo
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-mwew9g.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8;exit}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + LOG=/vagrant/logs/consul_leader01.log
vault01: + mkdir -p /vagrant/logs
vault01: + PKG='wget unzip'
vault01: + which wget unzip
vault01: + '[' -f /usr/local/bin/consul ']'
vault01: + pushd /usr/local/bin
vault01: /usr/local/bin /home/vagrant
vault01: + '[' -f consul_1.2.1_linux_amd64.zip ']'
vault01: + sudo wget https://releases.hashicorp.com/consul/1.2.1/consul_1.2.1_linux_amd64.zip
vault01: --2018-07-27 09:55:17-- https://releases.hashicorp.com/consul/1.2.1/consul_1.2.1_linux_amd64.zip
vault01: Resolving releases.hashicorp.com (releases.hashicorp.com)...
vault01: 151.101.1.183
vault01: ,
vault01: 151.101.65.183
vault01: ,
vault01: 151.101.129.183
vault01: , ...
vault01: Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.1.183|:443...
vault01: connected.
vault01: HTTP request sent, awaiting response...
vault01: 200 OK
vault01: Length:
vault01: 14529496
vault01: (14M)
vault01: [application/zip]
vault01: Saving to: ‘consul_1.2.1_linux_amd64.zip’
vault01:
vault01: 0K
vault01:
vault01: ..........
vault01: ........ 100% 6.15M=2.7s
vault01:
vault01: 2018-07-27 09:55:19 (5.18 MB/s) - ‘consul_1.2.1_linux_amd64.zip’ saved [14529496/14529496]
vault01: + sudo unzip consul_1.2.1_linux_amd64.zip
vault01: Archive: consul_1.2.1_linux_amd64.zip
vault01: inflating: consul
vault01: + sudo chmod +x consul
vault01: + popd
vault01: /home/vagrant
vault01: + AGENT_CONFIG='-config-dir=/etc/consul.d -enable-script-checks=true'
vault01: + sudo mkdir -p /etc/consul.d
vault01: + [[ leader01 =~ leader ]]
vault01: + echo server
vault01: server
vault01: + /usr/local/bin/consul members
vault01: + sleep 5
vault01: + sudo /usr/local/bin/consul agent -server -ui -client=0.0.0.0 -bind=192.168.5.11 -config-dir=/etc/consul.d -enable-script-checks=true -data-dir=/usr/local/consul -bootstrap-expect=1
vault01: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
vault01: bootstrap = true: do not enable unless necessary
vault01: + echo consul started
vault01: consul started
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-1xpre76.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + LOG=/vagrant/logs/vault_leader01.log
vault01: + which /usr/local/bin/vault
vault01: + pushd /usr/local/bin
vault01: /usr/local/bin /home/vagrant
vault01: + '[' -f vault_0.10.3_linux_amd64.zip ']'
vault01: + sudo wget https://releases.hashicorp.com/vault/0.10.3/vault_0.10.3_linux_amd64.zip
vault01: --2018-07-27 09:55:25-- https://releases.hashicorp.com/vault/0.10.3/vault_0.10.3_linux_amd64.zip
vault01: Resolving releases.hashicorp.com (releases.hashicorp.com)...
vault01: 151.101.1.183
vault01: ,
vault01: 151.101.65.183
vault01: ,
vault01: 151.101.129.183
vault01: , ...
vault01: Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.1.183|:443...
vault01: connected.
vault01: HTTP request sent, awaiting response...
vault01: 200 OK
vault01: Length: 21886547 (21M) [application/zip]
vault01: Saving to: ‘vault_0.10.3_linux_amd64.zip’
vault01:
vault01: 0K ..
vault01: ..
vault01: ... 100% 7.04M=4.0s
vault01:
vault01: 2018-07-27 09:55:29 (5.20 MB/s) - ‘vault_0.10.3_linux_amd64.zip’ saved [21886547/21886547]
vault01: + sudo unzip vault_0.10.3_linux_amd64.zip
vault01: Archive: vault_0.10.3_linux_amd64.zip
vault01: inflating: vault
vault01: + sudo chmod +x vault
vault01: + popd
vault01: /home/vagrant
vault01: + sudo killall vault
vault01: + sudo consul kv delete -recurse vault
vault01: Success! Deleted keys with prefix: vault
vault01: + '[' -f /usr/local/bootstrap/.vault-token ']'
vault01: + echo vault started
vault01: vault started
vault01: + sleep 3
vault01: + sudo /usr/local/bin/vault server -dev -dev-listen-address=192.168.5.11:8200 -config=/usr/local/bootstrap/conf/vault.hcl
vault01: + sudo VAULT_ADDR=http://192.168.5.11:8200 vault kv put secret/hello value=world
vault01: K
vault01: e
vault01: y
vault01:
vault01:
vault01:
vault01:
vault01:
vault01: Value
vault01: --- -----
vault01: created_time 2018-07-27T09:55:33.443550616Z
vault01: deletion_time n/a
vault01: destroyed false
vault01: version 1
vault01: + sudo VAULT_ADDR=http://192.168.5.11:8200 vault kv get secret/hello
vault01: =
vault01: =
vault01: =
vault01: =
vault01: =
vault01: =
vault01:
vault01: M
vault01: e
vault01: t
vault01: a
vault01: d
vault01: a
vault01: t
vault01: a
vault01:
vault01: =
vault01: =
vault01: ====
vault01: Key Value
vault01: --- -----
vault01: created_time 2018-07-27T09:55:33.443550616Z
vault01: deletion_time n/a
vault01: destroyed false
vault01: version 1
vault01:
vault01: ==== Data ====
vault01: Key Value
vault01: --- -----
vault01: value world
vault01: + sudo find / -name .vault-token -exec cp '{}' /usr/local/bootstrap/.vault-token ';' -quit
vault01: + sudo chmod ugo+r /usr/local/bootstrap/.vault-token
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-1teeuyr.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + export VAULT_ADDR=http://192.168.5.11:8200
vault01: + VAULT_ADDR=http://192.168.5.11:8200
vault01: + export VAULT_SKIP_VERIFY=true
vault01: + VAULT_SKIP_VERIFY=true
vault01: ++ cat /usr/local/bootstrap/.vault-token
vault01: + VAULT_TOKEN=27a57986-7294-9406-4b0d-768595b4e0ca
vault01: + VAULT_AUDIT_LOG=/vagrant/logs/vault_audit_leader01.log
vault01: + PKG='curl jq'
vault01: + which curl jq
vault01: + export DEBIAN_FRONTEND=noninteractive
vault01: + DEBIAN_FRONTEND=noninteractive
vault01: + apt-get update
vault01: Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
vault01: Get:2 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [529 kB]
vault01: Hit:3 http://us.archive.ubuntu.com/ubuntu xenial InRelease
vault01: Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
vault01: Get:5 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages [466 kB]
vault01: Get:6 http://security.ubuntu.com/ubuntu xenial-security/main Translation-en [226 kB]
vault01: Get:7 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [361 kB]
vault01: Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe i386 Packages [307 kB]
vault01: Get:9 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [135 kB]
vault01: Get:10 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [3,456 B]
vault01: Get:11 http://security.ubuntu.com/ubuntu xenial-security/multiverse i386 Packages [3,628 B]
vault01: Get:12 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
vault01: Get:13 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [819 kB]
vault01: Get:14 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [746 kB]
vault01: Get:15 http://us.archive.ubuntu.com/ubuntu xenial-updates/main Translation-en [337 kB]
vault01: Get:16 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [675 kB]
vault01: Get:17 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [615 kB]
vault01: Get:18 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [272 kB]
vault01: Get:19 http://us.archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [16.4 kB]
vault01: Get:20 http://us.archive.ubuntu.com/ubuntu xenial-updates/multiverse i386 Packages [15.5 kB]
vault01: Get:21 http://us.archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [6,744 B]
vault01: Get:22 http://us.archive.ubuntu.com/ubuntu xenial-backports/main i386 Packages [6,740 B]
vault01: Get:23 http://us.archive.ubuntu.com/ubuntu xenial-backports/main Translation-en [4,180 B]
vault01: Get:24 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [7,420 B]
vault01: Get:25 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 Packages [7,104 B]
vault01: Fetched 5,883 kB in 2s (2,669 kB/s)
vault01: Reading package lists...
vault01: + apt-get install -y curl jq
vault01: Reading package lists...
vault01: Building dependency tree...
vault01: Reading state information...
vault01: The following additional packages will be installed:
vault01: libonig2
vault01: The following NEW packages will be installed:
vault01: curl jq libonig2
vault01: 0 upgraded, 3 newly installed, 0 to remove and 56 not upgraded.
vault01: Need to get 371 kB of archives.
vault01: After this operation, 1,168 kB of additional disk space will be used.
vault01: Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libonig2 amd64 5.9.6-1 [88.1 kB]
vault01: Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 curl amd64 7.47.0-1ubuntu2.8 [139 kB]
vault01: Get:3 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 jq amd64 1.5+dfsg-1 [144 kB]
vault01: Fetched 371 kB in 0s (516 kB/s)
vault01: Selecting previously unselected package libonig2:amd64.
vault01: (Reading database ...
vault01: (Reading database ... 5%
vault01: (Reading database ... 10%
vault01: (Reading database ... 15%
vault01: (Reading database ... 20%
vault01: (Reading database ... 25%
vault01: (Reading database ... 30%
vault01: (Reading database ... 35%
vault01: (Reading database ... 40%
vault01: (Reading database ... 45%
vault01: (Reading database ... 50%
vault01: (Reading database ... 55%
vault01: (Reading database ... 60%
vault01: (Reading database ... 65%
vault01: (Reading database ... 70%
vault01: (Reading database ... 75%
vault01: (Reading database ... 80%
vault01: (Reading database ... 85%
vault01: (Reading database ... 90%
vault01: (Reading database ... 95%
vault01: (Reading database ... 100%
vault01: (Reading database ...
vault01: 97681 files and directories currently installed.)
vault01: Preparing to unpack .../libonig2_5.9.6-1_amd64.deb ...
vault01: Unpacking libonig2:amd64 (5.9.6-1) ...
vault01: Selecting previously unselected package curl.
vault01: Preparing to unpack .../curl_7.47.0-1ubuntu2.8_amd64.deb ...
vault01: Unpacking curl (7.47.0-1ubuntu2.8) ...
vault01: Selecting previously unselected package jq.
vault01: Preparing to unpack .../jq_1.5+dfsg-1_amd64.deb ...
vault01: Unpacking jq (1.5+dfsg-1) ...
vault01: Processing triggers for man-db (2.7.5-1) ...
vault01: Setting up libonig2:amd64 (5.9.6-1) ...
vault01: Setting up curl (7.47.0-1ubuntu2.8) ...
vault01: Setting up jq (1.5+dfsg-1) ...
vault01: Processing triggers for libc-bin (2.23-0ubuntu10) ...
vault01: + tee audit-backend-file.json
vault01: {
vault01: "type": "file",
vault01: "options": {
vault01: "path": "/vagrant/logs/vault_audit_leader01.log"
vault01: }
vault01: }
vault01: + pause 'Enable Audit Backend - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Enable Audit Backend - Press [Enter] key to continue...'
vault01: Enable Audit Backend - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request PUT --data @audit-backend-file.json http://192.168.5.11:8200/v1/sys/audit/file-audit
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 88 0 0 100 88 0 6688 --:--:-- --:--:-- --:--:-- 7333
vault01: + tee goapp-secret-read.json
vault01: {"policy":"path \"secret/data/goapp\" {capabilities = [\"read\", \"list\"]}"}
vault01: + pause 'Create goapp secret policy - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Create goapp secret policy - Press [Enter] key to continue...'
vault01: Create goapp secret policy - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request PUT --data @goapp-secret-read.json http://192.168.5.11:8200/v1/sys/policy/goapp-secret-read
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: Received % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 77 0 0 100 77 0 14285 --:--:-- --:--:-- --:--:-- 15400
vault01: + pause 'List ACL policies - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'List ACL policies - Press [Enter] key to continue...'
vault01: List ACL policies - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request LIST http://192.168.5.11:8200/v1/sys/policy
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 351 100 351 0 0 81212 0 --:--:-- --:--:-- --:--:-- 87750
vault01: {
vault01: "keys": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "policies": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "request_id": "e823636b-6910-de54-66d9-17f053f70b30",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "keys": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "policies": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ]
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
vault01: + tee approle.json
vault01: {
vault01: "type": "approle",
vault01: "description": "Demo AppRole auth backend"
vault01: }
vault01: + pause 'Enable approle - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Enable approle - Press [Enter] key to continue...'
vault01: Enable approle - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @approle.json http://192.168.5.11:8200/v1/sys/auth/approle
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 66 0 0 100 66 0 10197 --:--:-- --:--:-- --:--:-- 11000
vault01: ++ jq -r .data.role_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' http://192.168.5.11:8200/v1/auth/approle/role/goapp/role-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: ved % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 14 100 14 0 0 2984 0 --:--:-- --:--:-- --:--:-- 3500
vault01: + APPROLEID=null
vault01: + tee goapp-approle-role.json
vault01: {
vault01: "role_name": "goapp",
vault01: "bind_secret_id": true,
vault01: "secret_id_ttl": "10m",
vault01: "secret_id_num_uses": "1",
vault01: "token_ttl": "10m",
vault01: "token_max_ttl": "30m",
vault01: "period": 0,
vault01: "policies": [
vault01: "goapp-secret-read"
vault01: ]
vault01: }
vault01: + '[' null == null ']'
vault01: + pause 'Create approle - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Create approle - Press [Enter] key to continue...'
vault01: Create approle - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @goapp-approle-role.json http://192.168.5.11:8200/v1/auth/approle/role/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: eived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 226 0 0 100 226 0 20340 --:--:-- --:--:-- --:--:-- 22600
vault01: ++ jq -r .data.role_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' http://192.168.5.11:8200/v1/auth/approle/role/goapp/role-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 0
vault01: 0
vault01: 208 100 208 0 0 37189 0 --:--:-- --:--:-- --:--:-- 41600
vault01: + APPROLEID=76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + pause 'Show AppRoleID - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Show AppRoleID - Press [Enter] key to continue...'
vault01: Show AppRoleID - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + echo -e '\n\nApplication RoleID = 76e8a9f8-c775-8b9f-909b-76eca1e88edc\n\n'
vault01:
vault01:
vault01: Application RoleID = 76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + echo 76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + tee secret_id_config.json
vault01: {
vault01: "metadata": "{ \"tag1\": \"goapp production\" }"
vault01: }
vault01: ++ jq -r .data.secret_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --data @secret_id_config.json http://192.168.5.11:8200/v1/auth/approle/role/goapp/secret-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: ived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 322 100 270 100 52 30429 5860 --:--:-- --:--:-- --:--:-- 33750
vault01: + SECRETID=ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + pause 'Show SecretID - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Show SecretID - Press [Enter] key to continue...'
vault01: Show SecretID - Press [Enter] key to continue...
vault01:
vault01:
vault01:
vault01:
vault01: Application SecretID = ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + echo -e '\n'
vault01: + echo -e '\n\nApplication SecretID = ce51920f-3939-edc2-5f40-e7c3d6a726a2\n\n'
vault01: + echo ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + tee demo-secrets.json
vault01: {
vault01: "data": {
vault01: "username": "goapp-user",
vault01: "password": "$up3r$3cr3t!"
vault01: }
vault01: }
vault01: + pause 'Deploy some accessible secrets - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Deploy some accessible secrets - Press [Enter] key to continue...'
vault01: Deploy some accessible secrets - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @demo-secrets.json http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 334 100 256 100 78 25574 7792 --:--:-- --:--:-- --:--:-- 28444
vault01: {
vault01: "request_id": "7ff479ec-6fc9-5e0e-2483-c10a34787c27",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
vault01: + tee demo-secrets.json
vault01: {
vault01: "data": {
vault01: "username": "someother-user",
vault01: "password": "Pa$$W0RD"
vault01: }
vault01: }
vault01: + pause 'Deploy some inaccessible secrets - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Deploy some inaccessible secrets - Press [Enter] key to continue...'
vault01: Deploy some inaccessible secrets - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @demo-secrets.json http://192.168.5.11:8200/v1/secret/data/wrongapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: {
vault01: "request_id": "edd5cadb-8cca-37eb-975c-255d4ff6118a",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "created_time": "2018-07-27T09:55:46.123531196Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
100 334 100 256 100 78 19860 6051 --:--:-- --:--:-- --:--:-- 21333
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-wuxt5t.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + export VAULT_ADDR=http://192.168.5.11:8200
vault01: + VAULT_ADDR=http://192.168.5.11:8200
vault01: + export VAULT_SKIP_VERIFY=true
vault01: + VAULT_SKIP_VERIFY=true
vault01: ++ cat /vagrant/.approle-id
vault01: + APPROLEID=76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: ++ cat /vagrant/.secret-id
vault01: + SECRETID=ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + tee login_approle.json
vault01: {
vault01: "role_id": "76e8a9f8-c775-8b9f-909b-76eca1e88edc",
vault01: "secret_id": "ce51920f-3939-edc2-5f40-e7c3d6a726a2"
vault01: }
vault01: ++ jq -r .auth.client_token
vault01: ++ curl --request POST --data @login_approle.json http://192.168.5.11:8200/v1/auth/approle/login
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: ed % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
100 610 100 503 100 107 29722 6322 --:--:-- --:--:-- --:--:-- 31437
vault01: + APPROLE_TOKEN=6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: + echo 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: + jq -r .data
vault01: + curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01: Received % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 328 100 328 0 0 81067 0 --:--:-- --:--:-- --:--:-- 106k
vault01: {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }
vault01: ++ jq -r .data
vault01: ++ curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d
vault01:
vault01: % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 328 100 328 0 0 88840 0 --:--:-- --:--:-- --:--:-- 106k
vault01: + SECRETS='{
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }'
vault01: ++ jq -r .errors
vault01: ++ curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/wrongapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: ved % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 33 100 33 0 0 8928 0 --:--:-- --:--:-- --:--:-- 11000
vault01: + DENIED='[
vault01: "permission denied"
vault01: ]'
vault01: + '[' 6d754a13-c6cd-e211-8359-9ad6dc08d0cb '!=' null ']'
vault01: ++ date
vault01: + echo -e '\nAppRoleID 6d754a13-c6cd-e211-8359-9ad6dc08d0cb\n
vault01: Current time Fri Jul 27 09:55:46 UTC 2018\n
vault01: Accessible Secrets /secret/data/goapp \n {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }\n
vault01: Inaccessible Secrets /secret/data/wrongapp \n [
vault01: "permission denied"
vault01: ]\n'
vault01: AppRoleID 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: Current time Fri Jul 27 09:55:46 UTC 2018
vault01: Accessible Secrets /secret/data/goapp
vault01: {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }
vault01:
vault01: Inaccessible Secrets /secret/data/wrongapp
vault01: [
vault01: "permission denied"
vault01: ]
Created
July 27, 2018 10:21
-
-
Save allthingsclowd/f9ebd159057fe99e5ec8433460a621af to your computer and use it in GitHub Desktop.
Output from https://github.com/allthingsclowd/vault_approle
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://github.com/allthingsclowd/vault_approle for repo used