bugcy013/vault-notes.md

## vault-notes.md

      
    Raw
  

              vault-notes.md
            
          
    All the commands, which has been used in this tutorial.
Installation:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install vault
Verify Vault Installation

vault
vault -version
Start The Server

vault server -dev
export VAULT_ADDR='http://127.0.0.1:8200'
Verify The server

vault status
Note: Please do not run DEV server in Production!
Create secrets Key=value based

Writing A secret
vault kv put secret/hello myname=avinash
Getting a secret
vault kv get secret/hello
Deleting a secret
vault kv delete secret/hello

Enable A secret Engine
vault secrets enable -path=kv kv
OR
vault secrets enable kv

Both has same meaning, however if we still run "vault secrets enable kv", it will give below error.
Executing this command will throw the path is already in use at kv/ error.
List the Secrets

vault secrets list
vault kv put kv/my-secret value="Abd)hgf"
vault kv get kv/my-secret
vault kv delete kv/my-secret
Disable a Secret Engine

vault secrets disable kv/
vault secrets enable -path=aws aws
vault path-help aws
vault path-help aws/creds/my-non-existent-role
GitHub Authetication

Enable the Github
vault auth enable github
The auth method is enabled and available at the path auth/github/
Set a Github Organization in the configuration

vault write auth/github/config organization=devops
Now all users within the hashicorp GitHub organization are able to authenticate
Teams Creation

vault write auth/github/map/teams/devops value=default,applications
Where default & applications are the policies
Display all authentication method

vault auth list
Learn more about Github auth method

vault auth help github
Before login with Gitub auth method, make sure "VAULT_TOKEN" environment variable is unset.

unset VAULT_TOKEN
vault login -method=github
Log back in with ROOT token

vault login root
Revoke all tokens generated the github auth method.

vault token revoke -mode path auth/github
Disable the github auth method

vault auth disable github
Policies

Read the policy

vault policy read default
To write a policy

vault policy write -h
vault policy write devops-policy  (##Watch the video to complete this command , I cannot paste whole command here as angle bracket is not allowed in desc.)
List vault policy

vault policy list
Read the policy

vault policy read devops-policy
Test the policy

export VAULT_TOKEN="$(vault token create -field token -policy=devops-policy)"
Validate the token ID exported properly or not

vault token lookup | grep policies
Write a secret to the path

vault kv put secret/creds password="my-devops-password"
#Attempt to write to the secret/data/foo path
vault kv put secret/foo team=devops
You will get permission denied error as path vault/data/foo has only READ access.
Deploy Vault

Create /vault/data directory

mkdir -p ./vault/data
Start Vault Server

vault server -config=config.hcl
#Launch a new terminal session, and set VAULT_ADDR environment variable
export VAULT_ADDR='http://127.0.0.1:8200'
#initialize Vault
vault operator init
#unsealing the Vault
vault operator unseal
#Finally, authenticate as the initial root token
vault login Initial_Root_Token
Clean Up

pgrep -f vault | xargs kill
rm -rf ./vault/data
Vault config

storage "raft" {
    path = "/vault/data"
    node_id = "vault1"
}

listener "tcp" {
    address = "0.0.0.0:8200"
    tls_disable = "true"
}

api_addr = "http://127.0.0.1:8200"
cluster_addr = "http://127.0.0.1:8201"
ui = true
disable_mlock = true


consul kv export
consul kv import
consul kv delete core/lock

https://github.com/sethvargo/vault-demo