Skip to content

Instantly share code, notes, and snippets.

@dims

dims/quick_start_vault.txt

Created August 2, 2017 13:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dims/47674cf2c3b0a953df69246c2ea1ff78 to your computer and use it in GitHub Desktop.
Save dims/47674cf2c3b0a953df69246c2ea1ff78 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
quick_start_vault.txt
wget https://releases.hashicorp.com/vault/0.7.3/vault_0.7.3_linux_amd64.zip
unzip vault_0.7.3_linux_amd64.zip
cp vault ~/bin/
cat <<EOF > vault.conf
backend "inmem" {
}
listener "tcp" {
address = "0.0.0.0:8300"
tls_cert_file = "/var/run/kubernetes/serving-kube-apiserver.crt"
tls_key_file = "/var/run/kubernetes/serving-kube-apiserver.key"
}
disable_mlock = true
EOF
sudo cp /var/run/kubernetes/server-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo /home/dims/bin/vault server -config vault.conf
vault status -tls-skip-verify
vault init -key-shares=5 -key-threshold=2
# KEY_1 and KEY_2 are from vault init
vault unseal $KEY_1_FROM_VAULT_INIT
vault unseal $KEY_2_FROM_VAULT_INIT
export VAULT_TOKEN=$ROOT_TOKEN_FROM_VAULT_INIT
curl -kvs -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"bar":"baz"}' https://127.0.0.1:8300/v1/secret/foo
curl -kvs -X GET -H "X-Vault-Token:$VAULT_TOKEN" https://127.0.0.1:8300/v1/secret/foo | jq .
URL(s):
https://www.vaultproject.io/intro/getting-started/apis.html
https://www.vaultproject.io/docs/configuration/index.html
https://dunne.io/vault-and-self-signed-ssl-certificates
https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment