curl --header "X-Vault-Token: ${TOKEN}" http://192.168.7.70:8200/v1/sys/license | jq '.'
-
Use vagrant scripts to get vault and consul instances stood up.
-
Consul Server
- edit /etc/consul.d/consul.hcl / server.hcl (expect = 1, retry to 1 ip)
sudo nohup consul agent -server -config-dir=/etc/consul.d -bind=192.168.7.80 > consul_server.log &
consul license put @/vagrant/jjenkins-consul.hclic - edit /etc/consul.d/consul.hcl / server.hcl (expect = 1, retry to 1 ip)
update consul_c1.json if needed
`sudo nohup consul agent -config-file=consul_c1.json > consul_client.log &`
- Check configurations
`sudo nohup vault server -config=vault.hcl > vault_server.log &`
- set environment variables (/vagrant/set-env) also add in AWS keys
- follow steps in /vagrant/unseal.sh
`TOKEN=$(grep "Root Token" key.txt|cut -c 20-)`
- unseal vault (shamir)
- check license
`curl --header "X-Vault-Token: ${TOKEN}" http://192.168.7.70:8200/v1/sys/license | jq '.'`
- update license file
save this as lic.json
{
"text": "text"
}
- Update License
curl --header "X-Vault-Token: ${TOKEN}" --request PUT --data @/vagrant/lic.json http://192.168.7.70:8200/v1/sys/license
vault login $TOKEN
vault secrets enable kv
-
vault write kv/my-secret username=password (or use random secret scripot below to create a bunch of records)
-
vault kv list kv/my-secret
-
add this to vault config
seal "awskms" {
region = "us-east-1"
access_key = "access_key"
secret_key = "secret_key"
kms_key_id = "kms_key_id"
}
-
Restart vault unseal with shamir keys
vault operator unseal -migrateuse your unseal keys -
restart vault again - it will start auto unsealed
i=0
while [[ $i -lt 100 ]]
do
echo "vault write kv/my-secret/${RANDOM} username=steve password=${RANDOM}">> load-secrets.sh
((i++))
done
- update IP addresses to VAULT_ADDR variable