johanngyger/configure-vault.sh

## configure-vault.sh
# NOTE: You may need to set these addresses differently.
export INTERNAL_IP=$(dig +short `hostname -f`)
export VAULT_ADDR=http://${INTERNAL_IP}:8200

# Enable and configure the Kubernetes auth method.
# For details, see:
# - https://www.vaultproject.io/docs/auth/kubernetes.html
# - https://www.vaultproject.io/api/auth/kubernetes/index.html
vault auth enable kubernetes
vault write auth/kubernetes/config \
    kubernetes_host=https://${INTERNAL_IP}:6443 \
    kubernetes_ca_cert=@/etc/kubernetes/pki/ca.crt
vault write auth/kubernetes/role/vault-demo-role \
    bound_service_account_names=vault-serviceaccount \
    bound_service_account_namespaces=default \
    policies=vault-demo-policy \
    ttl=1h

# Create a policy for demo purposes
cat <<EOF | vault policy write vault-demo-policy -
path "sys/mounts" { capabilities = ["read"] }
path "secret/data/demo/*" { capabilities = ["read"] }
path "secret/metadata/demo/*" { capabilities = ["list"] }
EOF

# Write some demo secret
vault kv put secret/demo/most-used-password password=123456
vault kv put secret/demo/first one=1234567890 two=2345678901
vault kv put secret/demo/second green=lantern poison=ivy
vault kv put secret/demo/greek/alpha philosopher=plato
vault kv put secret/demo/greek/beta god=zeus
vault kv put secret/demo/greek/gamma mountain=olympus
	# NOTE: You may need to set these addresses differently.
	export INTERNAL_IP=$(dig +short `hostname -f`)
	export VAULT_ADDR=http://${INTERNAL_IP}:8200

	# Enable and configure the Kubernetes auth method.
	# For details, see:
	# - https://www.vaultproject.io/docs/auth/kubernetes.html
	# - https://www.vaultproject.io/api/auth/kubernetes/index.html
	vault auth enable kubernetes
	vault write auth/kubernetes/config \
	kubernetes_host=https://${INTERNAL_IP}:6443 \
	kubernetes_ca_cert=@/etc/kubernetes/pki/ca.crt
	vault write auth/kubernetes/role/vault-demo-role \
	bound_service_account_names=vault-serviceaccount \
	bound_service_account_namespaces=default \
	policies=vault-demo-policy \
	ttl=1h

	# Create a policy for demo purposes
	cat <<EOF \| vault policy write vault-demo-policy -
	path "sys/mounts" { capabilities = ["read"] }
	path "secret/data/demo/*" { capabilities = ["read"] }
	path "secret/metadata/demo/*" { capabilities = ["list"] }
	EOF

	# Write some demo secret
	vault kv put secret/demo/most-used-password password=123456
	vault kv put secret/demo/first one=1234567890 two=2345678901
	vault kv put secret/demo/second green=lantern poison=ivy
	vault kv put secret/demo/greek/alpha philosopher=plato
	vault kv put secret/demo/greek/beta god=zeus
	vault kv put secret/demo/greek/gamma mountain=olympus