Last active
November 28, 2021 16:26
-
-
Save johanngyger/cf8ebbb72aa4f949e9c4a6e3b9170d48 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: You may need to set these addresses differently. | |
export INTERNAL_IP=$(dig +short `hostname -f`) | |
export VAULT_ADDR=http://${INTERNAL_IP}:8200 | |
# Enable and configure the Kubernetes auth method. | |
# For details, see: | |
# - https://www.vaultproject.io/docs/auth/kubernetes.html | |
# - https://www.vaultproject.io/api/auth/kubernetes/index.html | |
vault auth enable kubernetes | |
vault write auth/kubernetes/config \ | |
kubernetes_host=https://${INTERNAL_IP}:6443 \ | |
kubernetes_ca_cert=@/etc/kubernetes/pki/ca.crt | |
vault write auth/kubernetes/role/vault-demo-role \ | |
bound_service_account_names=vault-serviceaccount \ | |
bound_service_account_namespaces=default \ | |
policies=vault-demo-policy \ | |
ttl=1h | |
# Create a policy for demo purposes | |
cat <<EOF | vault policy write vault-demo-policy - | |
path "sys/mounts" { capabilities = ["read"] } | |
path "secret/data/demo/*" { capabilities = ["read"] } | |
path "secret/metadata/demo/*" { capabilities = ["list"] } | |
EOF | |
# Write some demo secret | |
vault kv put secret/demo/most-used-password password=123456 | |
vault kv put secret/demo/first one=1234567890 two=2345678901 | |
vault kv put secret/demo/second green=lantern poison=ivy | |
vault kv put secret/demo/greek/alpha philosopher=plato | |
vault kv put secret/demo/greek/beta god=zeus | |
vault kv put secret/demo/greek/gamma mountain=olympus | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment