This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# Send the log output from this script to user-data.log, syslog, and the console | |
# From: https://alestic.com/2010/12/ec2-user-data-output/ | |
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 | |
sudo apt update && sudo apt install -y unzip jq |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo apt update && sudo apt install -y unzip | |
VAULT_ZIP="vault.zip" | |
VAULT_URL="https://releases.hashicorp.com/vault/1.4.3+ent/vault_1.4.3+ent_linux_amd64.zip" | |
curl --silent --output /tmp/$${VAULT_ZIP} $${VAULT_URL} | |
unzip -o /tmp/$${VAULT_ZIP} -d /usr/local/bin/ | |
chmod 0755 /usr/local/bin/vault |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#enable azure auth method | |
vault auth enable azure | |
#configure azure auth method using azure service principal | |
vault write auth/azure/config tenant_id="${tenant_id}" \ | |
resource="https://management.azure.com/" client_id="${client_id}" \ | |
client_secret="${client_secret}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
sudo cat << 'EOF' > /tmp/webapppolicy.hcl | |
path "data_protection/database/creds/vault-demo-app" { | |
capabilities = ["read"] | |
} | |
EOF | |
vault policy write webapp /tmp/webapppolicy.hcl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
vault secrets enable -path=data_protection/database database | |
# Configure the database secrets engine to talk to MySQL | |
vault write data_protection/database/config/wsmysqldatabase \ | |
plugin_name=mysql-database-plugin \ | |
connection_url="{{username}}:{{password}}@tcp(mydemoserver.mysql.database.azure.com)/" \ | |
allowed_roles="vault-demo-app","vault-demo-app-long" \ | |
username="myadmin@mydemoserve" \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
path "data_protection/database/creds/vault-demo-app" { | |
capabilities = ["read"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[DATABASE] | |
Address=mydemoserver.mysql.database.azure.com | |
Port=3306 | |
{{ with secret "data_protection/database/creds/vault-demo-app" -}} | |
User={{ .Data.username }}@mydemoserver | |
Password={{ .Data.password }} | |
{{- end }} | |
Database=my_app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault { | |
address = "https://10.10.10.1:8200 | |
} | |
auto_auth { | |
method "azure" { | |
mount_path = "auth/azure" | |
namespace = "dev" | |
config = { | |
resource = "https://management.azure.com/" | |
role = "dev-role" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault { | |
address = "https://10.10.10.1:8200 | |
} | |
auto_auth { | |
method "azure" { | |
mount_path = "auth/azure" | |
namespace = "dev" | |
config = { | |
resource = "https://management.azure.com/" | |
role = "dev-role" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Enable the transit secret engine at a path of your choice | |
vault secrets enable -path=/data-protection/transit transit | |
# Create an encryption key, this key is managed and created by Vault | |
vault write -f /data-protection/transit/keys/customer-key | |
# You can create multiple keys if you require | |
vault write -f /data-protection/transit/keys/archive-key |
NewerOlder