kaparora
/ vault-install-azure-vm-service.sh
Created
July 24, 2020 20:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Send the log output from this script to user-data.log, syslog, and the console | |
| # From: https://alestic.com/2010/12/ec2-user-data-output/ | |
| exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 | |
| sudo apt update && sudo apt install -y unzip jq |
kaparora
/ sample-vault-agent-service-linux.sh
Last active
July 24, 2020 19:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo apt update && sudo apt install -y unzip | |
| VAULT_ZIP="vault.zip" | |
| VAULT_URL="https://releases.hashicorp.com/vault/1.4.3+ent/vault_1.4.3+ent_linux_amd64.zip" | |
| curl --silent --output /tmp/$${VAULT_ZIP} $${VAULT_URL} | |
| unzip -o /tmp/$${VAULT_ZIP} -d /usr/local/bin/ | |
| chmod 0755 /usr/local/bin/vault |
kaparora
/ vault-azure-auth-setup.txt
Last active
July 24, 2020 13:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #enable azure auth method | |
| vault auth enable azure | |
| #configure azure auth method using azure service principal | |
| vault write auth/azure/config tenant_id="${tenant_id}" \ | |
| resource="https://management.azure.com/" client_id="${client_id}" \ | |
| client_secret="${client_secret}" |
kaparora
/ vault-sample-policy-create.sh
Last active
July 24, 2020 13:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| sudo cat << 'EOF' > /tmp/webapppolicy.hcl | |
| path "data_protection/database/creds/vault-demo-app" { | |
| capabilities = ["read"] | |
| } | |
| EOF | |
| vault policy write webapp /tmp/webapppolicy.hcl |
kaparora
/ mysql-vault-dynamic-credentials.sh
Created
July 24, 2020 13:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| vault secrets enable -path=data_protection/database database | |
| # Configure the database secrets engine to talk to MySQL | |
| vault write data_protection/database/config/wsmysqldatabase \ | |
| plugin_name=mysql-database-plugin \ | |
| connection_url="{{username}}:{{password}}@tcp(mydemoserver.mysql.database.azure.com)/" \ | |
| allowed_roles="vault-demo-app","vault-demo-app-long" \ | |
| username="myadmin@mydemoserve" \ |
kaparora
/ sample-policy-vault-database-creds.hcl
Created
July 14, 2020 17:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "data_protection/database/creds/vault-demo-app" { | |
| capabilities = ["read"] | |
| } |
kaparora
/ sample-config-template-vault-agent.ini
Last active
July 14, 2020 17:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [DATABASE] | |
| Address=mydemoserver.mysql.database.azure.com | |
| Port=3306 | |
| {{ with secret "data_protection/database/creds/vault-demo-app" -}} | |
| User={{ .Data.username }}@mydemoserver | |
| Password={{ .Data.password }} | |
| {{- end }} | |
| Database=my_app |
kaparora
/ sample-vault-agent-azure-vm.hcl
Created
July 14, 2020 16:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault { | |
| address = "https://10.10.10.1:8200 | |
| } | |
| auto_auth { | |
| method "azure" { | |
| mount_path = "auth/azure" | |
| namespace = "dev" | |
| config = { | |
| resource = "https://management.azure.com/" | |
| role = "dev-role" |
kaparora
/ sample-vault-agent-azure-vm.hcl
Created
July 14, 2020 16:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault { | |
| address = "https://10.10.10.1:8200 | |
| } | |
| auto_auth { | |
| method "azure" { | |
| mount_path = "auth/azure" | |
| namespace = "dev" | |
| config = { | |
| resource = "https://management.azure.com/" | |
| role = "dev-role" |
kaparora
/ vault-transit.sh
Created
April 19, 2020 10:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Enable the transit secret engine at a path of your choice | |
| vault secrets enable -path=/data-protection/transit transit | |
| # Create an encryption key, this key is managed and created by Vault | |
| vault write -f /data-protection/transit/keys/customer-key | |
| # You can create multiple keys if you require | |
| vault write -f /data-protection/transit/keys/archive-key |
NewerOlder