Last active
November 26, 2019 16:53
-
-
Save martezr/69b4c5f4ec5a85f372750fc50246b3d3 to your computer and use it in GitHub Desktop.
Puppet Bolt Vault Plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bolt plan run facts -i inventory.yaml --targets=linuxnode1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
path "secret/data/credentials/*" { | |
capabilities = ["read"] | |
} | |
path "secret/metadata/credentials/*" { | |
capabilities = ["list","read"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
modulepath: "~/.puppetlabs/bolt-code/modules:~/.puppetlabs/bolt-code/site-modules" | |
concurrency: 10 | |
format: human | |
winrm: | |
ssl: false | |
ssh: | |
host-key-check: false | |
plugins: | |
vault: | |
server_url: http://127.0.0.1:8200 | |
auth: | |
method: token | |
token: s.3649w1Fh80RtwSteoDzWuDUi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
modulepath: "~/.puppetlabs/bolt-code/modules:~/.puppetlabs/bolt-code/site-modules" | |
concurrency: 10 | |
format: human | |
winrm: | |
ssl: false | |
ssh: | |
host-key-check: false | |
plugins: | |
vault: | |
server_url: http://127.0.0.1:8200 | |
auth: | |
method: userpass | |
user: puppetbolt | |
pass: Password123 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bolt plan run facts -i inventory.yaml --targets=winnode1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault token create -policy=bolt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 2 | |
targets: | |
- uri: linuxnode1 | |
config: | |
transport: ssh | |
ssh: | |
user: root | |
private-key: | |
key-data: | |
_plugin: vault | |
path: secret/credentials/linux | |
field: privatekey | |
version: 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault kv put secret/credentials/linux privatekey=@bolt_id_rsa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Key Value | |
--- ----- | |
token s.3649w1Fh80RtwSteoDzWuDUi | |
token_accessor Ki4onGqPfwdnMVJQFX40ddqZ | |
token_duration 768h | |
token_renewable true | |
token_policies ["bolt" "default"] | |
identity_policies [] | |
policies ["bolt" "default"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault write auth/userpass/users/puppetbolt password=Password123 policies=bolt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault auth enable userpass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Success! You are now authenticated. The token information displayed below | |
is already stored in the token helper. You do NOT need to run "vault login" | |
again. Future Vault requests will automatically use this token. | |
Key Value | |
--- ----- | |
token s.Xd4v1qoCtnKEnDHjzYTRm1KC | |
token_accessor 1ZRZUUYfWRJOGNBj8qnbRGvf | |
token_duration 768h | |
token_renewable true | |
token_policies ["bolt" "default"] | |
identity_policies [] | |
policies ["bolt" "default"] | |
token_meta_username puppetbolt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault login -method=userpass username=puppetbolt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault policy write bolt bolt-policy.hcl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 2 | |
targets: | |
- uri: winnode1 | |
config: | |
transport: winrm | |
winrm: | |
user: administrator | |
password: | |
_plugin: vault | |
path: secret/credentials/windows | |
field: password | |
version: 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault kv put secret/credentials/windows password=Puppet123 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment