Created
February 26, 2021 23:17
-
-
Save sfauvart/d48772adedb5c8656183923fb9ec5cfd to your computer and use it in GitHub Desktop.
Quarkus Vault Enterprise with namespace test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run vault-enterprise container for test | |
docker run -ti -p 8200:8200 -e VAULT_DEV_ROOT_TOKEN_ID=vault-demo-token hashicorp/vault-enterprise:latest | |
# Run init_vault_enterprise_quarkus.sh script and add to application.properties : | |
# vault | |
quarkus.vault.url=http://localhost:8200 | |
# vault authentication | |
quarkus.vault.enterprise.namespace=/ns1 | |
quarkus.vault.secret-config-kv-path=quarkus/test-service | |
quarkus.vault.authentication.app-role.role-id=xxxx | |
quarkus.vault.authentication.app-role.secret-id=xxxx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
curl -s --header "X-Vault-Token: vault-demo-token" \ | |
--request POST \ | |
--data '{"type": "approle"}' \ | |
http://127.0.0.1:8200/v1/sys/auth/approle | |
curl -s \ | |
--header "X-Vault-Token: vault-demo-token" \ | |
--request POST \ | |
http://127.0.0.1:8200/v1/sys/namespaces/ns1 | |
curl -s 'http://127.0.0.1:8200/v1/sys/auth/approle' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' \ | |
--data-raw '{"path":"approle","type":"approle","config":{}}' | |
curl -s 'http://127.0.0.1:8200/v1/sys/mounts/secret' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' \ | |
--data-raw '{"path":"secret","type":"kv","config":{},"options":{"version":2},"generate_signing_key":true}' | |
curl -s 'http://127.0.0.1:8200/v1/secret/data/quarkus/test-service' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' \ | |
--data-raw '{"data":{"mp.openapi.extensions.smallrye.info.title":"Quarkus API from Vault"},"options":{"cas":0}}' | |
curl -s 'http://127.0.0.1:8200/v1/sys/policies/acl/quarkus' \ | |
-X 'PUT' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' \ | |
--data-raw $'{"name":"quarkus","policy":"# Read-only permission on \'secret/data/quarkus/*\' path\\npath \\"secret/data/quarkus/*\\" {\\n capabilities = [ \\"read\\", \\"update\\" ]\\n}"}' | |
curl -s 'http://127.0.0.1:8200/v1/auth/approle/role/quarkus' \ | |
-X 'POST' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' \ | |
--data-raw '{"token_policies": "quarkus","token_ttl": "1h","token_max_ttl": "4h"}' | |
ROLE_ID=$(curl -s 'http://127.0.0.1:8200/v1/auth/approle/role/quarkus/role-id' \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' | jq -r '.data.role_id') | |
echo "quarkus.vault.authentication.app-role.role-id=${ROLE_ID}" | |
SECRET_ID=$(curl -s 'http://127.0.0.1:8200/v1/auth/approle/role/quarkus/secret-id' \ | |
--request POST \ | |
-H 'X-Vault-Namespace: ns1' \ | |
-H 'X-Vault-Token: vault-demo-token' | jq -r '.data.secret_id') | |
echo "quarkus.vault.authentication.app-role.secret-id=${SECRET_ID}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment