I hereby claim:
- I am vishalnayak on github.
- I am vishalnayak (https://keybase.io/vishalnayak) on keybase.
- I have a public key ASBhlVW1V3XXXHQ0W6eDIXTT2rbyfO0lmviXfCteSd_VNQo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
set -aex | |
vault mount transit | |
vault write transit/keys/rsa type=rsa-2048 exportable=true | |
vault read -format json transit/export/encryption-key/rsa | jq -r '.data.keys["1"]' > private.pem | |
vault read -format json transit/keys/rsa | jq -r '.data.keys["1"].public_key' > public.pem | |
# Verify parsing of public key | |
openssl rsa -inform PEM -pubin -in public.pem -text | |
# Verify parsing of private key | |
openssl rsa -in private.pem -pubout |
#!/bin/bash | |
set -e | |
set -x | |
vault auth-enable okta | |
vault write auth/okta/config org_name=dev-511503-admin api_token=redactedocUmeQVeazDbOPDnE9ZYPCoknUGFz-h base_url=oktapreview.com | |
vault write auth/okta/groups/testgroup policies=default | |
vault write auth/okta/users/vishalnayakv@gmail.com groups=testgroup policies=testpolicy | |
vault auth -method=okta username=vishalnayakv@gmail.com |
#!/bin/bash | |
set -aex | |
vault auth enable approle | |
vault write auth/approle/role/role1 bind_secret_id=true period=60 | |
secretID=$(vault write -format json -f auth/approle/role/role1/secret-id | jq -r '.data.secret_id') | |
roleID=$(vault read -format json auth/approle/role/role1/role-id | jq -r '.data.role_id') | |
vault write auth/approle/login role_id=$roleID secret_id=$secretID |
#!/bin/bash | |
set -aex | |
italiansGroupID=$(vault write -format=json identity/group name=ldap_Italians type=external | jq -r '.data.id') | |
scientistsGroupID=$(vault write -format=json identity/group name=ldap_Scientists type=external | jq -r '.data.id') | |
vault auth-enable ldap | |
accessor=$(curl -H "X-vault-token:root" http://localhost:8200/v1/sys/auth | jq -r '.data."ldap/".accessor') | |
italiansGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$italiansGroupID mount_accessor=$accessor name=Italians | jq -r '.data.id') | |
scientistsGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$scientistsGroupID mount_accessor=$accessor name=Scientists | jq -r '.data.id') |
#!/bin/bash | |
set -aex | |
cat > ldapConfig -<<EOF | |
{ | |
"url": "ldap://ldap.forumsys.com", | |
"userattr": "uid", | |
"userdn": "dc=example,dc=com", | |
"groupdn": "dc=example,dc=com", | |
"binddn": "cn=read-only-admin,dc=example,dc=com" | |
} |
#!/bin/bash | |
#set -ae | |
set -x | |
# Create three different secrets in the KV store | |
vault write secret/path1 key1=secret1 | |
vault write secret/path2 key2=secret2 | |
vault write secret/path3 key3=secret3 | |
vault write secret/path4 key4=secret4 |
#!/bin/bash | |
set -aex | |
vault secrets enable pki | |
vault secrets tune -max-lease-ttl=87600h pki | |
vault write pki/root/generate/internal common_name=myvault.com ttl=87600h ip_sans=127.0.0.1 | |
vault write pki/roles/myvault-dot-com require_cn=false allowed_domains="myvault.com" allow_subdomains="true" max_ttl="72h" generate_lease="true" | |
vault write pki/issue/myvault-dot-com format=pem ip_sans=127.0.0.1 |
#!/bin/bash | |
set -aex | |
initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1) | |
unsealKey=$(echo -n $initResult | jq -r '.unseal_keys_b64[0]') | |
rootToken=$(echo -n $initResult | jq -r '.root_token') | |
# Store the unseal key and the root token for future use | |
echo -n $unsealKey > unsealKey | |
echo -n $rootToken > rootToken |
#!/bin/bash | |
set -aex | |
vault auth enable userpass | |
vault write auth/userpass/users/vishal password=nayak policies=default | |
vault read auth/userpass/users/vishal | |
vault login -method=userpass username=vishal password=nayak |