Table of Contents
Run Vault with Consul
Vault 를 개발모드로 실행하면 모든 데이타는 메모리에 저장되고,
서버가 재시작되었을 때 모든 데이타가 증발합니다.
Vault, Consul 설치
여기 를 참조하여 Vault, Consul 을 설치합니다.
Vault 설정
export VAULT_ADDR='http://127.0.0.1:8200'
vault status
vault login <Root Token>
vault secrets list
vault secrets enable -path=team1 kv
vault secrets list
vault kv put team1/foo bar=baz
vault kv list team1
vault kv get team1/foo
vault policy list
vi team1-policy.cfg
-----------------------
path "team1/*" {
capabilities = ["create", "update"]
}
path "team1/foo" {
capabilities = ["read"]
}
-----------------------
vault policy write team1-policy team1-policy.cfg
vault policy list
vault auth list
vault auth enable approle
vault auth list
vault write auth/approle/role/team1-role \
secret_id_ttl=10m \
token_num_uses=10 \
token_ttl=20m \
token_max_ttl=30m \
secret_id_num_uses=40 \
token_policies=team1-policy
vault list auth/approle/role
vault read auth/approle/role/team1-role
# get id(role-id)
vault read auth/approle/role/team1-role/role-id
vault read -field=role_id auth/approle/role/team1-role/role-id
# get password(secret-id)
vault write -f -field=secret_id auth/approle/role/team1-role/secret-id
https://velog.io/@limsubin/Vault%EC%97%90-%EC%9E%88%EB%8A%94-%EA%B0%92%EC%9D%84-Spring-Boot%EB%A1%9C-%EA%B0%80%EC%A0%B8%EC%99%80-%EB%B3%B4%EC%9E%90
spring