Run Vault with Consul

By | 2022년 10월 14일
Table of Contents

Run Vault with Consul

Vault 를 개발모드로 실행하면 모든 데이타는 메모리에 저장되고,
서버가 재시작되었을 때 모든 데이타가 증발합니다.

Vault, Consul 설치

여기 를 참조하여 Vault, Consul 을 설치합니다.

Vault 설정

export VAULT_ADDR='http://127.0.0.1:8200'
vault status
vault login <Root Token>
vault secrets list
vault secrets enable -path=team1 kv
vault secrets list
vault kv put team1/foo bar=baz
vault kv list team1
vault kv get team1/foo
vault policy list
vi team1-policy.cfg
-----------------------
path "team1/*" {
  capabilities = ["create", "update"]
}

path "team1/foo" {
  capabilities = ["read"]
}
-----------------------
vault policy write team1-policy team1-policy.cfg
vault policy list
vault auth list
vault auth enable approle
vault auth list

vault write auth/approle/role/team1-role \
secret_id_ttl=10m \
token_num_uses=10 \
token_ttl=20m \
token_max_ttl=30m \
secret_id_num_uses=40 \
token_policies=team1-policy
vault list auth/approle/role
vault read auth/approle/role/team1-role

# get id(role-id)
vault read auth/approle/role/team1-role/role-id
vault read -field=role_id auth/approle/role/team1-role/role-id

# get password(secret-id)
vault write -f -field=secret_id auth/approle/role/team1-role/secret-id