项目作者: johnhckuo

项目描述 :
Hashicorp basic operations
高级语言: Go
项目地址: git://github.com/johnhckuo/Vault.git
创建时间: 2020-07-27T07:22:26Z
项目社区:https://github.com/johnhckuo/Vault

开源协议:

下载


Hashicorp Vault Basics

Assuming your vault is being hosted in k8s, and Kubernetes auth method of vault is enabled

  1. kubectl port-forward -n vault vault-0 8200:8200

Then create a service account in k8s

  1. cat <<EOF | kubectl apply -f -
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5. name: vault-user
  6. namespace: default
  7. EOF

Check SA has been created successfully

  1. kubectl get sa

Then you need to give your SA some policies to be able to read a KV path

  1. vault write auth/kubernetes/role/demo \
  2. bound_service_account_names=vault-user \
  3. bound_service_account_namespaces=default \
  4. policies=<name-of-ur-policy-here> \
  5. ttl=1h

Retrieve the token of the service account

  1. kubectl get secret <service-account-name>-<random digits> -o yaml

Set Envs

  1. export VAULT_ADDR=https://127.0.0.1:8200
  2. export TOKEN=<Token-We-Just-Created>

Start Running

  1. go run main.go