mirror of
https://github.com/vimagick/dockerfiles.git
synced 2025-12-21 21:33:02 +01:00
update
This commit is contained in:
kev
@@ -39,23 +39,26 @@ $ mkdir vault
|
|||||||
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault/vault.key -out vault/vault.crt
|
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault/vault.key -out vault/vault.crt
|
||||||
$ docker-compose up -d
|
$ docker-compose up -d
|
||||||
$ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
|
$ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
|
||||||
|
$ docker exec -it vault_vault_1 sh
|
||||||
|
>>> cd /etc/vault
|
||||||
|
>>> vault init -tls-skip-verify -key-shares=5 -key-threshold=3 | tee vault.secret
|
||||||
|
>>> exit
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> Split `vault.secret`, keep them a secret.
|
||||||
|
|
||||||
## client
|
## client
|
||||||
|
|
||||||
```
|
```
|
||||||
$ export VAULT_ADDR='https://127.0.0.1:8200'
|
$ export VAULT_ADDR='https://server:8200'
|
||||||
|
$ cp ~/fig/vault/vault/vault.crt /etc/ssl/certs/vault.pem
|
||||||
|
$ update-ca-certificates
|
||||||
$ vault status
|
$ vault status
|
||||||
$ vault init | tee vault.secret
|
$ vault unseal && vault unseal && vault unseal
|
||||||
$ vault unseal
|
|
||||||
$ vault auth
|
$ vault auth
|
||||||
$ vault write secret/name key=value
|
$ vault write secret/name key=value
|
||||||
$ vault read secret/name
|
$ vault read secret/name
|
||||||
$ vault seal
|
$ vault seal
|
||||||
```
|
```
|
||||||
|
|
||||||
- Split `vault.secret`, keep them a secret.
|
|
||||||
- Run `vault unseal` 3 times to unseal.
|
|
||||||
- Use `key=@value` to read secret from file.
|
|
||||||
|
|
||||||
[1]: https://www.vaultproject.io/
|
[1]: https://www.vaultproject.io/
|
||||||
|
|||||||
Reference in New Issue
Block a user