Vault kasutamine: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Resümee puudub |
(→Python) |
||
| 4. rida: | 4. rida: | ||
===Python=== |
===Python=== |
||
| + | |||
| + | Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek |
||
| + | |||
| + | # apt-get install python3-hvac |
||
| + | |||
| + | Test skript |
||
<pre> |
<pre> |
||
| 31. rida: | 37. rida: | ||
print('Access granted!') |
print('Access granted!') |
||
| + | </pre> |
||
| + | |||
| + | Kasutamine |
||
| + | |||
| + | <pre> |
||
| + | # python3 example.py |
||
| + | True |
||
| + | Secret written successfully. |
||
| + | Access granted! |
||
</pre> |
</pre> |
||
Redaktsioon: 13. jaanuar 2023, kell 01:44
Sissejuhatus
TODO
Python
Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek
# apt-get install python3-hvac
Test skript
# cat example.py
import hvac
import sys
# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())
# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
path='my-secret-password-imre',
secret=dict(password='Hashi123'),
)
print('Secret written successfully.')
# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)
password = read_response['data']['data']['password']
if password != 'Hashi123':
sys.exit('unexpected password')
print('Access granted!')
Kasutamine
# python3 example.py True Secret written successfully. Access granted!
Ansible kasutamine
# cat hw.yml
---
- name: Hello World!
hosts: all
tasks:
- name: Hello World!
shell: echo "Hi! Tower is working."
- name: imre test
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"
# cat hosts
[dockerhost]
192.168.110.221
# ansible-playbook hw.yml
PLAY [Hello World!]
****************************************************************************
TASK [Gathering Facts]
****************************************************************************
TASK [Hello World!]
****************************************************************************
changed: [192.168.110.221]
TASK [imre test]
****************************************************************************
ok: [192.168.110.221] => {
"msg": {
"password": "parool"
}
}
PLAY RECAP
****************************************************************************
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
