Vault kasutamine: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== TODO ===Ansible kasutamine=== <pre> # cat hw.yml --- - name: Hello World! hosts: all tasks: - name: Hello World! shell: echo "Hi! Tower is wor...')
 
 
(ei näidata sama kasutaja 4 vahepealset redaktsiooni)
2. rida: 2. rida:
   
 
TODO
  
TODO
  +
  +
===Vault teenus===
  +
  +
Testiks vault käivitamiseks sobib öelda dockerhostis
  +
  +
# docker run -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault
  +
  +
Tulemusena TODO
  +
  +
===vault klient===
  +
  +
TODO
  +
  +
===Python===
  +
  +
Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek
  +
  +
# apt-get install python3-hvac
  +
  +
Test skript
  +
  +
<pre>
  +
# cat example.py
  +
import hvac
  +
import sys
  +
  +
# Authentication
  +
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
  +
print(client.is_authenticated())
  +
  +
# Writing a secret
  +
create_response = client.secrets.kv.v2.create_or_update_secret(
  +
path='my-secret-password-imre',
  +
secret=dict(password='Hashi123'),
  +
)
  +
  +
print('Secret written successfully.')
  +
  +
# Reading a secret
  +
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)
  +
  +
password = read_response['data']['data']['password']
  +
  +
if password != 'Hashi123':
  +
sys.exit('unexpected password')
  +
  +
print('Access granted!')
  +
</pre>
  +
  +
Kasutamine
  +
  +
<pre>
  +
# python3 example.py
  +
True
  +
Secret written successfully.
  +
Access granted!
  +
</pre>
   
 
===Ansible kasutamine===
  
===Ansible kasutamine===
48. rida: 105. rida:
 
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
 
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
 
</pre>
  
</pre>
  +
  +
===Kasulikud lisamaterjalid===
  +
  +
* https://www.youtube.com/watch?v=Oyvnicmxmbo
  +
* https://www.youtube.com/watch?v=b_2lo30g0RU

Viimane redaktsioon: 13. jaanuar 2023, kell 02:48

Sissejuhatus

TODO

Vault teenus

Testiks vault käivitamiseks sobib öelda dockerhostis 

# docker run -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault

Tulemusena TODO

vault klient

TODO

Python

Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek 

# apt-get install python3-hvac

Test skript 

# cat example.py
import hvac
import sys

# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())

# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
    path='my-secret-password-imre',
    secret=dict(password='Hashi123'),
)

print('Secret written successfully.')

# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)

password = read_response['data']['data']['password']

if password != 'Hashi123':
    sys.exit('unexpected password')

print('Access granted!')

Kasutamine 

# python3 example.py
True
Secret written successfully.
Access granted!

Ansible kasutamine

# cat hw.yml
---
- name: Hello World!
  hosts: all
 
  tasks:
 
  - name: Hello World!
    shell: echo "Hi! Tower is working."

  - name: imre test
    debug:
      msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"

# cat hosts
[dockerhost]
192.168.110.221

# ansible-playbook hw.yml

PLAY [Hello World!] 
****************************************************************************

TASK [Gathering Facts]
****************************************************************************

TASK [Hello World!] 
****************************************************************************
changed: [192.168.110.221]

TASK [imre test] 
****************************************************************************
ok: [192.168.110.221] => {
    "msg": {
        "password": "parool"
    }
}

PLAY RECAP 
****************************************************************************
192.168.110.221            : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Kasulikud lisamaterjalid

Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Vault_kasutamine&oldid=482"