Vault kasutamine: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
 
(ei näidata sama kasutaja üht vahepealset redaktsiooni)
2. rida: 2. rida:
   
 
TODO
  
TODO
  +
  +
===Vault teenus===
   
 
Testiks vault käivitamiseks sobib öelda dockerhostis
  
Testiks vault käivitamiseks sobib öelda dockerhostis
   
  +
# docker run -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault
TODO
  
   
 
Tulemusena TODO
  
Tulemusena TODO
103. rida: 105. rida:
 
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
 
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
 
</pre>
  
</pre>
  +
  +
===Kasulikud lisamaterjalid===
  +
  +
* https://www.youtube.com/watch?v=Oyvnicmxmbo
  +
* https://www.youtube.com/watch?v=b_2lo30g0RU

Viimane redaktsioon: 13. jaanuar 2023, kell 01:48

Sissejuhatus

TODO

Vault teenus

Testiks vault käivitamiseks sobib öelda dockerhostis 

# docker run -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault

Tulemusena TODO

vault klient

TODO

Python

Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek 

# apt-get install python3-hvac

Test skript 

# cat example.py
import hvac
import sys

# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())

# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
    path='my-secret-password-imre',
    secret=dict(password='Hashi123'),
)

print('Secret written successfully.')

# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)

password = read_response['data']['data']['password']

if password != 'Hashi123':
    sys.exit('unexpected password')

print('Access granted!')

Kasutamine 

# python3 example.py
True
Secret written successfully.
Access granted!

Ansible kasutamine

# cat hw.yml
---
- name: Hello World!
  hosts: all
 
  tasks:
 
  - name: Hello World!
    shell: echo "Hi! Tower is working."

  - name: imre test
    debug:
      msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"

# cat hosts
[dockerhost]
192.168.110.221

# ansible-playbook hw.yml

PLAY [Hello World!] 
****************************************************************************

TASK [Gathering Facts]
****************************************************************************

TASK [Hello World!] 
****************************************************************************
changed: [192.168.110.221]

TASK [imre test] 
****************************************************************************
ok: [192.168.110.221] => {
    "msg": {
        "password": "parool"
    }
}

PLAY RECAP 
****************************************************************************
192.168.110.221            : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Kasulikud lisamaterjalid

Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Vault_kasutamine&oldid=482"