Vault kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Python
# cat example.py
import hvac
import sys
# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())
# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
path='my-secret-password-imre',
secret=dict(password='Hashi123'),
)
print('Secret written successfully.')
# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)
password = read_response['data']['data']['password']
if password != 'Hashi123':
sys.exit('unexpected password')
print('Access granted!')
Ansible kasutamine
# cat hw.yml
---
- name: Hello World!
hosts: all
tasks:
- name: Hello World!
shell: echo "Hi! Tower is working."
- name: imre test
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"
# cat hosts
[dockerhost]
192.168.110.221
# ansible-playbook hw.yml
PLAY [Hello World!]
****************************************************************************
TASK [Gathering Facts]
****************************************************************************
TASK [Hello World!]
****************************************************************************
changed: [192.168.110.221]
TASK [imre test]
****************************************************************************
ok: [192.168.110.221] => {
"msg": {
"password": "parool"
}
}
PLAY RECAP
****************************************************************************
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
