Vault kasutamine

Sissejuhatus

TODO

Testiks vault käivitamiseks sobib öelda dockerhostis

TODO

Tulemusena TODO

vault klient

TODO

Python

Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek

# apt-get install python3-hvac

Test skript

# cat example.py
import hvac
import sys

# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())

# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
    path='my-secret-password-imre',
    secret=dict(password='Hashi123'),
)

print('Secret written successfully.')

# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)

password = read_response['data']['data']['password']

if password != 'Hashi123':
    sys.exit('unexpected password')

print('Access granted!')

Kasutamine

# python3 example.py
True
Secret written successfully.
Access granted!

Ansible kasutamine

# cat hw.yml
---
- name: Hello World!
  hosts: all
 
  tasks:
 
  - name: Hello World!
    shell: echo "Hi! Tower is working."

  - name: imre test
    debug:
      msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"

# cat hosts
[dockerhost]
192.168.110.221

# ansible-playbook hw.yml

PLAY [Hello World!] 
****************************************************************************

TASK [Gathering Facts]
****************************************************************************

TASK [Hello World!] 
****************************************************************************
changed: [192.168.110.221]

TASK [imre test] 
****************************************************************************
ok: [192.168.110.221] => {
    "msg": {
        "password": "parool"
    }
}

PLAY RECAP 
****************************************************************************
192.168.110.221            : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 

Kasulikud lisamaterjalid

• https://www.youtube.com/watch?v=Oyvnicmxmbo
• https://www.youtube.com/watch?v=b_2lo30g0RU