Vault kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Testiks vault käivitamiseks sobib öelda dockerhostis
TODO
Tulemusena TODO
vault klient
TODO
Python
Oluline on kasutada sobivat versiooni Pythonit, nt Ubuntu 22.04 paistab toimivat, paigaldatakse hashicorp-vault-client-api teek
# apt-get install python3-hvac
Test skript
# cat example.py
import hvac
import sys
# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())
# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
path='my-secret-password-imre',
secret=dict(password='Hashi123'),
)
print('Secret written successfully.')
# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)
password = read_response['data']['data']['password']
if password != 'Hashi123':
sys.exit('unexpected password')
print('Access granted!')
Kasutamine
# python3 example.py True Secret written successfully. Access granted!
Ansible kasutamine
# cat hw.yml
---
- name: Hello World!
hosts: all
tasks:
- name: Hello World!
shell: echo "Hi! Tower is working."
- name: imre test
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"
# cat hosts
[dockerhost]
192.168.110.221
# ansible-playbook hw.yml
PLAY [Hello World!]
****************************************************************************
TASK [Gathering Facts]
****************************************************************************
TASK [Hello World!]
****************************************************************************
changed: [192.168.110.221]
TASK [imre test]
****************************************************************************
ok: [192.168.110.221] => {
"msg": {
"password": "parool"
}
}
PLAY RECAP
****************************************************************************
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
