Vault kasutamine: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== TODO ===Ansible kasutamine=== <pre> # cat hw.yml --- - name: Hello World! hosts: all tasks: - name: Hello World! shell: echo "Hi! Tower is wor...') |
Resümee puudub |
||
| 2. rida: | 2. rida: | ||
TODO |
TODO |
||
| + | |||
| + | ===Python=== |
||
| + | |||
| + | <pre> |
||
| + | # cat example.py |
||
| + | import hvac |
||
| + | import sys |
||
| + | |||
| + | # Authentication |
||
| + | client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token") |
||
| + | print(client.is_authenticated()) |
||
| + | |||
| + | # Writing a secret |
||
| + | create_response = client.secrets.kv.v2.create_or_update_secret( |
||
| + | path='my-secret-password-imre', |
||
| + | secret=dict(password='Hashi123'), |
||
| + | ) |
||
| + | |||
| + | print('Secret written successfully.') |
||
| + | |||
| + | # Reading a secret |
||
| + | read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',) |
||
| + | |||
| + | password = read_response['data']['data']['password'] |
||
| + | |||
| + | if password != 'Hashi123': |
||
| + | sys.exit('unexpected password') |
||
| + | |||
| + | print('Access granted!') |
||
| + | </pre> |
||
===Ansible kasutamine=== |
===Ansible kasutamine=== |
||
Redaktsioon: 13. jaanuar 2023, kell 02:42
Sissejuhatus
TODO
Python
# cat example.py
import hvac
import sys
# Authentication
client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token")
print(client.is_authenticated())
# Writing a secret
create_response = client.secrets.kv.v2.create_or_update_secret(
path='my-secret-password-imre',
secret=dict(password='Hashi123'),
)
print('Secret written successfully.')
# Reading a secret
read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',)
password = read_response['data']['data']['password']
if password != 'Hashi123':
sys.exit('unexpected password')
print('Access granted!')
Ansible kasutamine
# cat hw.yml
---
- name: Hello World!
hosts: all
tasks:
- name: Hello World!
shell: echo "Hi! Tower is working."
- name: imre test
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}"
# cat hosts
[dockerhost]
192.168.110.221
# ansible-playbook hw.yml
PLAY [Hello World!]
****************************************************************************
TASK [Gathering Facts]
****************************************************************************
TASK [Hello World!]
****************************************************************************
changed: [192.168.110.221]
TASK [imre test]
****************************************************************************
ok: [192.168.110.221] => {
"msg": {
"password": "parool"
}
}
PLAY RECAP
****************************************************************************
192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
