Vault kasutamine: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== TODO ===Ansible kasutamine=== <pre> # cat hw.yml --- - name: Hello World! hosts: all tasks: - name: Hello World! shell: echo "Hi! Tower is wor...') |
Resümee puudub |
||
2. rida: | 2. rida: | ||
TODO |
TODO |
||
+ | |||
+ | ===Python=== |
||
+ | |||
+ | <pre> |
||
+ | # cat example.py |
||
+ | import hvac |
||
+ | import sys |
||
+ | |||
+ | # Authentication |
||
+ | client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token") |
||
+ | print(client.is_authenticated()) |
||
+ | |||
+ | # Writing a secret |
||
+ | create_response = client.secrets.kv.v2.create_or_update_secret( |
||
+ | path='my-secret-password-imre', |
||
+ | secret=dict(password='Hashi123'), |
||
+ | ) |
||
+ | |||
+ | print('Secret written successfully.') |
||
+ | |||
+ | # Reading a secret |
||
+ | read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',) |
||
+ | |||
+ | password = read_response['data']['data']['password'] |
||
+ | |||
+ | if password != 'Hashi123': |
||
+ | sys.exit('unexpected password') |
||
+ | |||
+ | print('Access granted!') |
||
+ | </pre> |
||
===Ansible kasutamine=== |
===Ansible kasutamine=== |
Redaktsioon: 13. jaanuar 2023, kell 02:42
Sissejuhatus
TODO
Python
# cat example.py import hvac import sys # Authentication client = hvac.Client(url='http://192.168.110.221:8200', token="dev-only-token") print(client.is_authenticated()) # Writing a secret create_response = client.secrets.kv.v2.create_or_update_secret( path='my-secret-password-imre', secret=dict(password='Hashi123'), ) print('Secret written successfully.') # Reading a secret read_response = client.secrets.kv.v2.read_secret_version(path='my-secret-password-imre',) password = read_response['data']['data']['password'] if password != 'Hashi123': sys.exit('unexpected password') print('Access granted!')
Ansible kasutamine
# cat hw.yml --- - name: Hello World! hosts: all tasks: - name: Hello World! shell: echo "Hi! Tower is working." - name: imre test debug: msg: "{{ lookup('hashi_vault', 'secret=secret/data/my-secret-password-imre token=dev-only-token url=http://192.168.110.221:8200')}}" # cat hosts [dockerhost] 192.168.110.221 # ansible-playbook hw.yml PLAY [Hello World!] **************************************************************************** TASK [Gathering Facts] **************************************************************************** TASK [Hello World!] **************************************************************************** changed: [192.168.110.221] TASK [imre test] **************************************************************************** ok: [192.168.110.221] => { "msg": { "password": "parool" } } PLAY RECAP **************************************************************************** 192.168.110.221 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0