Tomas Lipensky - vedomostni koutek

Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sw:vault [2024/04/26 10:40]
tomas [CLI] 		sw:vault [2024/05/09 13:58] (current)
tomas
Line 4: Line 4:
 ==== URL ==== ==== URL ====
 https://SERVER.cz:8200/ui/vault/storage/raft ... ukáže seznam nodá a který je aktivní\\ https://SERVER.cz:8200/ui/vault/storage/raft ... ukáže seznam nodá a který je aktivní\\
 +/v1/sys/health ... stav o zdraví služby\\
  
  
Line 11: Line 12:
 VAULT_SKIP_VERIFY ... ignoruje nevalidní certifikát\\ VAULT_SKIP_VERIFY ... ignoruje nevalidní certifikát\\
 VAULT_ADDR=https://aaa.bbb.ccc ... nastavení URL pro vault server\\ VAULT_ADDR=https://aaa.bbb.ccc ... nastavení URL pro vault server\\
 +
 +== systém ==
 +vault secret list ... seznam včech secret enginu\\
 +vault list auth/token/accessors ... seznam všech tokenů\\
 +vault list identity/entity/id ... seznam entit\\
 +vault list identity/entity/id ... seznam entit\\
 +vault list identity/entity-alias/id ... seznam entit\\
 +vault auth list ... seznam authentikačních mechanizmů\\
 +vault auth enable -path="userpass-test" userpass ... povolí authentifikaci userpass\\
 +vault login -method=userpass user=tomas ... přihlášení pomocí userpass\\
 +vault policy list ... seznam policy\\
 +vault policy read aaa ... ukáže definici policy aaa\\
 +vault token capabilities secret/data/training_test ... informace o možnostech tokenu na daný objekt\\
 +vault write -format=json identity/entity name="bob-smith" policies="base" metadata=organization="ACME Inc."  metadata=team="QA" ... vatvoří entitu\\
 +vault write identity/entity-alias name="bob" canonical_id=$(cat entity_id.txt)  mount_accessor=$(cat accessor_test.txt)  custom_metadata=account="Tester Account" ... vytvoří entity alias\\
 +
  
 == Práce se secretama a hodnotama == == Práce se secretama a hodnotama ==
Line 33: Line 50:
 == Vault v Dockeru, backup/restore == == Vault v Dockeru, backup/restore ==
 docker volume create vault-volume\\ docker volume create vault-volume\\
-docker run --rm -it --name vault_local --cap-add=IPC_LOCK -e VAULT_ADDR='http://0.0.0.0:8200' -e 'VAULT_LOCAL_CONFIG={"storage": {"raft": {"path": "/vault/"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true, "cluster_addr": "http://127.0.0.1:8201", "api_addr": "http://0.0.0.0:8200"}' -p 8200:8200 -v vault-volume:/vault vault:1.13.server\\+%%docker run --rm -it --name vault_local --cap-add=IPC_LOCK -e VAULT_ADDR='http://0.0.0.0:8200' -e 'VAULT_LOCAL_CONFIG={"storage": {"raft": {"path": "/vault/"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true, "cluster_addr": "http://127.0.0.1:8201", "api_addr": "http://0.0.0.0:8200"}' -p 8200:8200 -v vault-volume:/vault hashicorp/vault:1.14.10 server%%\\
 docker cp vault-snap/vault-raft-2023-11-24-14-45-00.snapshot vault_local:/tmp\\ docker cp vault-snap/vault-raft-2023-11-24-14-45-00.snapshot vault_local:/tmp\\
 docker exec -it vault_local /bin/sh\\ docker exec -it vault_local /bin/sh\\
Last modified: 2024/04/26 10:40
GNU Free Documentation License 1.3 Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3