Vault

개발환경

Vault

iwoohaha 2023. 6. 9. 15:23

[Install]

sudo apt-get install curl

sudo curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
 
sudo apt-get update

sudo apt-get install vault

[config]

sudo mkdir -p /home/ubuntu/vault/config /home/ubuntu/vault/file

sudo vi /home/ubuntu/vault/config/config.hcl

ui = true
api_addr = "http://192.168.0.84:8200" # vault 서버 주소

listener "tcp" {
    address = "0.0.0.0:8200"
    tls_disable = "true"
}

storage "file" {
    path = "/home/ubuntu/vault/file"
}

[run]

sudo vault server -config /home/ubuntu/vault/config/config.hcl

[config2]

sudo mkdir -p /home/ubuntu/vault/file_backend

sudo vi /home/ubuntu/vault/config/f.hcl

ui = true
disable_mlock = true

backend "file" {
  path = "/home/ubuntu/vault/file_backend"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "true"
}

raw_storage_endpoint = true

api_addr = "http://192.168.0.84:8200"
cluster_addr = "http://192.168.0.84:8201"

[run2]

sudo vault server -config /home/ubuntu/vault/config/f.hcl

[web]

http://192.168.0.84:8200

https://sg-choi.tistory.com/622

[Vault] Vault 설치

Ubuntu에 설치 설치 스크립트 curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - \ && sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ && sudo apt update \ && sudo apt instal

sg-choi.tistory.com

https://www.twilio.com/blog/get-secrets-from-hashicorp-vault-into-dotnet-configuration-with-csharp

How to get secrets from HashiCorp Vault into .NET configuration with C#

Learn how to read secrets and sensitive information from HashiCorp Vault and load it into .NET configuration with C#.

www.twilio.com

[Initialize]

[Unseal]

Download keys 파일의 keys 항목의 값을 사용하여 Unseal

root_token 값을 입력하여 Sign In

vault kv get -mount=secret test
또는 vault kv get secret/test

== Secret Path ==
secret/data/test

======= Metadata =======
Key                Value
---                -----
created_time       2023-06-09T06:57:25.961972716Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            1

===== Data =====
Key       Value
---       -----
testid    woohaha

woohaha@woohaha-virtual-machine:/home/ubuntu/vault/file_backend$ vault kv get secret/test
== Secret Path ==
secret/data/test

======= Metadata =======
Key                Value
---                -----
created_time       2023-06-09T06:57:25.961972716Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            1

===== Data =====
Key       Value
---       -----
testid    woohaha
woohaha@woohaha-virtual-machine:/home/ubuntu/vault/file_backend$ vault kv put secret/test foo=world
== Secret Path ==
secret/data/test

======= Metadata =======
Key                Value
---                -----
created_time       2023-06-09T07:47:54.050911941Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            2
woohaha@woohaha-virtual-machine:/home/ubuntu/vault/file_backend$ vault kv get secret/test
== Secret Path ==
secret/data/test

======= Metadata =======
Key                Value
---                -----
created_time       2023-06-09T07:47:54.050911941Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            2

=== Data ===
Key    Value
---    -----
foo    world