Vault - заметки по использованию

Посмотреть список движков секретов

Copy
root@tfd:/data/git/iac2/15_astra# vault secrets list Path Type Accessor Description ---- ---- -------- ----------- consul/ consul consul_b2e31f66 n/a cubbyhole/ cubbyhole cubbyhole_7ca6cbc2 per-token private secret storage identity/ identity identity_0adb11a0 identity store kv/ kv kv_6296c4d0 n/a sys/ system system_894f1e1d system endpoints used for control, policy and debugging vmware/ kv kv_f7bb2d52 n/a windows/ kv kv_9545bced n/a

Настраиваем точку входа в consul engine

Copy
# vault write consul/config/access address="172.27.157.11:8500" Success! Data written to: consul/config/access
Copy
# vault read consul/config/access Key Value --- ----- address 172.27.157.11:8500 scheme http

Генерируем токен доступа

Copy
# vault write consul/config/access address="10.55.82.48:8500" Success! Data written to: consul/config/access root@tfd:/data/git/iac2/15_astra# CONSUL_HTTP_TOKEN="<bootstrap-token>" consul acl token create -policy-name="global-management" Failed to create new token: Unexpected response code: 401 (ACL support disabled)
Здесь не сработало, т.к. у нас отключена поддержка ACL в consul