Skip to content

gnilchee/vault

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Getting Started

Generate self sign cert and keys before bring up Vault/etcd

  1. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault.key -out vault.crt

Initialize Vault

  1. curl -s -k -X PUT -d "{\"secret_shares\":5, \"secret_threshold\":3}" https://vault_url:8200/v1/sys/init
    • IMPORTANT Save the unseal keys and initial root token

Unseal the vault

  1. curl -s -k -X PUT -d '{"key": "unseal_key_1"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 1 of 3
  2. curl -s -k -X PUT -d '{"key": "unseal_key_2"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 2 of 3
  3. curl -s -k -X PUT -d '{"key": "unseal_key_3"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 3 of 3

Placing your first secret

  1. curl -s -k -X PUT -H "X-Vault-Token:<vault_token>" -d '{"value": "world"}' https://vault_url:8200/v1/secret/hello

Getting your first secret

  1. curl -s -k -X GET -H "X-Vault-Token:<vault_token>" https://vault_url:8200/v1/secret/hello
Note: You will need to unseal the Vault after restarts or if you tear down the container.

WARNING Do not remove the persistent data directory created after your first docker-compose up -d. This volume mount persist data for etcd to the host machine. If you remove this after tearing down the container your data will be lost.

Releases

No releases published

Packages

No packages published

Languages