Skip to content

Latest commit

 

History

History
25 lines (19 loc) · 1.33 KB

README.md

File metadata and controls

25 lines (19 loc) · 1.33 KB
Raw

Getting Started

Generate self sign cert and keys before bring up Vault/etcd

  1. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault.key -out vault.crt

Initialize Vault

  1. curl -s -k -X PUT -d "{\"secret_shares\":5, \"secret_threshold\":3}" https://vault_url:8200/v1/sys/init
    • IMPORTANT Save the unseal keys and initial root token

Unseal the vault

  1. curl -s -k -X PUT -d '{"key": "unseal_key_1"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 1 of 3
  2. curl -s -k -X PUT -d '{"key": "unseal_key_2"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 2 of 3
  3. curl -s -k -X PUT -d '{"key": "unseal_key_3"}' https://vault_url:8200/v1/sys/unseal
    • Unseal progress 3 of 3

Placing your first secret

  1. curl -s -k -X PUT -H "X-Vault-Token:<vault_token>" -d '{"value": "world"}' https://vault_url:8200/v1/secret/hello

Getting your first secret

  1. curl -s -k -X GET -H "X-Vault-Token:<vault_token>" https://vault_url:8200/v1/secret/hello
Note: You will need to unseal the Vault after restarts or if you tear down the container.

WARNING Do not remove the persistent data directory created after your first docker-compose up -d. This volume mount persist data for etcd to the host machine. If you remove this after tearing down the container your data will be lost.