Vault

https://github.com/hashicorp/vault

Install:

https://learn.hashicorp.com/tutorials/vault/getting-started-install

CLI

可以通过环境变量或者命令行参数指定server:

-address VAULT_ADDR
-namespace VAULT_NAMESPACE
vault [subcommand] -address="https://server:8200"

server:

// 启动vault
$ vault server -config=/etc/vault/config.hcl

agent:

$ vault agent

login:

$ vault login

operator:

// init生成keys和token.
$ vault operator init

// 通过keys  unseal
$ vault operator unseal

// 通过token seal
$ vault operator seal

auth:

// 查看auth
$ vault auth list

secrets

// 查看secrets engine
$ vault secrets list

// enable kv
$ vault secrets enable -path=<ns>/<name> kv
$ vault secrets enable kv

// disable kv
$ vault secrets disable kv

// 创建一个database engine
vault secrets enable -path <ns>/mysql database
// 创建rabbitmq engine
vault secrets enable -path <ns>/rabbitmq rabbitmq

policy

// 查看policy
$ vault policy list

// 创建policy
$ vault policy write <my-policy> ./my-policy.hcl

plugin:

$ vault plugin list database

read/write/delete/list:

$ vault read
$ vault write
$ vault write my-secret/my-app my-field=value
$ vault delete
$ vault list

API

https://www.vaultproject.io/api-docs

$ curl --header "X-Vault-Token: TOKEN" https://FQDN/v1/<engine-path>/data/<secret-path>
$ curl --header "X-Vault-Token: TOKEN" https://FQDN/v1/<engine-path>/data/<secret-path>?version=<version>

auth methods

https://www.vaultproject.io/docs/auth

secrets engine

https://www.vaultproject.io/docs/secrets