반응형
hashicorp vault 설정 방법
테스트 환경
$ vault version
Vault v1.12.2 (415e1fe3118eebd5df6cb60d13defdc01aa17b03), built 2022-11-23T12:53:46Z
seal 및 HA 상태 표시
- Initialized false
vault status -tls-skip-verify
$ vault status -tls-skip-verify
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 0/3
Unseal Nonce n/a
Version 1.12.2
Build Date 2022-11-23T12:53:46Z
Storage Type file
HA Enabled false
vault status -output-curl-string
$ vault status -output-curl-string
curl -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status
curl -sSfL -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status | jq
$ curl -sSfL -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status | jq
{
"type": "shamir",
"initialized": true,
"sealed": false,
"t": 3,
"n": 5,
"progress": 0,
"nonce": "",
"version": "1.12.2",
"build_date": "2022-11-23T12:53:46Z",
"migration": false,
"cluster_name": "vault-cluster-81637fc9",
"cluster_id": "a0c6fdd0-cbf9-3214-dcbc-6f50584e2750",
"recovery_seal": false,
"storage_type": "file"
}
볼트 로그인(vault login)
vault login hvs.7axXYWtfZ4qBwrvwDmoPONrc
secret 목록 확인
vault secrets list
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_b3b398e6 per-token private secret storage
identity/ identity identity_224e21fb identity store
sys/ system system_f94fdca9 system endpoints used for control, policy and debugging
비밀 엔진 활성화(secrets engine)
vault secrets enable kv
$ vault secrets enable kv
Success! Enabled the kv secrets engine at: kv/
vault secrets list
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_6ce97c6a per-token private secret storage
identity/ identity identity_ee6d38ea identity store
kv/ kv kv_10ef1cc7 n/a
sys/ system system_aaae3d69 system endpoints used for control, policy and debugging
secret 생성
vault kv put kv/hello target=world
$ vault kv put kv/hello target=world
Success! Data written to: kv/hello
vault kv get kv/hello
$ vault kv get kv/hello
===== Data =====
Key Value
--- -----
target world
secret my-secret 생성
vault kv put kv/my-secret value="s3c(eT"
$ vault kv put kv/my-secret value="s3c(eT"
Success! Data written to: kv/my-secret
vault kv get kv/my-secret
$ vault kv get kv/my-secret
==== Data ====
Key Value
--- -----
value s3c(eT
secret my-secret 삭제
vault kv delete kv/my-secret
$ vault kv delete kv/my-secret
Success! Data deleted (if it existed) at: kv/my-secret
비밀 엔진 비활성화(secrets engine)
vault secrets disable kv/
$ vault secrets disable kv/
Success! Disabled the secrets engine (if it existed) at: kv/
vault status
$ vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 0/3
Unseal Nonce n/a
Version 1.12.2
Build Date 2022-11-23T12:53:46Z
Storage Type file
HA Enabled false
참고URL
- Secrets Engines : https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-secrets-engines
- Getting Started : https://developer.hashicorp.com/vault/tutorials/getting-started
728x90
반응형
'리눅스' 카테고리의 다른 글
HashiCorp Vault SSH Client-Signer Secrets Engine을 통한 SSH 인증 구성 방법 (0) | 2023.01.18 |
---|---|
[리눅스] 도커 컨테이너에 vault 설치하기(test) (0) | 2023.01.18 |
우분투에 HashiCorp Vault를 설치하는 방법 (0) | 2023.01.18 |
CentOS 7 컨테이너 내에서 systemctl을 사용하는 방법(centos init) (0) | 2023.01.18 |
systemctl 명령을 찾을 수 없음 (0) | 2023.01.18 |