본문 바로가기

리눅스

[리눅스] hashicorp vault 설정 방법

반응형

hashicorp vault 설정 방법

테스트 환경

$ vault version 
Vault v1.12.2 (415e1fe3118eebd5df6cb60d13defdc01aa17b03), built 2022-11-23T12:53:46Z

seal 및 HA 상태 표시

- Initialized false

vault status -tls-skip-verify
$ vault status -tls-skip-verify
Key                Value
---                -----
Seal Type          shamir
Initialized        true
Sealed             true
Total Shares       5
Threshold          3
Unseal Progress    0/3
Unseal Nonce       n/a
Version            1.12.2
Build Date         2022-11-23T12:53:46Z
Storage Type       file
HA Enabled         false

 

vault status -output-curl-string
$ vault status -output-curl-string
curl -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status

 

curl -sSfL -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status | jq
$ curl -sSfL -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/sys/seal-status | jq
{
  "type": "shamir",
  "initialized": true,
  "sealed": false,
  "t": 3,
  "n": 5,
  "progress": 0,
  "nonce": "",
  "version": "1.12.2",
  "build_date": "2022-11-23T12:53:46Z",
  "migration": false,
  "cluster_name": "vault-cluster-81637fc9",
  "cluster_id": "a0c6fdd0-cbf9-3214-dcbc-6f50584e2750",
  "recovery_seal": false,
  "storage_type": "file"
}

볼트 로그인(vault login)

vault login hvs.7axXYWtfZ4qBwrvwDmoPONrc

secret 목록 확인

vault secrets list
$ vault secrets list                         
Path          Type         Accessor              Description
----          ----         --------              -----------
cubbyhole/    cubbyhole    cubbyhole_b3b398e6    per-token private secret storage
identity/     identity     identity_224e21fb     identity store
sys/          system       system_f94fdca9       system endpoints used for control, policy and debugging

비밀 엔진 활성화(secrets engine)

vault secrets enable kv
$ vault secrets enable kv
Success! Enabled the kv secrets engine at: kv/
vault secrets list
$ vault secrets list     
Path          Type         Accessor              Description
----          ----         --------              -----------
cubbyhole/    cubbyhole    cubbyhole_6ce97c6a    per-token private secret storage
identity/     identity     identity_ee6d38ea     identity store
kv/           kv           kv_10ef1cc7           n/a
sys/          system       system_aaae3d69       system endpoints used for control, policy and debugging

secret 생성

vault kv put kv/hello target=world
$ vault kv put kv/hello target=world
Success! Data written to: kv/hello
vault kv get kv/hello
$ vault kv get kv/hello
===== Data =====
Key       Value
---       -----
target    world

secret my-secret 생성

vault kv put kv/my-secret value="s3c(eT"
$ vault kv put kv/my-secret value="s3c(eT"
Success! Data written to: kv/my-secret
vault kv get kv/my-secret
$ vault kv get kv/my-secret
==== Data ====
Key      Value
---      -----
value    s3c(eT

secret my-secret 삭제

vault kv delete kv/my-secret
$ vault kv delete kv/my-secret
Success! Data deleted (if it existed) at: kv/my-secret

비밀 엔진 비활성화(secrets engine)

vault secrets disable kv/
$ vault secrets disable kv/
Success! Disabled the secrets engine (if it existed) at: kv/

vault status
$ vault status
Key                Value
---                -----
Seal Type          shamir
Initialized        true
Sealed             true
Total Shares       5
Threshold          3
Unseal Progress    0/3
Unseal Nonce       n/a
Version            1.12.2
Build Date         2022-11-23T12:53:46Z
Storage Type       file
HA Enabled         false

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

참고URL

- Secrets Engines : https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-secrets-engines

- Getting Started : https://developer.hashicorp.com/vault/tutorials/getting-started

 

728x90
반응형