Back Home

Overview

Dev Setup

vault server -dev

and without TLS you will need to export the http address:

set VAULT_ADDR=http://127.0.0.1:8200

Example Python Database Access

We enable the management of postgres in Vault. Note we need the postgres client “pq” installed for vault to validate the connection.

go get -v -u github.com/lib/pq

Now the setup: Step 1

 vault secrets enable postgresql

Step 2 configure a postgres datbase

vault write postgresql/config/connection connection_url="postgresql://postgres:xxxx@localhost:5432/postgres?sslmode=disable"

Where the db url is:

  • postgresql: for the database type
  • databasename:password@host:port
  • and parameters like sslmode=disable where it is not supported

We can configure a lease on the database with:

vault write postgresql/config/lease lease=10h lease_max=24h
vault write  postgresql/roles/readonly sql="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
Success! Data written to: postgresql/roles/readonly

Connections to Secrets Engine

https://www.vaultproject.io/docs/secrets/index.html

  • Active Directory and Azure Cloud
  • AWS Secrets
  • Database Secrets
  • Identity Secrets Engine

Vault and Mule

  • Vault component

Vault UI

By default on http://localhost:8200/ui

 
vault_notes.txt · Last modified: 2019/05/10 04:51 by root
 
RSS - 200 © CrosswireDigitialMedia Ltd