- Create app role:
curl -X POST -H "X-Vault-Token:${vault-token}" -d '{"type":"approle"}' http://127.0.0.1:8200/v1/sys/auth/approle
- Add policies:
curl -X POST -H "X-Vault-Token:${vault-token}" -d '{"policies":"dev-policy,test-policy"}' http://127.0.0.1:8200/v1/auth/approle/role/testrole
- Get role id and secret:
curl -X GET -H "X-Vault-Token:${vault-token}" http://127.0.0.1:8200/v1/auth/approle/role/testrole/role-id | jq .
curl -X POST -H "X-Vault-Token:${vault-token}" http://127.0.0.1:8200/v1/auth/approle/role/testrole/secret-id | jq .
- Get client token:
curl -X POST -d '{"role_id":"${role-id}","secret_id":"${secret-id}"}' http://127.0.0.1:8200/v1/auth/approle/login | jq .
- Create kv engine mount:
tee payload.json <<EOF
{
"type": "kv",
"options": {
"version": "1"
}
}
EOF
curl --header "X-Vault-Token:${vault-token}" --request POST --data @payload.json http://127.0.0.1:8200/v1/sys/mounts/secret
- Store data:
tee payload.json <<EOF
{
"value": "localhost"
}
EOF
curl --header "X-Vault-Token:${vault-token}" --request POST --data @payload.json http://127.0.0.1:8200/v1/secret/dev/esb.host
tee payload.json <<EOF
{
"value": "9443"
}
EOF
curl --header "X-Vault-Token:${vault-token}" --request POST --data @payload.json http://127.0.0.1:8200/v1/secret/dev/esb.port
- Retrieve data:
curl -H "X-Vault-Token:${vault-token}" http://127.0.0.1:8200/v1/secret/dev/esb.host | jq .data.value | sed 's/"//g'
curl -H "X-Vault-Token:${vault-token}" http://127.0.0.1:8200/v1/secret/dev/esb.port | jq .data.value | sed 's/"//g'
No comments:
Post a Comment