Skip to content

Instantly share code, notes, and snippets.

View solovyovk's full-sized avatar

Kostiantyn Soloviov solovyovk

View GitHub Profile
@solovyovk
solovyovk / HashiCorp Vault - methods of writing ACL policies
Created October 5, 2021 18:14 — forked from greenbrian/HashiCorp Vault - methods of writing ACL policies
HashiCorp Vault - methods of writing ACL policies
There are many methods for writing Vault policies.
This gist was created to collect the most common methods
such that they can be easily used as references for syntax,
as well as evaluation for which method suits a particular purpose.
TODO:
- Add complex policy examples
- Add @json.file examples
@solovyovk
solovyovk / nomad-vault.sh
Created October 5, 2021 18:13 — forked from greenbrian/nomad-vault.sh
Nomad + Vault agent
#!/usr/bin/env bash
if [ -f /mnt/ramdisk/token ]; then
exec env VAULT_TOKEN=$(vault unwrap -field=token $(jq -r '.token' /mnt/ramdisk/token)) \
/usr/local/bin/nomad agent \
-config=/etc/nomad.d \
-vault-tls-skip-verify=true
else
echo "Nomad service failed due to missing Vault token"
exit 1
@solovyovk
solovyovk / approle.sh
Created October 5, 2021 18:13 — forked from greenbrian/approle.sh
Vault CLI testing AppRole
#!/bin/bash
# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200
# login as root - DO NOT DO THIS IN PRODUCTION
vault login root
# write some secrets
vault kv put secret/test color=blue number=eleventeen
@solovyovk
solovyovk / vault_demo.sh
Created October 5, 2021 18:12 — forked from greenbrian/vault_demo.sh
Quick Vault demo usage
#!/bin/bash
## The following command starts Vault in development mode
## specifiying a root token value of 'root'
##
# VAULT_UI=true vault server -dev -dev-root-token-id="root"
## Login with root token
## Good for demo mode, should only be used on production cluster
## during initial configuration
@solovyovk
solovyovk / vault-token-role-via-api.sh
Created October 5, 2021 18:12 — forked from greenbrian/vault-token-role-via-api.sh
HashiCorp Vault Token Role overview
# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"
# write some secrets for our example usage
curl --request POST \
--silent \
--header "X-Vault-Token: password" \
--header "Content-Type: application/json" \
--data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
http://127.0.0.1:8200/v1/secret/data/dev | jq '.'