Skip to content

GitLab

Switch branch/tag
  1. 18 Nov, 2020 4 commits
  3. 25 May, 2020 2 commits
  5. 06 May, 2020 2 commits
    • Yura Shutkin's avatar
      Fix indentation of comment · 3983119c
      Yura Shutkin authored
      3983119c
    • Yura Shutkin's avatar
      Add ro on postgres database · 48525ef0
      Yura Shutkin authored 
      I still can't figure how to specify pgsql schema in template. I used {{schema}} and {{search_path}} but both seems empty in creation script.
Tested creation of creds after root creds rotated. Probably I should test new role creation after rotate
      48525ef0
  7. 05 May, 2020 2 commits
    • Yura Shutkin's avatar
      Update config, initial sql script, fix .env.example, add README and Makefile,... · 55df98d3
      Yura Shutkin authored 
      Update config, initial sql script, fix .env.example, add README and Makefile, move logging into proto, add capabilities

* Update config so Vault will use specific pgsql schema and and creds with ha_locks table as well
* Disable proxy_protocol so you can access vault directly without web proxy
* Specify seal type just for removing annoying warning at vault start
* Create new db, schema, role and hardening permissions on tables
* PGSQL data will be stored in docker volume
* Vault config will be mounted into docker not a directory. Be cause I did not found how prevent Vault init script to change rights on files inside configs directory
* Makefile and README contains goals and descriptions for guide https://learn.hashicorp.com/vault/secrets-management/sm-dynamic-secrets
* Payloads is still in WIP status and added for future
      55df98d3
    • Yura Shutkin's avatar
      Add usage of log driver local with also log format json · 8e3440d8
      Yura Shutkin authored 
      This will not convert any message of vault logs into JSON, but docker logs will looks like
```
docker logs vault-dev-single_server_1
==> Vault server configuration:

                     Cgo: disabled
              Listener 1: tcp (addr: "192.168.9.2:8200", cluster address: "192.168.9.2:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: trace
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: file
                 Version: Vault v1.4.0

==> Vault server started! Log data will stream in below:

{"@level":"info","@message":"proxy environment","@timestamp":"2020-05-05T11:06:51.170431Z","http_proxy":"","https_proxy":"","no_proxy":""}
{"@level":"warn","@message":"no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set","@timestamp":"2020-05-05T11:06:51.170623Z"}
{"@level":"debug","@message":"creating LRU cache","@module":"storage.cache","@timestamp":"2020-05-05T11:06:51.170692Z","size":0}
{"@level":"debug","@message":"cluster listener addresses synthesized","@timestamp":"2020-05-05T11:06:51.170961Z","cluster_addresses":[{"IP":"192.168.9.2","Port":8201,"Zone":""}]}
{"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418896Z"}
{"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418921Z"}
{"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.208017Z"}
{"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.698744Z"}
{"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.699490Z"}
{"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739158Z"}
{"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739826Z"}
{"@level":"error","@message":"no seal config found, can't determine if legacy or new-style shamir","@module":"core","@timestamp":"2020-05-05T11:07:13.256253Z"}
{"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256341Z"}
{"@level":"info","@message":"security barrier initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256895Z","shares":1,"stored":1,"threshold":1}
{"@level":"debug","@message":"cluster name not found/set, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257347Z"}
{"@level":"debug","@message":"cluster name set","@module":"core","@timestamp":"2020-05-05T11:07:13.257371Z","name":"vault-cluster-dea037e7"}
{"@level":"debug","@message":"cluster ID not found, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257381Z"}
{"@level":"debug","@message":"cluster ID set","@module":"core","@timestamp":"2020-05-05T11:07:13.257397Z","id":"fb33ef93-761c-0fca-2434-b661678d795d"}
{"@level":"info","@message":"post-unseal setup starting","@module":"core","@timestamp":"2020-05-05T11:07:13.257565Z"}
```
      8e3440d8
  9. 13 Apr, 2020 2 commits
  11. 10 Apr, 2020 1 commit
  13. 09 Apr, 2020 3 commits
  15. 04 Mar, 2020 3 commits
  17. 02 Mar, 2020 1 commit
  19. 28 Jan, 2020 2 commits
  21. 13 Dec, 2019 1 commit
  23. 09 Dec, 2019 1 commit
  25. 19 Sep, 2019 2 commits
  27. 17 Sep, 2019 1 commit
  29. 11 Sep, 2019 1 commit
  31. 28 Aug, 2019 1 commit
  33. 26 Aug, 2019 1 commit
  35. 23 Aug, 2019 2 commits
  37. 22 Aug, 2019 1 commit
  39. 29 Mar, 2019 2 commits
  41. 28 Mar, 2019 2 commits
  43. 21 Mar, 2019 3 commits