- 18 Nov, 2020 4 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
Yura Shutkin authored
Add hashi_vault example See merge request !2
-
Yura Shutkin authored
-
- 25 May, 2020 2 commits
-
-
Yura Shutkin authored
Vault pki See merge request !1
-
Yura Shutkin authored
* You can use custom certificate encoded in x509 or generate CA with Hashicorp Vault
-
- 06 May, 2020 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
I still can't figure how to specify pgsql schema in template. I used {{schema}} and {{search_path}} but both seems empty in creation script. Tested creation of creds after root creds rotated. Probably I should test new role creation after rotate
-
- 05 May, 2020 2 commits
-
-
Yura Shutkin authored
Update config, initial sql script, fix .env.example, add README and Makefile, move logging into proto, add capabilities * Update config so Vault will use specific pgsql schema and and creds with ha_locks table as well * Disable proxy_protocol so you can access vault directly without web proxy * Specify seal type just for removing annoying warning at vault start * Create new db, schema, role and hardening permissions on tables * PGSQL data will be stored in docker volume * Vault config will be mounted into docker not a directory. Be cause I did not found how prevent Vault init script to change rights on files inside configs directory * Makefile and README contains goals and descriptions for guide https://learn.hashicorp.com/vault/secrets-management/sm-dynamic-secrets * Payloads is still in WIP status and added for future
-
Yura Shutkin authored
This will not convert any message of vault logs into JSON, but docker logs will looks like ``` docker logs vault-dev-single_server_1 ==> Vault server configuration: Cgo: disabled Listener 1: tcp (addr: "192.168.9.2:8200", cluster address: "192.168.9.2:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled") Log Level: trace Mlock: supported: true, enabled: false Recovery Mode: false Storage: file Version: Vault v1.4.0 ==> Vault server started! Log data will stream in below: {"@level":"info","@message":"proxy environment","@timestamp":"2020-05-05T11:06:51.170431Z","http_proxy":"","https_proxy":"","no_proxy":""} {"@level":"warn","@message":"no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set","@timestamp":"2020-05-05T11:06:51.170623Z"} {"@level":"debug","@message":"creating LRU cache","@module":"storage.cache","@timestamp":"2020-05-05T11:06:51.170692Z","size":0} {"@level":"debug","@message":"cluster listener addresses synthesized","@timestamp":"2020-05-05T11:06:51.170961Z","cluster_addresses":[{"IP":"192.168.9.2","Port":8201,"Zone":""}]} {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418896Z"} {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418921Z"} {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.208017Z"} {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.698744Z"} {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.699490Z"} {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739158Z"} {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739826Z"} {"@level":"error","@message":"no seal config found, can't determine if legacy or new-style shamir","@module":"core","@timestamp":"2020-05-05T11:07:13.256253Z"} {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256341Z"} {"@level":"info","@message":"security barrier initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256895Z","shares":1,"stored":1,"threshold":1} {"@level":"debug","@message":"cluster name not found/set, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257347Z"} {"@level":"debug","@message":"cluster name set","@module":"core","@timestamp":"2020-05-05T11:07:13.257371Z","name":"vault-cluster-dea037e7"} {"@level":"debug","@message":"cluster ID not found, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257381Z"} {"@level":"debug","@message":"cluster ID set","@module":"core","@timestamp":"2020-05-05T11:07:13.257397Z","id":"fb33ef93-761c-0fca-2434-b661678d795d"} {"@level":"info","@message":"post-unseal setup starting","@module":"core","@timestamp":"2020-05-05T11:07:13.257565Z"} ```
-
- 13 Apr, 2020 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 10 Apr, 2020 1 commit
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 09 Apr, 2020 3 commits
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 04 Mar, 2020 3 commits
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 02 Mar, 2020 1 commit
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 28 Jan, 2020 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 13 Dec, 2019 1 commit
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 09 Dec, 2019 1 commit
-
-
Yura Shutkin authored
Signed-off-by:
Shutkin Yura <shutkin.yurii@gmail.com>
-
- 19 Sep, 2019 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 17 Sep, 2019 1 commit
-
-
Yura Shutkin authored
-
- 11 Sep, 2019 1 commit
-
-
Yura Shutkin authored
-
- 28 Aug, 2019 1 commit
-
-
Yura Shutkin authored
WIP vault unseal migrate searching for version with possibility of using shamir after transit seal type
-
- 26 Aug, 2019 1 commit
-
-
Yura Shutkin authored
-
- 23 Aug, 2019 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 22 Aug, 2019 1 commit
-
-
Yura Shutkin authored
-
- 29 Mar, 2019 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 28 Mar, 2019 2 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
- 21 Mar, 2019 3 commits
-
-
Yura Shutkin authored
-
Yura Shutkin authored
-
Yura Shutkin authored
-