1. 18 Nov, 2020 4 commits
  2. 25 May, 2020 2 commits
  3. 06 May, 2020 2 commits
    • Yura Shutkin's avatar
      Fix indentation of comment · 3983119c
      Yura Shutkin authored
      3983119c
    • Yura Shutkin's avatar
      Add ro on postgres database · 48525ef0
      Yura Shutkin authored
      I still can't figure how to specify pgsql schema in template. I used {{schema}} and {{search_path}} but both seems empty in creation script.
      Tested creation of creds after root creds rotated. Probably I should test new role creation after rotate
      48525ef0
  4. 05 May, 2020 2 commits
    • Yura Shutkin's avatar
      Update config, initial sql script, fix .env.example, add README and Makefile,... · 55df98d3
      Yura Shutkin authored
      Update config, initial sql script, fix .env.example, add README and Makefile, move logging into proto, add capabilities
      
      * Update config so Vault will use specific pgsql schema and and creds with ha_locks table as well
      * Disable proxy_protocol so you can access vault directly without web proxy
      * Specify seal type just for removing annoying warning at vault start
      * Create new db, schema, role and hardening permissions on tables
      * PGSQL data will be stored in docker volume
      * Vault config will be mounted into docker not a directory. Be cause I did not found how prevent Vault init script to change rights on files inside configs directory
      * Makefile and README contains goals and descriptions for guide https://learn.hashicorp.com/vault/secrets-management/sm-dynamic-secrets
      * Payloads is still in WIP status and added for future
      55df98d3
    • Yura Shutkin's avatar
      Add usage of log driver local with also log format json · 8e3440d8
      Yura Shutkin authored
      This will not convert any message of vault logs into JSON, but docker logs will looks like
      ```
      docker logs vault-dev-single_server_1
      ==> Vault server configuration:
      
                           Cgo: disabled
                    Listener 1: tcp (addr: "192.168.9.2:8200", cluster address: "192.168.9.2:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
                     Log Level: trace
                         Mlock: supported: true, enabled: false
                 Recovery Mode: false
                       Storage: file
                       Version: Vault v1.4.0
      
      ==> Vault server started! Log data will stream in below:
      
      {"@level":"info","@message":"proxy environment","@timestamp":"2020-05-05T11:06:51.170431Z","http_proxy":"","https_proxy":"","no_proxy":""}
      {"@level":"warn","@message":"no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set","@timestamp":"2020-05-05T11:06:51.170623Z"}
      {"@level":"debug","@message":"creating LRU cache","@module":"storage.cache","@timestamp":"2020-05-05T11:06:51.170692Z","size":0}
      {"@level":"debug","@message":"cluster listener addresses synthesized","@timestamp":"2020-05-05T11:06:51.170961Z","cluster_addresses":[{"IP":"192.168.9.2","Port":8201,"Zone":""}]}
      {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418896Z"}
      {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:06:53.418921Z"}
      {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.208017Z"}
      {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.698744Z"}
      {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:01.699490Z"}
      {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739158Z"}
      {"@level":"info","@message":"seal configuration missing, not initialized","@module":"core","@timestamp":"2020-05-05T11:07:11.739826Z"}
      {"@level":"error","@message":"no seal config found, can't determine if legacy or new-style shamir","@module":"core","@timestamp":"2020-05-05T11:07:13.256253Z"}
      {"@level":"info","@message":"security barrier not initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256341Z"}
      {"@level":"info","@message":"security barrier initialized","@module":"core","@timestamp":"2020-05-05T11:07:13.256895Z","shares":1,"stored":1,"threshold":1}
      {"@level":"debug","@message":"cluster name not found/set, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257347Z"}
      {"@level":"debug","@message":"cluster name set","@module":"core","@timestamp":"2020-05-05T11:07:13.257371Z","name":"vault-cluster-dea037e7"}
      {"@level":"debug","@message":"cluster ID not found, generating new","@module":"core","@timestamp":"2020-05-05T11:07:13.257381Z"}
      {"@level":"debug","@message":"cluster ID set","@module":"core","@timestamp":"2020-05-05T11:07:13.257397Z","id":"fb33ef93-761c-0fca-2434-b661678d795d"}
      {"@level":"info","@message":"post-unseal setup starting","@module":"core","@timestamp":"2020-05-05T11:07:13.257565Z"}
      ```
      8e3440d8
  5. 13 Apr, 2020 2 commits
  6. 10 Apr, 2020 1 commit
  7. 09 Apr, 2020 3 commits
  8. 04 Mar, 2020 3 commits
  9. 02 Mar, 2020 1 commit
  10. 28 Jan, 2020 2 commits
  11. 13 Dec, 2019 1 commit
  12. 09 Dec, 2019 1 commit
  13. 19 Sep, 2019 2 commits
  14. 17 Sep, 2019 1 commit
  15. 11 Sep, 2019 1 commit
  16. 28 Aug, 2019 1 commit
  17. 26 Aug, 2019 1 commit
  18. 23 Aug, 2019 2 commits
  19. 22 Aug, 2019 1 commit
  20. 29 Mar, 2019 2 commits
  21. 28 Mar, 2019 2 commits
  22. 21 Mar, 2019 3 commits