Skip to content
Snippets Groups Projects
Select Git revision
0 result
Search by author
  • Any Author
0 authors
  1. Aug 18, 2023
  3. Aug 15, 2023
  5. Aug 14, 2023
  7. Nov 17, 2020
  9. May 25, 2020
  11. May 05, 2020
    • Yura Shutkin's avatar
      Fix indentation of comment · 3983119c
      Yura Shutkin authored
      3983119c
    • Yura Shutkin's avatar
      Add ro on postgres database · 48525ef0
      Yura Shutkin authored 
      I still can't figure how to specify pgsql schema in template. I used {{schema}} and {{search_path}} but both seems empty in creation script.
Tested creation of creds after root creds rotated. Probably I should test new role creation after rotate
      48525ef0
    • Yura Shutkin's avatar
      Update config, initial sql script, fix .env.example, add README and Makefile,... · 55df98d3
      Yura Shutkin authored 
      Update config, initial sql script, fix .env.example, add README and Makefile, move logging into proto, add capabilities

* Update config so Vault will use specific pgsql schema and and creds with ha_locks table as well
* Disable proxy_protocol so you can access vault directly without web proxy
* Specify seal type just for removing annoying warning at vault start
* Create new db, schema, role and hardening permissions on tables
* PGSQL data will be stored in docker volume
* Vault config will be mounted into docker not a directory. Be cause I did not found how prevent Vault init script to change rights on files inside configs directory
* Makefile and README contains goals and descriptions for guide https://learn.hashicorp.com/vault/secrets-management/sm-dynamic-secrets
* Payloads is still in WIP status and added for future
      55df98d3
    • Yura Shutkin's avatar
      Add usage of log driver local with also log format json · 8e3440d8
      Yura Shutkin authored 
      This will not convert any message of vault logs into JSON, but docker logs will looks like
```
docker logs vault-dev-single_server_1
==> Vault server configuration:

                     Cgo: disabled
              Listener 1: tcp (addr: "192.168.9.2:8200", cluster address: "192.168.9.2:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: trace
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: file
                 Version: Vault v1.4.0

==> Vault server started! Log data will stream in below:

{"@level":"info","@message":"proxy environment","@timestamp":"2020-05-05T11:06:51.170431Z","http_proxy":"","https_proxy":"","no_proxy":""}
{"@level":"warn","@message":"no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set","@timestamp":"2020-05-05T11:06:5...
      8e3440d8
  13. Apr 13, 2020
  15. Apr 10, 2020
  17. Apr 09, 2020
  19. Apr 08, 2020
  21. Mar 04, 2020
  23. Mar 02, 2020
  25. Jan 28, 2020
  27. Dec 13, 2019
  29. Dec 09, 2019
  31. Sep 19, 2019
  33. Sep 17, 2019
  35. Sep 11, 2019
  37. Aug 28, 2019
  39. Aug 26, 2019
  41. Aug 23, 2019
  43. Aug 22, 2019
  45. Mar 29, 2019