189
Comment:
|
1366
|
Deletions are marked like this. | Additions are marked like this. |
Line 7: | Line 7: |
== Init vault == * e.g. {{{ vault operator init \ -key-shares=3 \ -key-threshold=2 \ -pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo" \ -root-token-pgp-key="keybase:hashicorp" }}} * or GPG https://www.vaultproject.io/docs/concepts/pgp-gpg-keybase.html * With client connection to server {{{ $ vault operator init -key-shares=9 -key-threshold=3 Unseal Key 1: rjV7Qdc+H9lQLdyzXXGF8hpRYFGbIBiQ/Zr6eoopNuTB Unseal Key 2: CKVNeq8WmwOLAeu7lBmCkfCYvWqQHbyeRCsmBHL1QBAL Unseal Key 3: SiJyjbbbyRP/JY6I6PCmBG0YdO6o1EPhyZ+fMImpaNKH Unseal Key 4: sfu2MKkNkoeI2EA4vO7sOtUbRzYZZrGBxOrEoOHtTo+O Unseal Key 5: 7XFvEXwZjCukP4fKINKt7HFLy0GJ4GMvoSN0AK0dEUHS Unseal Key 6: oqheZQnzmMWLfs8gxAEY5aKbEacT+rSMmV8oegq6Kc9U Unseal Key 7: 4QUI8Iwhu8tvi5TW5VY4PKwZFVG0eUCGanecIVVIohwV Unseal Key 8: XkZgPVCMS7Y95LvdfbtAesZkbxvWHFc47Wj0g2mAmjjq Unseal Key 9: UxhuvjyrDUhmgZYE5YHR5og0fHl0z3/kWKARzTV7inTg Initial Root Token: 417c52cf-863e-0014-330e-fdc834c24d15 }}} * 4QUvault I8Iwhu8tvi5TW5VY4PKwZFVG0eUCGanecIVVIohwV * Check for alive {{{ curl -k https://127.0.0.1:8200/v1/sys/init {"initialized":true} }}} |
AppArmor
- profiles per application, based on file paths
Init vault
e.g.
vault operator init \ -key-shares=3 \ -key-threshold=2 \ -pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo" \ -root-token-pgp-key="keybase:hashicorp"
or GPG https://www.vaultproject.io/docs/concepts/pgp-gpg-keybase.html
With client connection to server
$ vault operator init -key-shares=9 -key-threshold=3 Unseal Key 1: rjV7Qdc+H9lQLdyzXXGF8hpRYFGbIBiQ/Zr6eoopNuTB Unseal Key 2: CKVNeq8WmwOLAeu7lBmCkfCYvWqQHbyeRCsmBHL1QBAL Unseal Key 3: SiJyjbbbyRP/JY6I6PCmBG0YdO6o1EPhyZ+fMImpaNKH Unseal Key 4: sfu2MKkNkoeI2EA4vO7sOtUbRzYZZrGBxOrEoOHtTo+O Unseal Key 5: 7XFvEXwZjCukP4fKINKt7HFLy0GJ4GMvoSN0AK0dEUHS Unseal Key 6: oqheZQnzmMWLfs8gxAEY5aKbEacT+rSMmV8oegq6Kc9U Unseal Key 7: 4QUI8Iwhu8tvi5TW5VY4PKwZFVG0eUCGanecIVVIohwV Unseal Key 8: XkZgPVCMS7Y95LvdfbtAesZkbxvWHFc47Wj0g2mAmjjq Unseal Key 9: UxhuvjyrDUhmgZYE5YHR5og0fHl0z3/kWKARzTV7inTg Initial Root Token: 417c52cf-863e-0014-330e-fdc834c24d15
- 4QUvault I8Iwhu8tvi5TW5VY4PKwZFVG0eUCGanecIVVIohwV
Check for alive
curl -k https://127.0.0.1:8200/v1/sys/init {"initialized":true}
Policies
...