vault_approle_demo $ git clone [email protected]:allthingsclowd/vault_approle.git .
Cloning into '.'...
remote: Counting objects: 56, done.
remote: Compressing objects: 100% (42/42), done.
remote: Total 56 (delta 13), reused 52 (delta 12), pack-reused 0
Receiving objects: 100% (56/56), 11.34 KiB | 829.00 KiB/s, done.
Resolving deltas: 100% (13/13), done.
vault_approle_demo $ vagrant up
Bringing machine 'vault01' up with 'virtualbox' provider...
==> vault01: Importing base box 'allthingscloud/go-counter-demo'...
==> vault01: Matching MAC address for NAT networking...
==> vault01: Checking if box 'allthingscloud/go-counter-demo' is up to date...
==> vault01: Setting the name of the VM: vault_approle_demo_vault01_1532685296100_97372
==> vault01: Clearing any previously set network interfaces...
==> vault01: Preparing network interfaces based on configuration...
vault01: Adapter 1: nat
vault01: Adapter 2: hostonly
==> vault01: Forwarding ports...
vault01: 8500 (guest) => 8500 (host) (adapter 1)
vault01: 8200 (guest) => 8200 (host) (adapter 1)
vault01: 22 (guest) => 2222 (host) (adapter 1)
==> vault01: Running 'pre-boot' VM customizations...
==> vault01: Booting VM...
==> vault01: Waiting for machine to boot. This may take a few minutes...
vault01: SSH address: 127.0.0.1:2222
vault01: SSH username: vagrant
vault01: SSH auth method: private key
vault01:
vault01: Vagrant insecure key detected. Vagrant will automatically replace
vault01: this with a newly generated keypair for better security.
vault01:
vault01: Inserting generated public key within guest...
vault01: Removing insecure key from the guest if it's present...
vault01: Key inserted! Disconnecting and reconnecting using new SSH key...
==> vault01: Machine booted and ready!
==> vault01: Checking for guest additions in VM...
vault01: The guest additions on this VM do not match the installed version of
vault01: VirtualBox! In most cases this is fine, but in rare cases it can
vault01: prevent things such as shared folders from working properly. If you see
vault01: shared folder errors, please make sure the guest additions within the
vault01: virtual machine match the version of VirtualBox you have installed on
vault01: your host and reload your VM.
vault01:
vault01: Guest Additions Version: 5.1.34
vault01: VirtualBox Version: 5.2
==> vault01: Setting hostname...
==> vault01: Configuring and enabling network interfaces...
==> vault01: Mounting shared folders...
vault01: /vagrant => /Users/grazzer/vagrant_workspace/vault_approle_demo
vault01: /usr/local/bootstrap => /Users/grazzer/vagrant_workspace/vault_approle_demo
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-mwew9g.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8;exit}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + LOG=/vagrant/logs/consul_leader01.log
vault01: + mkdir -p /vagrant/logs
vault01: + PKG='wget unzip'
vault01: + which wget unzip
vault01: + '[' -f /usr/local/bin/consul ']'
vault01: + pushd /usr/local/bin
vault01: /usr/local/bin /home/vagrant
vault01: + '[' -f consul_1.2.1_linux_amd64.zip ']'
vault01: + sudo wget https://releases.hashicorp.com/consul/1.2.1/consul_1.2.1_linux_amd64.zip
vault01: --2018-07-27 09:55:17-- https://releases.hashicorp.com/consul/1.2.1/consul_1.2.1_linux_amd64.zip
vault01: Resolving releases.hashicorp.com (releases.hashicorp.com)...
vault01: 151.101.1.183
vault01: ,
vault01: 151.101.65.183
vault01: ,
vault01: 151.101.129.183
vault01: , ...
vault01: Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.1.183|:443...
vault01: connected.
vault01: HTTP request sent, awaiting response...
vault01: 200 OK
vault01: Length:
vault01: 14529496
vault01: (14M)
vault01: [application/zip]
vault01: Saving to: ‘consul_1.2.1_linux_amd64.zip’
vault01:
vault01: 0K
vault01:
vault01: ..........
vault01: ........ 100% 6.15M=2.7s
vault01:
vault01: 2018-07-27 09:55:19 (5.18 MB/s) - ‘consul_1.2.1_linux_amd64.zip’ saved [14529496/14529496]
vault01: + sudo unzip consul_1.2.1_linux_amd64.zip
vault01: Archive: consul_1.2.1_linux_amd64.zip
vault01: inflating: consul
vault01: + sudo chmod +x consul
vault01: + popd
vault01: /home/vagrant
vault01: + AGENT_CONFIG='-config-dir=/etc/consul.d -enable-script-checks=true'
vault01: + sudo mkdir -p /etc/consul.d
vault01: + [[ leader01 =~ leader ]]
vault01: + echo server
vault01: server
vault01: + /usr/local/bin/consul members
vault01: + sleep 5
vault01: + sudo /usr/local/bin/consul agent -server -ui -client=0.0.0.0 -bind=192.168.5.11 -config-dir=/etc/consul.d -enable-script-checks=true -data-dir=/usr/local/consul -bootstrap-expect=1
vault01: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
vault01: bootstrap = true: do not enable unless necessary
vault01: + echo consul started
vault01: consul started
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-1xpre76.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + LOG=/vagrant/logs/vault_leader01.log
vault01: + which /usr/local/bin/vault
vault01: + pushd /usr/local/bin
vault01: /usr/local/bin /home/vagrant
vault01: + '[' -f vault_0.10.3_linux_amd64.zip ']'
vault01: + sudo wget https://releases.hashicorp.com/vault/0.10.3/vault_0.10.3_linux_amd64.zip
vault01: --2018-07-27 09:55:25-- https://releases.hashicorp.com/vault/0.10.3/vault_0.10.3_linux_amd64.zip
vault01: Resolving releases.hashicorp.com (releases.hashicorp.com)...
vault01: 151.101.1.183
vault01: ,
vault01: 151.101.65.183
vault01: ,
vault01: 151.101.129.183
vault01: , ...
vault01: Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.1.183|:443...
vault01: connected.
vault01: HTTP request sent, awaiting response...
vault01: 200 OK
vault01: Length: 21886547 (21M) [application/zip]
vault01: Saving to: ‘vault_0.10.3_linux_amd64.zip’
vault01:
vault01: 0K ..
vault01: ..
vault01: ... 100% 7.04M=4.0s
vault01:
vault01: 2018-07-27 09:55:29 (5.20 MB/s) - ‘vault_0.10.3_linux_amd64.zip’ saved [21886547/21886547]
vault01: + sudo unzip vault_0.10.3_linux_amd64.zip
vault01: Archive: vault_0.10.3_linux_amd64.zip
vault01: inflating: vault
vault01: + sudo chmod +x vault
vault01: + popd
vault01: /home/vagrant
vault01: + sudo killall vault
vault01: + sudo consul kv delete -recurse vault
vault01: Success! Deleted keys with prefix: vault
vault01: + '[' -f /usr/local/bootstrap/.vault-token ']'
vault01: + echo vault started
vault01: vault started
vault01: + sleep 3
vault01: + sudo /usr/local/bin/vault server -dev -dev-listen-address=192.168.5.11:8200 -config=/usr/local/bootstrap/conf/vault.hcl
vault01: + sudo VAULT_ADDR=http://192.168.5.11:8200 vault kv put secret/hello value=world
vault01: K
vault01: e
vault01: y
vault01:
vault01:
vault01:
vault01:
vault01:
vault01: Value
vault01: --- -----
vault01: created_time 2018-07-27T09:55:33.443550616Z
vault01: deletion_time n/a
vault01: destroyed false
vault01: version 1
vault01: + sudo VAULT_ADDR=http://192.168.5.11:8200 vault kv get secret/hello
vault01: =
vault01: =
vault01: =
vault01: =
vault01: =
vault01: =
vault01:
vault01: M
vault01: e
vault01: t
vault01: a
vault01: d
vault01: a
vault01: t
vault01: a
vault01:
vault01: =
vault01: =
vault01: ====
vault01: Key Value
vault01: --- -----
vault01: created_time 2018-07-27T09:55:33.443550616Z
vault01: deletion_time n/a
vault01: destroyed false
vault01: version 1
vault01:
vault01: ==== Data ====
vault01: Key Value
vault01: --- -----
vault01: value world
vault01: + sudo find / -name .vault-token -exec cp '{}' /usr/local/bootstrap/.vault-token ';' -quit
vault01: + sudo chmod ugo+r /usr/local/bootstrap/.vault-token
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-1teeuyr.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + export VAULT_ADDR=http://192.168.5.11:8200
vault01: + VAULT_ADDR=http://192.168.5.11:8200
vault01: + export VAULT_SKIP_VERIFY=true
vault01: + VAULT_SKIP_VERIFY=true
vault01: ++ cat /usr/local/bootstrap/.vault-token
vault01: + VAULT_TOKEN=27a57986-7294-9406-4b0d-768595b4e0ca
vault01: + VAULT_AUDIT_LOG=/vagrant/logs/vault_audit_leader01.log
vault01: + PKG='curl jq'
vault01: + which curl jq
vault01: + export DEBIAN_FRONTEND=noninteractive
vault01: + DEBIAN_FRONTEND=noninteractive
vault01: + apt-get update
vault01: Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
vault01: Get:2 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [529 kB]
vault01: Hit:3 http://us.archive.ubuntu.com/ubuntu xenial InRelease
vault01: Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
vault01: Get:5 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages [466 kB]
vault01: Get:6 http://security.ubuntu.com/ubuntu xenial-security/main Translation-en [226 kB]
vault01: Get:7 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [361 kB]
vault01: Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe i386 Packages [307 kB]
vault01: Get:9 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [135 kB]
vault01: Get:10 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [3,456 B]
vault01: Get:11 http://security.ubuntu.com/ubuntu xenial-security/multiverse i386 Packages [3,628 B]
vault01: Get:12 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
vault01: Get:13 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [819 kB]
vault01: Get:14 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [746 kB]
vault01: Get:15 http://us.archive.ubuntu.com/ubuntu xenial-updates/main Translation-en [337 kB]
vault01: Get:16 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [675 kB]
vault01: Get:17 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [615 kB]
vault01: Get:18 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [272 kB]
vault01: Get:19 http://us.archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [16.4 kB]
vault01: Get:20 http://us.archive.ubuntu.com/ubuntu xenial-updates/multiverse i386 Packages [15.5 kB]
vault01: Get:21 http://us.archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [6,744 B]
vault01: Get:22 http://us.archive.ubuntu.com/ubuntu xenial-backports/main i386 Packages [6,740 B]
vault01: Get:23 http://us.archive.ubuntu.com/ubuntu xenial-backports/main Translation-en [4,180 B]
vault01: Get:24 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [7,420 B]
vault01: Get:25 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 Packages [7,104 B]
vault01: Fetched 5,883 kB in 2s (2,669 kB/s)
vault01: Reading package lists...
vault01: + apt-get install -y curl jq
vault01: Reading package lists...
vault01: Building dependency tree...
vault01: Reading state information...
vault01: The following additional packages will be installed:
vault01: libonig2
vault01: The following NEW packages will be installed:
vault01: curl jq libonig2
vault01: 0 upgraded, 3 newly installed, 0 to remove and 56 not upgraded.
vault01: Need to get 371 kB of archives.
vault01: After this operation, 1,168 kB of additional disk space will be used.
vault01: Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libonig2 amd64 5.9.6-1 [88.1 kB]
vault01: Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 curl amd64 7.47.0-1ubuntu2.8 [139 kB]
vault01: Get:3 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 jq amd64 1.5+dfsg-1 [144 kB]
vault01: Fetched 371 kB in 0s (516 kB/s)
vault01: Selecting previously unselected package libonig2:amd64.
vault01: (Reading database ...
vault01: (Reading database ... 5%
vault01: (Reading database ... 10%
vault01: (Reading database ... 15%
vault01: (Reading database ... 20%
vault01: (Reading database ... 25%
vault01: (Reading database ... 30%
vault01: (Reading database ... 35%
vault01: (Reading database ... 40%
vault01: (Reading database ... 45%
vault01: (Reading database ... 50%
vault01: (Reading database ... 55%
vault01: (Reading database ... 60%
vault01: (Reading database ... 65%
vault01: (Reading database ... 70%
vault01: (Reading database ... 75%
vault01: (Reading database ... 80%
vault01: (Reading database ... 85%
vault01: (Reading database ... 90%
vault01: (Reading database ... 95%
vault01: (Reading database ... 100%
vault01: (Reading database ...
vault01: 97681 files and directories currently installed.)
vault01: Preparing to unpack .../libonig2_5.9.6-1_amd64.deb ...
vault01: Unpacking libonig2:amd64 (5.9.6-1) ...
vault01: Selecting previously unselected package curl.
vault01: Preparing to unpack .../curl_7.47.0-1ubuntu2.8_amd64.deb ...
vault01: Unpacking curl (7.47.0-1ubuntu2.8) ...
vault01: Selecting previously unselected package jq.
vault01: Preparing to unpack .../jq_1.5+dfsg-1_amd64.deb ...
vault01: Unpacking jq (1.5+dfsg-1) ...
vault01: Processing triggers for man-db (2.7.5-1) ...
vault01: Setting up libonig2:amd64 (5.9.6-1) ...
vault01: Setting up curl (7.47.0-1ubuntu2.8) ...
vault01: Setting up jq (1.5+dfsg-1) ...
vault01: Processing triggers for libc-bin (2.23-0ubuntu10) ...
vault01: + tee audit-backend-file.json
vault01: {
vault01: "type": "file",
vault01: "options": {
vault01: "path": "/vagrant/logs/vault_audit_leader01.log"
vault01: }
vault01: }
vault01: + pause 'Enable Audit Backend - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Enable Audit Backend - Press [Enter] key to continue...'
vault01: Enable Audit Backend - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request PUT --data @audit-backend-file.json http://192.168.5.11:8200/v1/sys/audit/file-audit
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 88 0 0 100 88 0 6688 --:--:-- --:--:-- --:--:-- 7333
vault01: + tee goapp-secret-read.json
vault01: {"policy":"path \"secret/data/goapp\" {capabilities = [\"read\", \"list\"]}"}
vault01: + pause 'Create goapp secret policy - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Create goapp secret policy - Press [Enter] key to continue...'
vault01: Create goapp secret policy - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request PUT --data @goapp-secret-read.json http://192.168.5.11:8200/v1/sys/policy/goapp-secret-read
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: Received % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 77 0 0 100 77 0 14285 --:--:-- --:--:-- --:--:-- 15400
vault01: + pause 'List ACL policies - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'List ACL policies - Press [Enter] key to continue...'
vault01: List ACL policies - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request LIST http://192.168.5.11:8200/v1/sys/policy
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 351 100 351 0 0 81212 0 --:--:-- --:--:-- --:--:-- 87750
vault01: {
vault01: "keys": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "policies": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "request_id": "e823636b-6910-de54-66d9-17f053f70b30",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "keys": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ],
vault01: "policies": [
vault01: "default",
vault01: "goapp-secret-read",
vault01: "root"
vault01: ]
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
vault01: + tee approle.json
vault01: {
vault01: "type": "approle",
vault01: "description": "Demo AppRole auth backend"
vault01: }
vault01: + pause 'Enable approle - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Enable approle - Press [Enter] key to continue...'
vault01: Enable approle - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @approle.json http://192.168.5.11:8200/v1/sys/auth/approle
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 66 0 0 100 66 0 10197 --:--:-- --:--:-- --:--:-- 11000
vault01: ++ jq -r .data.role_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' http://192.168.5.11:8200/v1/auth/approle/role/goapp/role-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: ved % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 14 100 14 0 0 2984 0 --:--:-- --:--:-- --:--:-- 3500
vault01: + APPROLEID=null
vault01: + tee goapp-approle-role.json
vault01: {
vault01: "role_name": "goapp",
vault01: "bind_secret_id": true,
vault01: "secret_id_ttl": "10m",
vault01: "secret_id_num_uses": "1",
vault01: "token_ttl": "10m",
vault01: "token_max_ttl": "30m",
vault01: "period": 0,
vault01: "policies": [
vault01: "goapp-secret-read"
vault01: ]
vault01: }
vault01: + '[' null == null ']'
vault01: + pause 'Create approle - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Create approle - Press [Enter] key to continue...'
vault01: Create approle - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @goapp-approle-role.json http://192.168.5.11:8200/v1/auth/approle/role/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: eived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 226 0 0 100 226 0 20340 --:--:-- --:--:-- --:--:-- 22600
vault01: ++ jq -r .data.role_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' http://192.168.5.11:8200/v1/auth/approle/role/goapp/role-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 0
vault01: 0
vault01: 208 100 208 0 0 37189 0 --:--:-- --:--:-- --:--:-- 41600
vault01: + APPROLEID=76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + pause 'Show AppRoleID - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Show AppRoleID - Press [Enter] key to continue...'
vault01: Show AppRoleID - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + echo -e '\n\nApplication RoleID = 76e8a9f8-c775-8b9f-909b-76eca1e88edc\n\n'
vault01:
vault01:
vault01: Application RoleID = 76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + echo 76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: + tee secret_id_config.json
vault01: {
vault01: "metadata": "{ \"tag1\": \"goapp production\" }"
vault01: }
vault01: ++ jq -r .data.secret_id
vault01: ++ curl --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --data @secret_id_config.json http://192.168.5.11:8200/v1/auth/approle/role/goapp/secret-id
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: ived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 322 100 270 100 52 30429 5860 --:--:-- --:--:-- --:--:-- 33750
vault01: + SECRETID=ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + pause 'Show SecretID - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Show SecretID - Press [Enter] key to continue...'
vault01: Show SecretID - Press [Enter] key to continue...
vault01:
vault01:
vault01:
vault01:
vault01: Application SecretID = ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + echo -e '\n'
vault01: + echo -e '\n\nApplication SecretID = ce51920f-3939-edc2-5f40-e7c3d6a726a2\n\n'
vault01: + echo ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + tee demo-secrets.json
vault01: {
vault01: "data": {
vault01: "username": "goapp-user",
vault01: "password": "$up3r$3cr3t!"
vault01: }
vault01: }
vault01: + pause 'Deploy some accessible secrets - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Deploy some accessible secrets - Press [Enter] key to continue...'
vault01: Deploy some accessible secrets - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @demo-secrets.json http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: ceived % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 1
vault01: 00 334 100 256 100 78 25574 7792 --:--:-- --:--:-- --:--:-- 28444
vault01: {
vault01: "request_id": "7ff479ec-6fc9-5e0e-2483-c10a34787c27",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
vault01: + tee demo-secrets.json
vault01: {
vault01: "data": {
vault01: "username": "someother-user",
vault01: "password": "Pa$$W0RD"
vault01: }
vault01: }
vault01: + pause 'Deploy some inaccessible secrets - Press [Enter] key to continue...'
vault01: + echo -e '\n'
vault01: + false
vault01: + echo 'Deploy some inaccessible secrets - Press [Enter] key to continue...'
vault01: Deploy some inaccessible secrets - Press [Enter] key to continue...
vault01: + echo -e '\n'
vault01: + jq .
vault01: + curl --location --header 'X-Vault-Token: 27a57986-7294-9406-4b0d-768595b4e0ca' --request POST --data @demo-secrets.json http://192.168.5.11:8200/v1/secret/data/wrongapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: {
vault01: "request_id": "edd5cadb-8cca-37eb-975c-255d4ff6118a",
vault01: "lease_id": "",
vault01: "renewable": false,
vault01: "lease_duration": 0,
vault01: "data": {
vault01: "created_time": "2018-07-27T09:55:46.123531196Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: },
vault01: "wrap_info": null,
vault01: "warnings": null,
vault01: "auth": null
vault01: }
100 334 100 256 100 78 19860 6051 --:--:-- --:--:-- --:--:-- 21333
==> vault01: Running provisioner: shell...
vault01: Running: /var/folders/lm/nxj5y0qs52xb620c8t793x040000gn/T/vagrant-shell20180727-8585-wuxt5t.sh
vault01: ++ awk '$1 == "192.168.5.0" {print $8}'
vault01: ++ route -n
vault01: + IFACE=enp0s8
vault01: ++ awk '$2 ~ "192.168.5" {print $2}'
vault01: ++ ip addr show enp0s8
vault01: + CIDR=192.168.5.11/24
vault01: + IP=192.168.5.11
vault01: + export VAULT_ADDR=http://192.168.5.11:8200
vault01: + VAULT_ADDR=http://192.168.5.11:8200
vault01: + export VAULT_SKIP_VERIFY=true
vault01: + VAULT_SKIP_VERIFY=true
vault01: ++ cat /vagrant/.approle-id
vault01: + APPROLEID=76e8a9f8-c775-8b9f-909b-76eca1e88edc
vault01: ++ cat /vagrant/.secret-id
vault01: + SECRETID=ce51920f-3939-edc2-5f40-e7c3d6a726a2
vault01: + tee login_approle.json
vault01: {
vault01: "role_id": "76e8a9f8-c775-8b9f-909b-76eca1e88edc",
vault01: "secret_id": "ce51920f-3939-edc2-5f40-e7c3d6a726a2"
vault01: }
vault01: ++ jq -r .auth.client_token
vault01: ++ curl --request POST --data @login_approle.json http://192.168.5.11:8200/v1/auth/approle/login
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: ed % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
100 610 100 503 100 107 29722 6322 --:--:-- --:--:-- --:--:-- 31437
vault01: + APPROLE_TOKEN=6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: + echo 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: + jq -r .data
vault01: + curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01: Received % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 328 100 328 0 0 81067 0 --:--:-- --:--:-- --:--:-- 106k
vault01: {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }
vault01: ++ jq -r .data
vault01: ++ curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/goapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: v
vault01: e
vault01: d
vault01:
vault01: % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
vault01: 100 328 100 328 0 0 88840 0 --:--:-- --:--:-- --:--:-- 106k
vault01: + SECRETS='{
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }'
vault01: ++ jq -r .errors
vault01: ++ curl --header 'X-Vault-Token: 6d754a13-c6cd-e211-8359-9ad6dc08d0cb' http://192.168.5.11:8200/v1/secret/data/wrongapp
vault01:
vault01:
vault01: %
vault01:
vault01: T
vault01: o
vault01: t
vault01: a
vault01: l
vault01:
vault01:
vault01:
vault01:
vault01: %
vault01:
vault01: R
vault01: e
vault01: c
vault01: e
vault01: i
vault01: ved % Xferd Average Speed Time Time Time Current
vault01: Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 33 100 33 0 0 8928 0 --:--:-- --:--:-- --:--:-- 11000
vault01: + DENIED='[
vault01: "permission denied"
vault01: ]'
vault01: + '[' 6d754a13-c6cd-e211-8359-9ad6dc08d0cb '!=' null ']'
vault01: ++ date
vault01: + echo -e '\nAppRoleID 6d754a13-c6cd-e211-8359-9ad6dc08d0cb\n
vault01: Current time Fri Jul 27 09:55:46 UTC 2018\n
vault01: Accessible Secrets /secret/data/goapp \n {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }\n
vault01: Inaccessible Secrets /secret/data/wrongapp \n [
vault01: "permission denied"
vault01: ]\n'
vault01: AppRoleID 6d754a13-c6cd-e211-8359-9ad6dc08d0cb
vault01: Current time Fri Jul 27 09:55:46 UTC 2018
vault01: Accessible Secrets /secret/data/goapp
vault01: {
vault01: "data": {
vault01: "password": "$up3r$3cr3t!",
vault01: "username": "goapp-user"
vault01: },
vault01: "metadata": {
vault01: "created_time": "2018-07-27T09:55:46.101429587Z",
vault01: "deletion_time": "",
vault01: "destroyed": false,
vault01: "version": 1
vault01: }
vault01: }
vault01:
vault01: Inaccessible Secrets /secret/data/wrongapp
vault01: [
vault01: "permission denied"
vault01: ]
Created
July 27, 2018 10:21
-
-
Save allthingsclowd/f9ebd159057fe99e5ec8433460a621af to your computer and use it in GitHub Desktop.
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://github.com/allthingsclowd/vault_approle for repo used