export VAULT_ADDR="http://127.0.0.1:8200"
vault status
vault init
vault init -key-shares=10 -key-threshold=2 > vault-storage.txt
vault unseal
vault auth <root-key>
vault write secret/devops/foo value=bar
vault write secret/devops/string value="this is a string"
vault write secret/devops/db/users.json @examples/test.json
vault read secret/devops/foo
vault read secret/devops/string
vault read secret/devops/db/users.json
sudo su -
cd /var/lib/docker/volumes/vault_data_vault/_data/logical/eb896d73-11d0-ad2b-5d5a-26bd363510a5/devops
## read/write with curl
curl -s -H "X-Vault-Token:<token>" -XPOST -d '{"value": "api post"}' http://127.0.0.1:8022/v1/secret/devops/api_foo
curl -s -H "X-Vault-Token:<token>" -XGET http://127.0.0.1:8200/v1/secret/db/users.json
curl -s -H "X-Vault-Token:<token>" -XGET http://127.0.0.1:8200/v1/secret/db/users.json | jq -r ".data"
curl -s -H "X-Vault-Token:<token>" -XGET http://127.0.0.1:8200/v1/secret/db/users.json | jq -r ".data.db_user"
vault policies
vault policy-write sysadmins policies/sysadmins.hcl
vault policy-write devs policies/developers.hcl
vault token-create -policy="sysadmins"
vault auth <sysadmin_token>
vault token-create -policy="devs"
vault auth <devs_token>
vault token-create -policy="sysadmins" # error, el token de devs no tiene permisos para crear tokens
vault token-create -policy="devs" # error. same above
vault write secret/dev-foo value="dev's foo" # error, auth como dev no puedo escribir ahí
vault write secret/devs/dev-foo value="dev's foo"
vault read secret/devs/dev-foo
vault auth <sysadmin_token>
path "secret/devops/*" {
capabilities = [ "deny" ]
}
vault policy-write devs policies/developers.hcl
vault auth <devs_token>
vault list secret
vault list secret/devops
vault auth <root_token>
vault mount aws
vault write aws/config/root access_key=ACCESS secret_key=SECRET region=us-east-1
vault write aws/roles/deploy policy=@policies/aws.json
vault read aws/creds/deploy
