greenbrian

Take a consul snapshot:

consul snapshot save backup.snap

Verify consul snapshot:

consul snapshot inspect backup.snap

Stop Consul

systemctl stop consul.service

Stop Vault

greenbrian

Keybase proof

I hereby claim:

• I am greenbrian on github.
• I am greenbrian (https://keybase.io/greenbrian) on keybase.
• I have a public key ASDl2gMhvJmCjOwTsNKisOwCfyShHs3M3sBo8rvM3_kcGgo

To claim this, I am signing this object:

greenbrian

#!/bin/bash

## The following command starts Vault in development mode
## specifiying a root token value of 'root'
##
# VAULT_UI=true vault server -dev -dev-root-token-id="root"

## Login with root token
## Good for demo mode, should only be used on production cluster
## during initial configuration

greenbrian

#!/bin/bash

# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200

# login as root - DO NOT DO THIS IN PRODUCTION
vault login root

# write some secrets
vault kv put secret/test color=blue number=eleventeen

greenbrian

#!/usr/bin/env bash

if [ -f /mnt/ramdisk/token ]; then
  exec env VAULT_TOKEN=$(vault unwrap -field=token $(jq -r '.token' /mnt/ramdisk/token)) \
    /usr/local/bin/nomad agent \
      -config=/etc/nomad.d \
      -vault-tls-skip-verify=true
else
  echo "Nomad service failed due to missing Vault token"
  exit 1

greenbrian

# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"

# write some secrets for our example usage
curl --request POST \
     --silent \
     --header "X-Vault-Token: password" \
     --header "Content-Type: application/json" \
     --data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
     http://127.0.0.1:8200/v1/secret/data/dev | jq '.'

greenbrian

There are many methods for writing Vault policies. 

This gist was created to collect the most common methods 
such that they can be easily used as references for syntax, 
as well as evaluation for which method suits a particular purpose.

TODO:

- Add complex policy examples
- Add @json.file examples

greenbrian

---

- hosts: all
  roles:
  
    - role: foo
      param1: '{{ foo }}'
      param2: '{{ some_var1 + "/" + some_var2 }}'
      when: ansible_os_family == 'RedHat'
      

greenbrian

---
- name: do stuff only if first member in a group
  command: echo "hello"
  when: groups.some_group[0] == inventory_hostname

greenbrian

// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console