Created
November 4, 2021 19:56
-
-
Save mikegreen/968a0b9f6f00943b4864fce5285ecd55 to your computer and use it in GitHub Desktop.
Read Vault PKI config and tune
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ vault secrets list --detailed | |
| Path Plugin Accessor Default TTL Max TTL Force No Cache Replication Seal Wrap External Entropy Access Options Description UUID | |
| ---- ------ -------- ----------- ------- -------------- ----------- --------- ----------------------- ------- ----------- ---- | |
| cubbyhole/ cubbyhole cubbyhole_fcbf5e6d n/a n/a false local false false map[] per-token private secret storage 11a09df9-8ef6-bf26-2cc1-d4c6424c4780 | |
| database/ database database_c7158e73 system system false replicated false false map[] n/a b5043a27-2dae-5725-0bb2-6d5507059c14 | |
| foo-ttl/ aws aws_543cd76b system system false replicated false false map[] n/a 0c98d12a-1829-8b54-cf33-bd7540afc6db | |
| identity/ identity identity_05c3ab60 system system false replicated false false map[] identity store ef8f38b4-a755-fb10-1266-3ad434ecb7ea | |
| kv/ kv kv_70ff18d1 system system false replicated false false map[] n/a 05cbc341-4f92-6ac5-2129-98047174338d | |
| kv1234/ kv kv_d9818238 system system false replicated false false map[version:2] n/a 1eab9cc1-3ccd-f83a-df8d-ffdc39953034 | |
| pki-agent/ pki pki_4bdf3f62 system system false replicated false false map[] n/a df217689-bdef-a750-d216-2558d77080c1 | |
| pki-benchmarking/ pki pki_bc00ae63 system system false replicated false false map[default_lease_ttl_seconds:3600 max_lease_ttl_seconds:86400] Mount PKI at its own path as not to break anything existing 5c92c1d5-7377-e346-17e1-3ba11d73c4d1 | |
| $ vault list pki-benchmarking/roles | |
| Keys | |
| ---- | |
| example_pki | |
| $ vault read pki-benchmarking/roles/example_pki | |
| Key Value | |
| --- ----- | |
| allow_any_name false | |
| allow_bare_domains false | |
| allow_glob_domains false | |
| allow_ip_sans true | |
| allow_localhost true | |
| allow_subdomains true | |
| allow_token_displayname false | |
| allowed_domains [example.com my.domain] | |
| allowed_domains_template false | |
| allowed_other_sans [] | |
| allowed_serial_numbers [] | |
| allowed_uri_sans [] | |
| basic_constraints_valid_for_non_ca false | |
| client_flag true | |
| code_signing_flag false | |
| country [] | |
| email_protection_flag false | |
| enforce_hostnames true | |
| ext_key_usage [] | |
| ext_key_usage_oids [] | |
| generate_lease false | |
| key_bits 4096 | |
| key_type rsa | |
| key_usage [DigitalSignature KeyAgreement KeyEncipherment] | |
| locality [] | |
| max_ttl 0s | |
| no_store false | |
| not_before_duration 0s | |
| organization [] | |
| ou [] | |
| policy_identifiers [] | |
| postal_code [] | |
| province [] | |
| require_cn true | |
| server_flag true | |
| street_address [] | |
| ttl 3m | |
| use_csr_common_name true | |
| use_csr_sans true | |
| $ vault read sys/mounts/pki-benchmarking/tune | |
| Key Value | |
| --- ----- | |
| audit_non_hmac_request_keys [common_name] | |
| default_lease_ttl 8h | |
| description Mount PKI at its own path as not to break anything existing | |
| force_no_cache false | |
| max_lease_ttl 24h | |
| options map[default_lease_ttl_seconds:3600 max_lease_ttl_seconds:86400] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment