Tim Beyer tbeyer567
tbeyer567
/ gist:d671132ba3e32920a80d878138bfc3e8
Created
January 10, 2022 21:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /var/log/vault/audit.log { | |
| rotate 30 | |
| daily | |
| # Do not execute rotate if the log file is empty. | |
| notifempty | |
| missingok | |
| compress | |
| # Set compress on next rotate cycl to prevent entry loss when performing compression. | |
| delaycompress | |
| postrotate |
tbeyer567
/ ansible-systemd-overrides.txt
Created
November 29, 2021 19:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Create systemd overrides directory | |
| ansible.builtin.file: | |
| path: /etc/systemd/system/vault.service.d | |
| state: directory | |
| owner: root | |
| group: root | |
| mode: '0755' | |
| - name: Create systemd overrides file | |
| ansible.builtin.copy: |
tbeyer567
/ example site.yml
Created
November 29, 2021 17:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hosts: all | |
| become: true | |
| remote_user: | |
| roles: | |
| - ansible-role-vault |
tbeyer567
/ gist:2582fbeb92b54ce02f55f596dd016b06
Last active
October 24, 2021 19:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable userpass auth method | |
| resource "vault_auth_backend" "userpass" { | |
| type = "userpass" | |
| } | |
| resource "vault_generic_endpoint" "admin" { | |
| depends_on = [vault_auth_backend.userpass] | |
| path = "auth/userpass/users/admin" | |
| ignore_absent_fields = true |
tbeyer567
/ eng-kv-policy.hcl
Created
October 21, 2021 20:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "engineering/*" { | |
| capabilities = ["create", "read", "update", "delete", "list" | |
| } | |
| path "support/*" { | |
| capabilities = ["deny"] | |
| } |
tbeyer567
/ eng-kv-policy.hcl
Created
October 21, 2021 20:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "engineering/*" { | |
| capabilities = ["create", "read", "update", "delete", "list"] | |
| } |
NewerOlder