Unseal Vault | www.it-asanger.de

title: “Unseal Vault”
date: 2020-02-15T19:02:02
slug: unseal-vault

https://www.vaultproject.io/intro/getting-started/

$ vault operator init

Unseal Key 1: 4jYbl2CBIv6SpkKj6Hos9iD32k5RfGkLzlosrrq/JgOm
Unseal Key 2: B05G1DRtfYckFV5BbdBvXq0wkK5HFqB9g2jcDmNfTQiS
Unseal Key 3: Arig0N9rN9ezkTRo7qTB7gsIZDaonOcc53EHo83F5chA
Unseal Key 4: 0cZE0C/gEk3YHaKjIWxhyyfs8REhqkRW/CSXTnmTilv+
Unseal Key 5: fYhZOseRgzxmJCmIqUdxEm9C3jB5Q27AowER9w4FC2Ck

Initial Root Token: s.KkNJYWF5g0pomcCLEmDdOVCW

Vault initialized with 5 key shares and a key threshold of 3. Please securely
distribute the key shares printed above. When the Vault is re-sealed,
restarted, or stopped, you must supply at least 3 of these keys to unseal it
before it can start servicing requests.

Vault does not store the generated master key. Without at least 3 key to
reconstruct the master key, Vault will remain permanently sealed!

It is possible to generate new unseal keys, provided you have a quorum of
existing unseal keys shares. See "vault operator rekey" for more information.

vault operator unseal
vault operator unseal
vault operator unseal

export VAULT\_ADDR='https://127.0.0.1:8200'
vault login

vault secrets enable -path="vw-rv-cod" kv # kv = type of key-value
vault secrets list
vault kv put vw-rv-cod/k8s/apps/hgw db\_pass=asvkjfdsfhjisvh
# Alle Passwörter unter dem Pfad vw-rv-cod/k8s/apps/hgw
vault kv get vw-rv-cod/k8s/apps/hgw
vault kv get -field=db\_pass vw-rv-cod/k8s/apps/hgw
# Ausgabe im json Format
vault kv get -format=json vw-rv-cod/k8s/apps/hgw
# Anschließend Json decoded
vault kv get -format=json vw-rv-cod/k8s/apps/hgw | jq -r .data.data.db\_pass
# Zwei Passwort Einträge
vault kv put vw-rv-cod/k8s/apps/hgw db\_user=asvkjfdsfhj db\_pass=asvkjfdsfhjisvh
# Passwort löschen
vault kv delete vw-rv-cod/k8s/apps/hgw

Policy

vault policy list

# Create Policy File
cat <<EOF > my-policy.hcl
path "vw-rv-cod/\*" {
 capabilities = ["read"]
}
EOF

# Check Syntax of policy file
vault policy fmt my-policy.hcl

# Write Policy
vault policy write my-policy my-policy.hcl
# Show Policy
vault policy read my-policy

# Create a User Token for the policy
vault token create -policy=my-policy

# Login with the created Token
vault login s.FyivwzB9Z4ZYRseD7hwQxNsd

Generate Password

< /dev/urandom tr -dc \_A-Z-a-z-0-9 | head -c${1:-32};echo;

Read Secret via Curl

curl \
 -H "X-Vault-Token: f3b09679-3001-009d-2b80-9c306ab81aa6" \
 -X GET \
 http://127.0.0.1:8200/v1/secret/foo