mkdir -p vault/data
Install: refer to https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install
Production deployment: refer to https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-deploy
You could refer to the config.hcl
attached in this repo. It comes with the TLS script.
vault server -config=config.hcl
vault operator init
# check the init_info.txt to see the example output
Run the following command at least 3 times and put different Unseal keys:
vault operator unseal
vault login
# enter root token
https://stackoverflow.com/questions/62699391/how-to-bypass-certificate-errors-using-microsoft-edge
Also check the create_key.sh
.
login to https://127.0.0.1:8200/ui/vault/secrets using root token menu -> Secrets Engines -> Enable new engine -> KV -> Next -> Rename Path -> Enable Engine
Enable github:
vault auth enable github
vault write auth/github/config organization=tradingun
Add key-value:
vault kv put -mount=secret binance apikey=123 apitoken=456
Create default policy token
vault token create -policy=default
To use hvac, you need to at least create a "secret" kv inside the secrets engines menu.
Also for non-root policy users, add the following hcl to ACL policies:
path "secret/*" {
capabilities = ["create", "update", "read", "list"]
}