Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Hashicorp Vault Assignment


Day#1: Write a Post on www.Debug.School with the answer following question…


  • What is top 10 use cases of Hashicorp Vault?
  • List of Authentication Methods in Hashicorp Vault
  • 5 Use Case of Approle and Userpass Authentication Methods
  • Top 10 Commands for Hashicorp Vault Learnt Today?

Day#2: Working with Policy and Tokens


What is Policy and Process of creating sample Policy?
What are types of Tokens and use case of it
Top 5 Commands working with tokens
Top 5 Commands working with Policy

Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)
Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
vetrivel
vetrivel
2 years ago

1: Answer
–Vault uses policies to govern the behavior of clients and instrument Role-Based Access Control (RBAC) by specifying access privileges (authorization).
–To create a policy:(Here sample policy name is secrets-mgmt)
vault login
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl

2: Answer
–There are two types of Vault tokens: service token and batch token
–Use cases
A) Token should not be able to create childern token
B) Token should have a limited lifetime and cannot be renewed
C) Scaling process needs token for access

3: Answer
vault login 
vault token create -policy=default -ttl=60m
vault token create -type=batch -policy=default -ttl=30m
vault token lookup $batch_id
vault token renew $batch_id

4: Answer
–Here policy name is secrets-mgmt.hcl
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl
vault policy list 
vault policy read secrets-mgmt
vault write auth/userpass/users/ned token_policies=”secrets-mgmt”

vetrivel
vetrivel
2 years ago

1)Answer:
General Secret Storage
Data Encryption
Identity-Based Access
Key Management
Usability

2)Answer:
>Generic like AppRole, JWT, username & password,etc
>Cloud like Allcloud, AWS, Azure. IBM cloud, Github
>Infra like Kubernates, LDAP, Okta, Radius

3)Answer:
>The most essential feature of AppRole that makes it better than direct token assignment is that the credential is split into a Role ID and a Secret ID, delivered through different channels.
>Further, the Secret ID is delivered to the application only at the expected time of use.
>AppRole auth method is recommended for machines or apps.
>The userpass auth method allows users to authenticate with Vault using a username and password combination.
>The username/password combinations are configured directly to the auth method using the users/ path. This method cannot read usernames and passwords from an external source.

4)Answer:
vault server -help
vault server -dev
vault login -address=”http://127.0.0.1:8200″ $root_token
choco install vault -y
vault auth list
vault path-help auth/userpass/
vault path-help auth/GloboAppRole
vault login -method=userpass username=ned
vault path-help auth/GloboAppRole/login
vault write auth/GloboAppRole/login role_id=$roleId secret_id=$secretId

2
0
Would love your thoughts, please comment.x
()
x