Starting: 1st of Every Month 
+91 8409492687 
Contact@DevOpsSchool.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First of all we are going to start Vault in development mode | |
| vault server -dev | |
| # Now set your Vault address environment variable | |
| export VAULT_ADDR=http://127.0.0.1:8200 | |
| # And log into Vault using the root token | |
| vault login | |
| # First let's see what auth methods are avilable now | |
| vault auth list | |
| # Cool, now let's enable our first auth method using userpass | |
| vault auth enable userpass | |
| vault auth enable approle | |
| # And we'll also enable AppRole, but we'll do it using the UI | |
| # Open your browser to http://127.0.0.1:8200 | |
| # We are going to mount it at the path GloboAppRole | |
| # Now let's check the list of auth methods again | |
| vault auth list | |
| # Oh no! We forgot to add descriptions! Better take care of that | |
| vault auth tune -description="Globomantics Userpass" userpass/ | |
| vault auth tune -description="Globomantics AppRole" approle/ | |
| vault auth list | |
| # Much better! Now we can configure our two auth methods in step 2 |
by
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We need to create a user in Userpass so we can log in | |
| # But how do we do that? | |
| # path-help to the rescue | |
| vault path-help auth/userpass/ | |
| # Looks like we do that through the users path | |
| vault path-help auth/userpass/users | |
| vault path-help auth/userpass/users/something | |
| # Let's write some data to create a new user | |
| vault write auth/userpass/users/ned password=tacos | |
| # We can also add a user through the UI | |
| # We will add Amy who loves burritos | |
| # Now we need to do a little config on the AppRole too | |
| vault path-help auth/GloboAppRole | |
| # Looks like we need to configure a role | |
| vault path-help auth/GloboAppRole/role/something | |
| # Okay armed with that we can create a new role for a web app | |
| vault write auth/GloboAppRole/role/webapp role_name="webapp" secret_id_num_uses=1 secret_id_ttl=2h | |
| vault write auth/approle/role/webapp role_name="webapp" secret_id_num_uses=1 secret_id_ttl=2h | |
| # Sweet! We have configured our two auth methods. Next step is to actually use them! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Let's try logging in with our username and password first | |
| vault login -method=userpass username=ned | |
| # We can do the same in the Web UI | |
| # Next let's log in with our AppRole method | |
| # We're going to need to log back in with our root token first | |
| vault login | |
| # Alright now what do we need to log in with AppRole? | |
| vault path-help auth/GloboAppRole/login | |
| vault path-help auth/approle/login | |
| # Okay, so we need the role_id and secret_id | |
| # Let's get the role_id first | |
| vault read auth/GloboAppRole/role/webapp/role-id | |
| vault read auth/approle/role/webapp/role-id | |
| roleId=ROLEID | |
| roleId=6b8923d2-9ea9-3bc1-bc9e-edc590ecc39d | |
| # Now let's get the secret_id, since we're generating data we | |
| # need to use the write command instead | |
| vault write -force auth/approle/role/webapp/secret-id | |
| secretId=SECRETID | |
| secretId=e0649aec-69c6-d676-489b-befb4347fcfa | |
| # And now we can log in! This also uses the write command | |
| vault write auth/GloboAppRole/login role_id=$roleId secret_id=$secretId | |
| vault write auth/approle/login role_id=$roleId secret_id=$secretId | |
| # Sweet, now we could use that token in future requests | |
| # Lastly, let's try logging in using the API with AppRole instead | |
| curl --request POST \ | |
| --data "{\"role_id\": \"$roleId\",\"secret_id\": \"$secretId\"}" \ | |
| $VAULT_ADDR/v1/auth/GloboAppRole/login | jq | |
| curl --request POST \ | |
| --data "{\"role_id\": \"$roleId\",\"secret_id\": \"$secretId\"}" \ | |
| $VAULT_ADDR/v1/auth/approle/login | jq | |
| CMD | |
| UI | |
| curl | |
| CODE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Last up, we are going to retire the AppRole for the moment | |
| vault auth disable GloboAppRole/ | |
| vault auth disable approle/ | |
| # Let's confirm that we were successful | |
| vault auth list |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
