Starting: 1st of Every Month 
+91 8409492687 
Contact@DevOpsSchool.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First of all we are going to start Vault in development mode | |
| vault server -dev | |
| # Now set your Vault address environment variable | |
| export VAULT_ADDR=http://127.0.0.1:8200 | |
| # Set the root token variable | |
| root_token=ROOT_TOKEN_VALUE | |
| # And log into Vault using the root token | |
| vault login $root_token | |
| # Re-enable consul secrets engine | |
| vault secrets enable consul | |
| # Get consul up and running | |
| # Create a data subdirectory in m8 | |
| mkdir data | |
| # Launch consul server instance | |
| consul agent -bootstrap -config-file="consul-config.hcl" -bind="127.0.0.1" | |
| # From a separate terminal window run the following | |
| consul acl bootstrap | |
| # Set CONSUL_HTTP_TOKEN to SecretID | |
| # Linux and MacOS | |
| export CONSUL_HTTP_TOKEN=SECRETID_VALUE | |
| # Next we have to create a policy and role for new tokens | |
| # that Vault will generate on Consul | |
| consul acl policy create -name=web -rules @web-policy.hcl | |
| # Now we'll configure out Consul secrets engine | |
| vault write consul/config/access address="http://127.0.0.1:8500" token=$CONSUL_HTTP_TOKEN | |
| vault write consul/roles/web name=web policies=web ttl=3600 max_ttl=7200 | |
| # And finally generate a bunch of leases to work with | |
| vault read consul/creds/web | |
| # Let's renew one of the leases for 30 minutes | |
| vault lease renew -increment=30m LEASE_ID | |
| vault lease renew -increment=30m consul/creds/web/neZNeIkXoxLdFLDZ5n9FTy3z | |
| # Now get the properties of the lease | |
| vault write sys/leases/lookup lease_id=LEASE_ID | |
| vault write sys/leases/lookup lease_id=consul/creds/web/neZNeIkXoxLdFLDZ5n9FTy3z | |
| # What if we exceed the lease max ttl? | |
| vault lease renew -increment=120m consul/creds/web/neZNeIkXoxLdFLDZ5n9FTy3z | |
| # Now we can try and revoke one of the leases | |
| # First we'll get a list of active leases | |
| vault list sys/leases/lookup/consul/creds/web/ | |
| # Now revoke the lease | |
| vault lease revoke LEASE_ID | |
| vault lease revoke consul/creds/web/neZNeIkXoxLdFLDZ5n9FTy3z | |
| # Confirm our lease is gone | |
| # What if we want to revoke all of them? Prefix time | |
| vault lease revoke -prefix consul/creds/web/ | |
| # Confirm that all the leases are gone | |
| vault list sys/leases/lookup/consul/creds/web/ |
by
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## server.hcl | |
| ui = true | |
| server = true | |
| bootstrap_expect = 1 | |
| datacenter = "dc1" | |
| data_dir = "./data" | |
| acl = { | |
| enabled = true | |
| default_policy = "deny" | |
| enable_token_persistence = true | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| service "web" { | |
| policy = "read" | |
| } |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
