Day#1: Write a Post on www.Debug.School with the answer following question…
- What is top 10 use cases of Hashicorp Vault?
- List of Authentication Methods in Hashicorp Vault
- 5 Use Case of Approle and Userpass Authentication Methods
- Top 10 Commands for Hashicorp Vault Learnt Today?
Day#2: Working with Policy and Tokens
What is Policy and Process of creating sample Policy?
What are types of Tokens and use case of it
Top 5 Commands working with tokens
Top 5 Commands working with Policy
Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG
Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
Latest posts by Rajesh Kumar (see all)
- What is Mobile Virtual Network Operator? - April 18, 2024
- What is Solr? - April 17, 2024
- Difference between UBUNTU and UBUNTU PRO - April 17, 2024
1: Answer
–Vault uses policies to govern the behavior of clients and instrument Role-Based Access Control (RBAC) by specifying access privileges (authorization).
–To create a policy:(Here sample policy name is secrets-mgmt)
vault login
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl
2: Answer
–There are two types of Vault tokens: service token and batch token
–Use cases
A) Token should not be able to create childern token
B) Token should have a limited lifetime and cannot be renewed
C) Scaling process needs token for access
3: Answer
vault login
vault token create -policy=default -ttl=60m
vault token create -type=batch -policy=default -ttl=30m
vault token lookup $batch_id
vault token renew $batch_id
4: Answer
–Here policy name is secrets-mgmt.hcl
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl
vault policy list
vault policy read secrets-mgmt
vault write auth/userpass/users/ned token_policies=”secrets-mgmt”
1)Answer:
General Secret Storage
Data Encryption
Identity-Based Access
Key Management
Usability
2)Answer:
>Generic like AppRole, JWT, username & password,etc
>Cloud like Allcloud, AWS, Azure. IBM cloud, Github
>Infra like Kubernates, LDAP, Okta, Radius
3)Answer:
>The most essential feature of AppRole that makes it better than direct token assignment is that the credential is split into a Role ID and a Secret ID, delivered through different channels.
>Further, the Secret ID is delivered to the application only at the expected time of use.
>AppRole auth method is recommended for machines or apps.
>The userpass auth method allows users to authenticate with Vault using a username and password combination.
>The username/password combinations are configured directly to the auth method using the users/ path. This method cannot read usernames and passwords from an external source.
4)Answer:
vault server -help
vault server -dev
vault login -address=”http://127.0.0.1:8200″ $root_token
choco install vault -y
vault auth list
vault path-help auth/userpass/
vault path-help auth/GloboAppRole
vault login -method=userpass username=ned
vault path-help auth/GloboAppRole/login
vault write auth/GloboAppRole/login role_id=$roleId secret_id=$secretId