Day#1: Write a Post on www.Debug.School with the answer following question…
- What is top 10 use cases of Hashicorp Vault?
- List of Authentication Methods in Hashicorp Vault
- 5 Use Case of Approle and Userpass Authentication Methods
- Top 10 Commands for Hashicorp Vault Learnt Today?
Day#2: Working with Policy and Tokens
What is Policy and Process of creating sample Policy?
What are types of Tokens and use case of it
Top 5 Commands working with tokens
Top 5 Commands working with Policy
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals
1: Answer
–Vault uses policies to govern the behavior of clients and instrument Role-Based Access Control (RBAC) by specifying access privileges (authorization).
–To create a policy:(Here sample policy name is secrets-mgmt)
vault login
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl
2: Answer
–There are two types of Vault tokens: service token and batch token
–Use cases
A) Token should not be able to create childern token
B) Token should have a limited lifetime and cannot be renewed
C) Scaling process needs token for access
3: Answer
vault login
vault token create -policy=default -ttl=60m
vault token create -type=batch -policy=default -ttl=30m
vault token lookup $batch_id
vault token renew $batch_id
4: Answer
–Here policy name is secrets-mgmt.hcl
vi secrets-mgmt.hcl
vault policy write secrets-mgmt secrets-mgmt.hcl
vault policy list
vault policy read secrets-mgmt
vault write auth/userpass/users/ned token_policies=”secrets-mgmt”
1)Answer:
General Secret Storage
Data Encryption
Identity-Based Access
Key Management
Usability
2)Answer:
>Generic like AppRole, JWT, username & password,etc
>Cloud like Allcloud, AWS, Azure. IBM cloud, Github
>Infra like Kubernates, LDAP, Okta, Radius
3)Answer:
>The most essential feature of AppRole that makes it better than direct token assignment is that the credential is split into a Role ID and a Secret ID, delivered through different channels.
>Further, the Secret ID is delivered to the application only at the expected time of use.
>AppRole auth method is recommended for machines or apps.
>The userpass auth method allows users to authenticate with Vault using a username and password combination.
>The username/password combinations are configured directly to the auth method using the users/ path. This method cannot read usernames and passwords from an external source.
4)Answer:
vault server -help
vault server -dev
vault login -address=”http://127.0.0.1:8200″ $root_token
choco install vault -y
vault auth list
vault path-help auth/userpass/
vault path-help auth/GloboAppRole
vault login -method=userpass username=ned
vault path-help auth/GloboAppRole/login
vault write auth/GloboAppRole/login role_id=$roleId secret_id=$secretId