I hereby claim:
- I am chrishoffman on github.
- I am chrishoffman (https://keybase.io/chrishoffman) on keybase.
- I have a public key ASDK5022wUtNWvCXHQZu3G5M36Y2f_iQv3H3kbLs8Ml8DQo
To claim this, I am signing this object:
#!/bin/bash | |
## Tools required | |
# brew install oath-toolkit qrencode jq | |
# Vault binary in path (1.10+) | |
# This script uses Vault Enterprise but just remove the namespace commands for OSS | |
export VAULT_ADDR=http://127.0.0.1:8200 | |
export VAULT_TOKEN=root |
#!/bin/bash | |
## Tools required | |
# brew install oath-tools qrencode jq | |
# Vault Enterprise binary in the PATH | |
## Vault Server Command (separate terminal) | |
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root | |
export VAULT_ADDR=http://127.0.0.1:8200 |
#!/bin/bash | |
## Tools required | |
# brew install oath-tools qrencode jq | |
# Vault Enterprise binary in the PATH | |
## Vault Server Command (separate terminal) | |
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root | |
export VAULT_ADDR=http://127.0.0.1:8200 |
#!/bin/bash | |
## Tools required | |
# brew install jq | |
# Vault Enterprise binary in the PATH | |
## Vault Server Command (separate terminal) | |
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root | |
export VAULT_ADDR=http://127.0.0.1:8200 |
#!/bin/bash | |
cat > policy1.hcl <<EOF | |
path "secret/data/nemo/dev-master/*" | |
{ | |
capabilities = ["read", "list", "create", "update", "delete"] | |
} | |
EOF | |
cat > policy2.hcl <<EOF |
$ echo "MIIDszCCApugAwIBAgIUcUku1dAcLzWHWzaKCxZLxNRJlnwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzEyMTcxNzM4NDRaFw0xNzEyMTcxODM5MTRaMC8xLTArBgNVBAMTJDg3YjMzMTRlLTUyYjAtNDk4NS05Mzk1LWNkNWI2OGJjMjE5YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7gEhP7JjYPQPU0k9zIpLFzwGhwFJpvmPV+hbaNMQIgej7NlDvnaJyNYAfG6Wg8BQcKzVeSwpXpBNd9bV4qC2UaToc+7npviooPl9NUBYkCcoEQtl12eNEPFOmZD1Xuu8gdGliP+kFRUu67KTqi+R60wM45CVVOUYclvuQNCYHXKWHEupP09tgmFK7pXpoMMqOysyZuwQ3ivmQtVBrWma+Ankn1mqYA6VYqefsSJd6DELfpaDEtBcQ4/k6KA0xtrv+tDsYmtdyvDp2HPtGnY13dTWf/XGTCkMWQHs1gS7NprD6iusuW5ZHY5Me7lIHsoiMGDBeZbjmNrk/lu6Yq5DECAwEAAaOBwjCBvzAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpxZSCF0HJ/cvIpVcgFppYO+ypRDAfBgNVHSMEGDAWgBQRey8jjq240nYnzoqxKHLzHRy9KzBOBgNVHREERzBFgiQ4N2IzMzE0ZS01MmIwLTQ5ODUtOTM5NS1jZDViNjhiYzIxOWGCC2V4YW1wbGUuY29tghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB+IZifHQJ/gT85AePZLIJAcpZQKW1hu1aK8iWh7tD0M8NzrdeFpEhqWFu4CBii2gNjYSqwPZITzesFCZ1ztKCOxYCV |
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"html" | |
"io/ioutil" | |
"log" | |
"net" | |
"net/http" |
# setup pki | |
vault mount pki | |
vault mount-tune -max-lease-ttl=87600h pki | |
vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h | |
# create role | |
vault write pki/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1440h | |
# create certificate and read it | |
vault write -format=json pki/issue/test common_name=test ttl=1440h | \ |
vault mount pki | |
vault mount -path=pki1 pki | |
vault mount -path=pki2 pki | |
vault mount -path=pki3 pki | |
vault mount-tune -max-lease-ttl=87600h pki | |
vault mount-tune -max-lease-ttl=87600h pki1 | |
vault mount-tune -max-lease-ttl=87600h pki2 | |
vault mount-tune -max-lease-ttl=87600h pki3 | |
vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h |
I hereby claim:
To claim this, I am signing this object: