摘要:官方?jīng)]有提供圖形界面功能���,比較了幾個開源的圖形界面之后�,覺得的功能相對完善。
vault官方?jīng)]有提供圖形界面功能��,比較了幾個開源的圖形界面之后���,覺得goldfish的功能相對完善�。
goldfish部署
sudo mkdir /opt/goldfish && sudo chown `whoami:whoami`
git clone https://github.com/Caiyeon/goldfish.git
cd goldfish
#生成前端文件
bash build.sh
mv frontend /opt/goldfish/
#生成goldfish后端文件
go get github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish
go build
mv goldfish /usr/local/bin/
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which goldfish))
# 生成配置文件
cat << EOF > config.hcl
listener "tcp" {
address = "0.0.0.0:8000"
# 啟用https
tls_disable = 0
tls_cert_file = "ca/goldfish-server.crt"
tls_key_file = "ca/goldfish-server.key"
}
vault {
address = "https://vault:8200"
approle_id = "goldfish"
# vault的ca根證書
ca_cert = "ca/ca.crt"
}
EOF
## 啟動goldfish
goldfish -config=./config.hcl
# 訪問goldfish
# https://goldfish:8000
goldfish 初始化
因為goldfish是利用approle來對vault進行訪問���,所以需要在vault里面對goldfish進行配置
#啟用approle認證
vault auth-enable approle
# 為goldfish創(chuàng)建策略
vault policy-write goldfish goldfish/vagrant/policies/goldfish.hcl
# 創(chuàng)建approle角色并關(guān)聯(lián)策略
vault write auth/approle/role/goldfish role_name=goldfish policies=default,goldfish
secret_id_num_uses=1 secret_id_ttl=5m period=24h token_ttl=0 token_max_ttl=0
vault write auth/approle/role/goldfish/role-id role_id=goldfish
vault write secret/goldfish DefaultSecretPath="secret/" UserTransitKey="goldfish" BulletinPath="secret/bulletins/"
#生成密碼啟封goldfish
vault write -f -wrap-ttl=5m auth/approle/role/goldfish/secret-id
開始使用吧����!
文章版權(quán)歸作者所有���,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除�。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/11330.html
