摘要:官方?jīng)]有提供圖形界面功能�,比較了幾個(gè)開(kāi)源的圖形界面之后�,覺(jué)得的功能相對(duì)完善。
vault官方?jīng)]有提供圖形界面功能��,比較了幾個(gè)開(kāi)源的圖形界面之后�����,覺(jué)得goldfish的功能相對(duì)完善�����。
goldfish部署
sudo mkdir /opt/goldfish && sudo chown `whoami:whoami`
git clone https://github.com/Caiyeon/goldfish.git
cd goldfish
#生成前端文件
bash build.sh
mv frontend /opt/goldfish/
#生成goldfish后端文件
go get github.com/caiyeon/goldfish
cd $GOPATH/src/github.com/caiyeon/goldfish
go build
mv goldfish /usr/local/bin/
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which goldfish))
# 生成配置文件
cat << EOF > config.hcl
listener "tcp" {
address = "0.0.0.0:8000"
# 啟用https
tls_disable = 0
tls_cert_file = "ca/goldfish-server.crt"
tls_key_file = "ca/goldfish-server.key"
}
vault {
address = "https://vault:8200"
approle_id = "goldfish"
# vault的ca根證書(shū)
ca_cert = "ca/ca.crt"
}
EOF
## 啟動(dòng)goldfish
goldfish -config=./config.hcl
# 訪問(wèn)goldfish
# https://goldfish:8000
goldfish 初始化
因?yàn)間oldfish是利用approle來(lái)對(duì)vault進(jìn)行訪問(wèn),所以需要在vault里面對(duì)goldfish進(jìn)行配置
#啟用approle認(rèn)證
vault auth-enable approle
# 為goldfish創(chuàng)建策略
vault policy-write goldfish goldfish/vagrant/policies/goldfish.hcl
# 創(chuàng)建approle角色并關(guān)聯(lián)策略
vault write auth/approle/role/goldfish role_name=goldfish policies=default,goldfish
secret_id_num_uses=1 secret_id_ttl=5m period=24h token_ttl=0 token_max_ttl=0
vault write auth/approle/role/goldfish/role-id role_id=goldfish
vault write secret/goldfish DefaultSecretPath="secret/" UserTransitKey="goldfish" BulletinPath="secret/bulletins/"
#生成密碼啟封goldfish
vault write -f -wrap-ttl=5m auth/approle/role/goldfish/secret-id
開(kāi)始使用吧���!
文章版權(quán)歸作者所有��,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為���,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請(qǐng)注明本文地址:http://m.hztianpu.com/yun/11330.html
