#!/bin/bash
# Vault开发环境使用示例

echo "===== Vault开发环境使用示例 ====="

# 设置环境变量
source /root/mgmt/security/secrets/vault/dev/vault_env.sh

echo "1. 检查Vault状态"
vault status

echo ""
echo "2. 写入示例密钥值"
vault kv put secret/myapp/config username="devuser" password="devpassword" database="devdb"

echo ""
echo "3. 读取示例密钥值"
vault kv get secret/myapp/config

echo ""
echo "4. 列出密钥路径"
vault kv list secret/myapp/

echo ""
echo "5. 创建示例策略"
cat > /tmp/dev-policy.hcl << EOF
# 开发环境示例策略
path "secret/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "sys/mounts" {
  capabilities = ["read"]
}
EOF

vault policy write dev-policy /tmp/dev-policy.hcl

echo ""
echo "6. 创建有限权限令牌"
vault token create -policy=dev-policy

echo ""
echo "7. 启用并配置其他密钥引擎示例"
echo "启用数据库密钥引擎："
echo "vault secrets enable database"

echo ""
echo "===== Vault开发环境示例完成 ====="
echo "注意：这些命令仅用于开发测试，请勿在生产环境中使用相同配置"