#!/bin/bash
# Vault开发环境快速开始指南

echo "===== Vault开发环境快速开始 ====="

# 1. 设置环境变量
echo "1. 设置环境变量"
source /root/mgmt/security/secrets/vault/dev/vault_env.sh
echo "VAULT_ADDR: $VAULT_ADDR"
echo "VAULT_TOKEN: $VAULT_TOKEN"

# 2. 检查Vault状态
echo ""
echo "2. 检查Vault状态"
vault status

# 3. 存储密钥值
echo ""
echo "3. 存储密钥值"
vault kv put secret/example/api_key value="my_secret_api_key_12345"

# 4. 读取密钥值
echo ""
echo "4. 读取密钥值"
vault kv get secret/example/api_key

# 5. 列出密钥路径
echo ""
echo "5. 列出密钥路径"
vault kv list secret/example/

# 6. 创建策略示例
echo ""
echo "6. 创建示例策略"
cat > /tmp/example-policy.hcl << EOF
# 示例策略 - 允许读取secret/example路径下的密钥
path "secret/example/*" {
  capabilities = ["read", "list"]
}

# 允许列出密钥引擎
path "sys/mounts" {
  capabilities = ["read"]
}
EOF

vault policy write example-policy /tmp/example-policy.hcl

# 7. 创建有限权限令牌
echo ""
echo "7. 创建有限权限令牌"
vault token create -policy=example-policy

echo ""
echo "===== Vault开发环境快速开始完成 ====="
echo "您现在可以开始在开发环境中使用Vault了！"