50 lines
1.1 KiB
Bash
Executable File
50 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Vault开发环境使用示例
|
|
|
|
echo "===== Vault开发环境使用示例 ====="
|
|
|
|
# 设置环境变量
|
|
source /root/mgmt/security/secrets/vault/dev/vault_env.sh
|
|
|
|
echo "1. 检查Vault状态"
|
|
vault status
|
|
|
|
echo ""
|
|
echo "2. 写入示例密钥值"
|
|
vault kv put secret/myapp/config username="devuser" password="devpassword" database="devdb"
|
|
|
|
echo ""
|
|
echo "3. 读取示例密钥值"
|
|
vault kv get secret/myapp/config
|
|
|
|
echo ""
|
|
echo "4. 列出密钥路径"
|
|
vault kv list secret/myapp/
|
|
|
|
echo ""
|
|
echo "5. 创建示例策略"
|
|
cat > /tmp/dev-policy.hcl << EOF
|
|
# 开发环境示例策略
|
|
path "secret/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
}
|
|
|
|
path "sys/mounts" {
|
|
capabilities = ["read"]
|
|
}
|
|
EOF
|
|
|
|
vault policy write dev-policy /tmp/dev-policy.hcl
|
|
|
|
echo ""
|
|
echo "6. 创建有限权限令牌"
|
|
vault token create -policy=dev-policy
|
|
|
|
echo ""
|
|
echo "7. 启用并配置其他密钥引擎示例"
|
|
echo "启用数据库密钥引擎:"
|
|
echo "vault secrets enable database"
|
|
|
|
echo ""
|
|
echo "===== Vault开发环境示例完成 ====="
|
|
echo "注意:这些命令仅用于开发测试,请勿在生产环境中使用相同配置" |