hashicorp-vault

来源： https://stackoverflow.com/questions/43983688/configuring-spring-cloud-vault-config-to-pull-from-a-location-other-than-secret

问题 Is there an easy way to mock Hashicorp vault in go tests ? I created a service in Go that accesses Vault, and would like to create proper testing for it. I didn't find a simple solution I like (like moto in python). I also tried using a vault in dev mode in docker (take the system test route) but I have trouble writing to it via API. Ideas ? 回答1: Is there an easy way to mock HashiCorp Vault in Go tests? Don't. Use the real thing! HashiCorp helpfully provides utility functions for starting a

问题 I'm trying to figure out how to use Hashicorp's Vault with spring boot. Initially, I have tried to follow the guide: https://spring.io/guides/gs/vault-config/#scratch But due to api changes I used following command in the vault CLI: vault kv put secret/gs-vault-config example.username=demouser example.password=demopassword which saved both and I'm able to retrieve it with the following command vault kv get secret/gs-vault-config Then I created the Application.java and MyConfiguration.java as

问题 I'm trying to figure out how to use Hashicorp's Vault with spring boot. Initially, I have tried to follow the guide: https://spring.io/guides/gs/vault-config/#scratch But due to api changes I used following command in the vault CLI: vault kv put secret/gs-vault-config example.username=demouser example.password=demopassword which saved both and I'm able to retrieve it with the following command vault kv get secret/gs-vault-config Then I created the Application.java and MyConfiguration.java as

问题 Problem Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first? Details I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup. Status 403 Forbidden [secret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden The above

问题 Problem Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first? Details I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup. Status 403 Forbidden [secret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden The above

问题 I wanted to test Spring Cloud Vault configuration. I installed a Vault server locally and when i try to write some key-values its failing and asking me to use vault kv put command. While the example of Spring Cloud Config in this link shows the usage of vault write command This is the error i get is $ vault write secret/my-app foo=bar Error writing data to secret/my-app: Error making API request. URL: PUT http://127.0.0.1:8200/v1/secret/my-app Code: 404. Errors: WARNING! The following

问题 I have created a hashicorp vault deployment and configured kubernetes auth. The vault container calls kubernetes api internally from the pod to do k8s authentication, and that call is failing with 500 error code (connection refused). I am using docker for windows kubernetes. I added the below config to vault for kubernetes auth mechanism. payload.json { "kubernetes_host": "http://kubernetes", "kubernetes_ca_cert": <k8s service account token> } curl --header "X-Vault-Token: <vault root token>"

问题 I can't figure out how to store files in hashicorp vault. Our use case for a PoC is to store a SSL cert at a certain path and then download it via the HTTP API. I tried using the kv secrets engine which seems the most appropriate. 回答1: It seems that you can specify a file with data in it to store as the value for a key in HashiCorp vault. You can use vault write <path> -value=@file to write the contents of file to the key specified in path. So if you want to store the contents of a crt you

问题 With what CA Certificate are the Kubernetes Service Account JWT tokens signed with? Is there a way to get the public key with which kubernetes service accounts are signed in GKE? 回答1: You have no access to that key in GKE. In general, the Service Account JWT tokens are signed with an RSA key by the controller manager. The key is specified by the --service-account-private-key-file for kube-controller-manager . (The public key is specified by the --service-account-key-file parameter for kube