hashicorp-vault

Hashicorp Vault AppRole: role-id and secret-id

穿精又带淫゛_ 提交于 2019-12-10 21:46:47
问题 I have a Django app. I want it to get all needed secrets from Vault. As I understood I need to use AppRole for this. I created a role. But then I need to auth using hvac: # App Role client.auth_approle('MY_ROLE_ID', 'MY_SECRET_ID') So I manually get role-id and secret-id , that's ok. The question is where do I store them? Can I store role-id simply in my git repo settings.py file? Where should I store secret-id ? UPD: Actually secret-id has it's own TTL. So when I restart my app how to get a

fetching vault secret value using terraform

不羁的心 提交于 2019-12-10 17:11:31
问题 I am using a vault server with consul as a storage backend and trying to fetch a password value using vault provider in terraform. But it doesn't fetch its value. I stored my secrets at location secret/instances main.tf provider "vault" { address = "https://<IP_ADDRESS>:<PORT_NUMBER>" token = "118bb796-d715-8ce4-b987-7f354ff3f5a7" } data "vault_generic_secret" "mypass"{ path = "secret/instances/password" } output "mypassword" { value = "${data.vault_generic_secret.mypass.data["value"]}" }

Terraform and cleartext password in (remote) state file

允我心安 提交于 2019-12-09 09:45:14
问题 There are many Git issues opened on the Terraform repo about this issue, with lots of interesting comments, but as of now I still see no solution to this issue. Terraform stores plain text values, including passwords, in tfstate files. Most users are required to store them remotely so the team can work concurrently on the same infrastructure with most of them storing the state files in S3. So how do you hide your passwords? Is there anyone here using Terraform for production? Do you keep you

Terraform and cleartext password in (remote) state file

ⅰ亾dé卋堺 提交于 2019-12-04 03:49:27
There are many Git issues opened on the Terraform repo about this issue, with lots of interesting comments, but as of now I still see no solution to this issue. Terraform stores plain text values, including passwords, in tfstate files. Most users are required to store them remotely so the team can work concurrently on the same infrastructure with most of them storing the state files in S3. So how do you hide your passwords? Is there anyone here using Terraform for production? Do you keep you passwords in plain text? Do you have a special workflow to remove or hide them? What happens when you
订阅 hashicorp-vault