You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eux -o pipefail
|
|
|
|
export BAO_ADDR=http://127.0.0.1:8200
|
|
|
|
export BAO_TOKEN=secret
|
|
|
|
|
|
|
|
while ! openbao status; do
|
|
|
|
sleep 1
|
|
|
|
done
|
|
|
|
|
|
|
|
mkdir -p tmp
|
|
|
|
|
|
|
|
# capabilities of our vault agent
|
|
|
|
cat > tmp/policy-file.hcl <<EOF
|
|
|
|
path "secret/data/*" {
|
|
|
|
capabilities = ["read"]
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
openbao policy write demo tmp/policy-file.hcl
|
|
|
|
openbao kv put secret/my-secret foo=bar
|
|
|
|
|
|
|
|
# role for our vault agent
|
|
|
|
openbao auth enable approle
|
|
|
|
openbao write auth/approle/role/role1 bind_secret_id=true token_policies=demo
|
|
|
|
echo -n $(openbao read -format json auth/approle/role/role1/role-id | jq -r .data.role_id) > tmp/roleID
|
|
|
|
echo -n $(openbao write -force -format json auth/approle/role/role1/secret-id | jq -r .data.secret_id) > tmp/secretID
|