update end-to-end procfile example
parent
46bc2aa7a1
commit
2afab6a7ba
@ -1,5 +1,5 @@
|
||||
# run with `hivemind``
|
||||
systemd-service: sleep 3 && sudo systemd-run --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
|
||||
vault: vault server -dev -dev-root-token-id secret
|
||||
vault-agent: sleep 10 && ./tests/setup-vault && sudo vault agent -config ./tests/vault-agent-example.hcl
|
||||
systemd-vaultd: rm -rf /run/systemd-vault/secrets && sudo ./systemd-vaultd
|
||||
systemd-service: sudo systemd-run --collect -u vault-nixos3.service -p LoadCredential=foo:/run/systemd-vaultd/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
|
||||
#systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock
|
||||
vault-agent: sleep 5 && ./tests/setup-vault && sudo vault agent -config ./tests/vault-agent-example.hcl
|
||||
systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock
|
||||
|
@ -0,0 +1,33 @@
|
||||
pid_file = "./pidfile"
|
||||
|
||||
auto_auth {
|
||||
method {
|
||||
type = "aws"
|
||||
namespace = "/my-namespace"
|
||||
config = {
|
||||
role = "foobar"
|
||||
}
|
||||
}
|
||||
|
||||
sink {
|
||||
type = "file"
|
||||
config = {
|
||||
path = "/tmp/file-foo"
|
||||
}
|
||||
aad = "foobar"
|
||||
dh_type = "curve25519"
|
||||
dh_path = "/tmp/file-foo-dhpath"
|
||||
}
|
||||
|
||||
sink {
|
||||
type = "file"
|
||||
wrap_ttl = "5m"
|
||||
aad_env_var = "TEST_AAD_ENV"
|
||||
dh_type = "curve25519"
|
||||
dh_path = "/tmp/file-foo-dhpath2"
|
||||
derive_key = true
|
||||
config = {
|
||||
path = "/tmp/file-bar"
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
vault = {
|
||||
address = "http://localhost:8200"
|
||||
}
|
||||
template = {
|
||||
contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data.foo }}{{ end }}"
|
||||
destination = "tmp/secrets/vault-nixos3.service-foo"
|
||||
}
|
||||
|
||||
auto_auth {
|
||||
method {
|
||||
type = "approle"
|
||||
config = {
|
||||
role_id_file_path = "tmp/roleID"
|
||||
secret_id_file_path = "tmp/secretID"
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue