GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → experimental-dustbin → vault-quickstart

experimental-dustbin / vault-quickstart

Licence: other
Some shell scripts to get vault up and running as quickly as possible

Programming Languages

shell
77523 projects

Labels

quickstarthashicorp-vault

Projects that are alternatives of or similar to vault-quickstart

orchestrate-quick-start
PegaSys Orchestrate Quick start
Stars: ✭ 19 (+72.73%)
Mutual labels:  quickstart, hashicorp-vault
vault-demo
Walkthroughs and scripts for my @hashicorp Vault talks
Stars: ✭ 67 (+509.09%)
Mutual labels:  hashicorp-vault
awesome.gl
棒棒哒攻略:Developer's Technical Documents, API References, Code Examples, Quick Starts, Programming minutebooks, and Tutorials. https://awesome.gl
Stars: ✭ 12 (+9.09%)
Mutual labels:  quickstart
vault-plugin-splunk
Vault plugin to securely manage Splunk admin accounts and password rotation
Stars: ✭ 23 (+109.09%)
Mutual labels:  hashicorp-vault
oci-quickstart
Oracle Cloud Infrastructure Quick Start
Stars: ✭ 59 (+436.36%)
Mutual labels:  quickstart
secrets cli
CLI for storing and reading your secrets via vault
Stars: ✭ 24 (+118.18%)
Mutual labels:  hashicorp-vault
vault-token-helper
@hashicorp Vault Token Helper for macOS, Linux and Windows with support for secure token storage and multiple Vault servers 🔐
Stars: ✭ 74 (+572.73%)
Mutual labels:  hashicorp-vault
rhythm
Time-based job scheduler for Apache Mesos
Stars: ✭ 30 (+172.73%)
Mutual labels:  hashicorp-vault
quickstart-docker-git
Boostrap projects with a Dockerfile and a folder structure that works.
Stars: ✭ 47 (+327.27%)
Mutual labels:  quickstart
quickstart-calls-directcall-ios
iOS sample for Direct Call of Sendbird Calls, guiding you to build a real-time voice and video calls quickly and easily.
Stars: ✭ 13 (+18.18%)
Mutual labels:  quickstart
create-material-ui-app
create-react-app + storybook + storybook-addon-material-ui
Stars: ✭ 55 (+400%)
Mutual labels:  quickstart
in-app-payments-android-quickstart
In-App Payments Quick Start Sample Android App
Stars: ✭ 39 (+254.55%)
Mutual labels:  quickstart
twitter-bot-bootstrap
Template for creating a twitter bot using python (twython) and heroku
Stars: ✭ 26 (+136.36%)
Mutual labels:  quickstart
auth0-aspnetcore-mvc-samples
Auth0 Integration Samples for ASP.NET Core MVC Web Applications
Stars: ✭ 120 (+990.91%)
Mutual labels:  quickstart
NetCore.HashiCorp.Vault
Securing with HashiCorpVault in Kubernetes
Stars: ✭ 17 (+54.55%)
Mutual labels:  hashicorp-vault
twilio-chat-demo-android
Chat API Demo Application for Android
Stars: ✭ 64 (+481.82%)
Mutual labels:  quickstart
typescript-on-browser-starter
Starter for TypeScript on Web Browser
Stars: ✭ 23 (+109.09%)
Mutual labels:  quickstart
showcase
Showcasing what can be done with Bastion
Stars: ✭ 19 (+72.73%)
Mutual labels:  quickstart
vault-puppet
Using @hashicorp Vault with Puppet
Stars: ✭ 36 (+227.27%)
Mutual labels:  hashicorp-vault
auth0-xamarin-oidc-samples
Auth0 OIDC Client with Xamarin applications
Stars: ✭ 26 (+136.36%)
Mutual labels:  quickstart
View All Similar Projects ➔

Introduction

I got tired of repeating the same steps over and over again when setting up a vault server so wrote a basic set of scripts to get up and running with a self-signed certificate and local file backend.

The scripts are idempotent so it is possible to modify vars.sh and not rely on the defaults. You can create the required files yourself and everything should still work fine.

For a more secure deployment I recommend encrypting the initialization data and not unsealing the server automatically. The current initialization script (init.sh) stores the initialization data in clear text and then uses that to unseal the running server (unseal.sh) after it is started (start.sh).

For a production deployment you'd probably also want to use a proper supervisor script instead of start.sh which just uses nohup. Then again I'm not sure there is much benefit to using a proper process supervisor. If the server dies you'd still need to unseal it when it starts so it kinda defeats the purpose of running the server under a supervisor. You'd still need to manually unseal the server and one extra step in the process is not going to make much of a difference.

For an HA deployment you'd also want to use an HA backend like Consul. The current configuration lives in start.sh and just configures a basic file backend based on the parameters in vars.sh.

Deployment

git clone https://github.com/davidk01/vault-quickstart.git
cd vault-quickstart
# We need the user that will run the vault process.
# If you have a user configured then change this to that user.
export VAULT_USER="$(whoami)"
./install.sh && ./start.sh && ./init.sh && ./unseal.sh

If you want to use the scripts as a cloud-init script then just cocatenate everything together (cat vars.sh install.sh start.sh init.sh unseal.sh) and use that as the cloud-init script.

DC/OS

This repository can also be used as a starting point for running vault as a DC/OS marathon application/service

wget -O vault.json \
  https://raw.githubusercontent.com/davidk01/vault-quickstart/master/dcos/vault.json
dcos marathon app add vault.json

The above DC/OS marathon configuration will pull in an archive of this repository and then run using the basic Mesos containerizer. Running things as a docker container is left as an exercise for the reader.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].