#VAULT Test vault
docker network create vaulttest_default
docker-compose create
It builds the containerdocker-compose start
It starts the containerdocker-compose exec vault vault init
It initzialize the vault with 5 keys, you need this in order unseal the vault and it is goint to return root token in order unseal the vaultdocker-compose exec vault vault unseal
docker-compose exec vault vault auth
Root token required for this testdocker-compose exec vault vault policy-write foo /hcl/foo-policy.hcl
docker-compose exec vault vault policy-write secret /hcl/renew-write-policy.hcl
docker-compose exec vault vault token-create -policy="secret"
docker-compose exec vault vault token-create -policy="foo"
docker-compose exec vault vault write secret/foo value=yes
docker-compose exec vault vault write secret/ardilla value=password
The MySQL secret backend for Vault generates database credentials dynamically based on configured roles. This means that services that need to access a database no longer need to hardcode credentials: they can request them from Vault, and use Vault's leasing mechanism to more easily roll keys.
docker-compose exec vault vault mount mysql
docker-compose exec vault vault write mysql/config/connection connection_url="root:verysecret@tcp(mysql:3306)/"
docker-compose exec vault vault write mysql/config/lease lease=1h lease_max=24h
- This restricts each credential to being valid or leased for 1 hour at a time, with a maximum use period of 24 hours. This forces an application to renew their credentials at least hourly, and to recycle them once per day.
docker-compose exec vault vault write mysql/roles/readonly sql="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';"
docker-compose exec vault vault write mysql/roles/full sql="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT ALL ON *.* TO '{{name}}'@'%';"
docker-compose exec vault vault read mysql/creds/readonly
docker-compose exec mysql mysql -uread-root-6df374 -pa2332e92-d0be-fe5f-2be3-5e1b6a4a5fbd
docker-compose exec vault vault renew mysql/creds/readonly/1712c7e8-3611-3bfe-aafa-14becf7ccc3e
#Renews the Lease-id
For future tests