-
Notifications
You must be signed in to change notification settings - Fork 2
/
vault.sh
executable file
·40 lines (23 loc) · 1.16 KB
/
vault.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env bash
export ROOT_DIR_PATH=$(dirname $(realpath "$0"))
export FILE="$ROOT_DIR_PATH/vault-init.txt"
if [ -f "$FILE" ]; then
echo "$FILE exists."
exit $1
fi
export VAULT_ADDR='http://127.0.0.1:8200'
docker network create pg
docker container run --network pg --cap-add IPC_LOCK --name server01 -d -p 8200:8200 -v $ROOT_DIR_PATH/vault.hcl:/vault/config/vault.hcl -v $ROOT_DIR_PATH/vault01/file:/vault/file hashicorp/vault:1.16.2 vault server -config=/vault/config/vault.hcl
docker container run --network pg -d --name postgres -e POSTGRES_PASSWORD="password" postgres
docker network connect pg server01
docker network connect pg postgres
sleep 5
vault operator init -key-shares=1 -key-threshold=1 > $ROOT_DIR_PATH/vault-key.txt
sleep 2
vault operator unseal $(grep 'Key 1:' $ROOT_DIR_PATH/vault-key.txt | awk '{print $NF}')
cp $ROOT_DIR_PATH/vault-key.txt $ROOT_DIR_PATH/vault-init.txt
sleep 2
vault login $(grep 'Initial Root Token:' $ROOT_DIR_PATH/vault-key.txt | awk '{print $NF}')
sudo mkdir -p $ROOT_DIR_PATH/vault01/file/audit
sudo chown -R 100:1000 $ROOT_DIR_PATH/vault01/file/audit
vault audit enable file file_path=/vault/file/audit/audit.log