Différences

Ci-dessous, les différences entre deux révisions de la page.

--- securite:vault_user [2018/05/25 01:13] – sgariepy
+++ securite:vault_user [2022/02/02 00:42] – modification externe 127.0.0.1
@@ Ligne 1: / Ligne 1: @@
+====== Installation de Vault avec systemctl ======
@@ Ligne 5: / Ligne 8: @@
   sudo install -o vault -g vault -m 750 -d /var/lib/vault
   sudo mkdir /etc/vault
-  sudo nano /etc/vault.hcl
+  sudo nano /etc/vault.file.hcl
 <code>
@@ Ligne 21: / Ligne 24: @@
-  sudo chown vault:vault /etc/vault.hcl
-  sudo chmod 640 /etc/vault.hcl
+  sudo chown vault:vault /etc/vault/vault.file.hcl
+  sudo chmod 640 /etc/vault/vault.file.hcl
+  sudo nano /etc/systemd/system/vault.service
+<code>
+[Unit]
+Description=a tool for managing secrets
+Documentation=https://vaultproject.io/docs/
+After=network.target
+ConditionFileNotEmpty=/etc/vault/vault.file.hcl
+[Service]
+User=vault
+Group=vault
+ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.file.hcl
+ExecReload=/usr/local/bin/kill --signal HUP $MAINPID
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK
+Capabilities=CAP_IPC_LOCK+ep
+SecureBits=keep-caps
+NoNewPrivileges=yes
+KillSignal=SIGINT
+[Install]
+WantedBy=multi-user.target
+</code>
+Create a group for key access:
+  sudo groupadd pki
+  sudo chgrp pki /etc/vault/pki
+  sudo chmod g+rx /etc/vault/pki
+  sudo gpasswd -a vault pki
+====== Démarrage ======
+  $ sudo systemctl start vault
+  $ sudo systemctl status vault
+[[https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04|Source]]