securite:vault_user
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
securite:vault_user [2018/05/25 01:13] – sgariepy | securite:vault_user [2022/02/02 00:42] – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | |||
+ | ====== Installation de Vault avec systemctl ====== | ||
+ | |||
Ligne 5: | Ligne 8: | ||
sudo install -o vault -g vault -m 750 -d / | sudo install -o vault -g vault -m 750 -d / | ||
sudo mkdir /etc/vault | sudo mkdir /etc/vault | ||
- | sudo nano / | + | sudo nano /etc/vault.file.hcl |
| | ||
< | < | ||
Ligne 21: | Ligne 24: | ||
- | | + | |
- | sudo chmod 640 / | + | |
+ | |||
+ | | ||
+ | sudo chmod 640 /etc/vault/vault.file.hcl | ||
+ | |||
+ | |||
+ | sudo nano / | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | < | ||
+ | [Unit] | ||
+ | Description=a tool for managing secrets | ||
+ | Documentation=https:// | ||
+ | After=network.target | ||
+ | ConditionFileNotEmpty=/ | ||
+ | |||
+ | [Service] | ||
+ | User=vault | ||
+ | Group=vault | ||
+ | ExecStart=/ | ||
+ | ExecReload=/ | ||
+ | CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK | ||
+ | AmbientCapabilities=CAP_IPC_LOCK | ||
+ | Capabilities=CAP_IPC_LOCK+ep | ||
+ | SecureBits=keep-caps | ||
+ | NoNewPrivileges=yes | ||
+ | KillSignal=SIGINT | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | |||
+ | Create a group for key access: | ||
+ | |||
+ | |||
+ | sudo groupadd pki | ||
+ | |||
+ | |||
+ | sudo chgrp pki / | ||
+ | sudo chmod g+rx / | ||
+ | sudo gpasswd -a vault pki | ||
+ | |||
+ | |||
+ | |||
+ | ====== Démarrage ====== | ||
+ | |||
+ | |||
+ | $ sudo systemctl start vault | ||
+ | $ sudo systemctl status vault | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | [[https:// | ||