securite:vault_user
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
securite:vault_user [2018/05/25 01:15] – sgariepy | securite:vault_user [2022/02/02 00:42] – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | |||
+ | ====== Installation de Vault avec systemctl ====== | ||
+ | |||
Ligne 26: | Ligne 29: | ||
sudo chown vault:vault / | sudo chown vault:vault / | ||
sudo chmod 640 / | sudo chmod 640 / | ||
+ | |||
+ | |||
+ | sudo nano / | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | < | ||
+ | [Unit] | ||
+ | Description=a tool for managing secrets | ||
+ | Documentation=https:// | ||
+ | After=network.target | ||
+ | ConditionFileNotEmpty=/ | ||
+ | |||
+ | [Service] | ||
+ | User=vault | ||
+ | Group=vault | ||
+ | ExecStart=/ | ||
+ | ExecReload=/ | ||
+ | CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK | ||
+ | AmbientCapabilities=CAP_IPC_LOCK | ||
+ | Capabilities=CAP_IPC_LOCK+ep | ||
+ | SecureBits=keep-caps | ||
+ | NoNewPrivileges=yes | ||
+ | KillSignal=SIGINT | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | |||
+ | Create a group for key access: | ||
+ | |||
+ | |||
+ | sudo groupadd pki | ||
+ | |||
+ | |||
+ | sudo chgrp pki / | ||
+ | sudo chmod g+rx / | ||
+ | sudo gpasswd -a vault pki | ||
+ | |||
+ | |||
+ | |||
+ | ====== Démarrage ====== | ||
+ | |||
+ | |||
+ | $ sudo systemctl start vault | ||
+ | $ sudo systemctl status vault | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | [[https:// | ||
+ | |||