securite:vault_user
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
securite:vault_user [2018/05/25 01:37] – sgariepy | securite:vault_user [2022/04/10 22:33] (Version actuelle) – supprimée sgariepy | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | |||
- | |||
- | |||
- | sudo useradd -r -d / | ||
- | sudo install -o vault -g vault -m 750 -d / | ||
- | sudo mkdir /etc/vault | ||
- | sudo nano / | ||
- | | ||
- | < | ||
- | storage " | ||
- | path = "/ | ||
- | } | ||
- | |||
- | listener " | ||
- | address = " | ||
- | tls_disable = 0 | ||
- | tls_cert_file = "/ | ||
- | tls_key_file = "/ | ||
- | } | ||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | sudo chown vault:vault / | ||
- | sudo chmod 640 / | ||
- | |||
- | |||
- | sudo nano / | ||
- | | ||
- | | ||
- | | ||
- | < | ||
- | [Unit] | ||
- | Description=a tool for managing secrets | ||
- | Documentation=https:// | ||
- | After=network.target | ||
- | ConditionFileNotEmpty=/ | ||
- | |||
- | [Service] | ||
- | User=vault | ||
- | Group=vault | ||
- | ExecStart=/ | ||
- | ExecReload=/ | ||
- | CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK | ||
- | Capabilities=CAP_IPC_LOCK+ep | ||
- | SecureBits=keep-caps | ||
- | NoNewPrivileges=yes | ||
- | KillSignal=SIGINT | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | |||
- | |||
- | Create a group for key access: | ||
- | |||
- | |||
- | sudo groupadd pki | ||
- | |||
- | |||
- | sudo chgrp pki / | ||
- | sudo chmod g+rx / | ||
- | |||
- | |||
securite/vault_user.1527205043.txt.gz · Dernière modification : 2022/02/02 00:43 (modification externe)