securite:vault_user
Ceci est une ancienne révision du document !
sudo useradd -r -d /var/lib/vault -s /bin/nologin vault sudo install -o vault -g vault -m 750 -d /var/lib/vault sudo mkdir /etc/vault sudo nano /etc/vault.file.hcl
storage "file" { path = "/var/lib/vault/data" } listener "tcp" { address = "127.0.0.1:8200" tls_disable = 0 tls_cert_file = "/var/lib/vault/vault.crt" tls_key_file = "/var/lib/vault/vault.key" }
sudo chown vault:vault /etc/vault/vault.file.hcl sudo chmod 640 /etc/vault/vault.file.hcl
sudo nano /etc/systemd/system/vault.service
[Unit] Description=a tool for managing secrets Documentation=https://vaultproject.io/docs/ After=network.target ConditionFileNotEmpty=/etc/vault/vault.file.hcl [Service] User=vault Group=vault ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.file.hcl ExecReload=/usr/local/bin/kill --signal HUP $MAINPID CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK AmbientCapabilities=CAP_IPC_LOCK Capabilities=CAP_IPC_LOCK+ep SecureBits=keep-caps NoNewPrivileges=yes KillSignal=SIGINT [Install] WantedBy=multi-user.target
Create a group for key access:
sudo groupadd pki
sudo chgrp pki /etc/vault/pki sudo chmod g+rx /etc/vault/pki sudo gpasswd -a vault pki
securite/vault_user.1527206885.txt.gz · Dernière modification : 2022/02/02 00:43 (modification externe)