Différences

Ci-dessous, les différences entre deux révisions de la page.

--- securite:vault_user [2022/02/02 00:42] – modification externe 127.0.0.1
+++ securite:vault_user [2022/04/10 22:33] (Version actuelle) – supprimée sgariepy
@@ Ligne 1: / Ligne 1: @@
-====== Installation de Vault avec systemctl ======
-  sudo useradd -r -d /var/lib/vault -s /bin/nologin vault
-  sudo install -o vault -g vault -m 750 -d /var/lib/vault
-  sudo mkdir /etc/vault
-  sudo nano /etc/vault.file.hcl
-<code>
-storage "file" {
-  path = "/var/lib/vault/data"
-}
-listener "tcp" {
-  address = "127.0.0.1:8200"
-  tls_disable = 0
-  tls_cert_file = "/var/lib/vault/vault.crt"
-  tls_key_file = "/var/lib/vault/vault.key"
-}
-</code>
-  sudo chown vault:vault /etc/vault/vault.file.hcl
-  sudo chmod 640 /etc/vault/vault.file.hcl
-  sudo nano /etc/systemd/system/vault.service
-<code>
-[Unit]
-Description=a tool for managing secrets
-Documentation=https://vaultproject.io/docs/
-After=network.target
-ConditionFileNotEmpty=/etc/vault/vault.file.hcl
-[Service]
-User=vault
-Group=vault
-ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.file.hcl
-ExecReload=/usr/local/bin/kill --signal HUP $MAINPID
-CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
-AmbientCapabilities=CAP_IPC_LOCK
-Capabilities=CAP_IPC_LOCK+ep
-SecureBits=keep-caps
-NoNewPrivileges=yes
-KillSignal=SIGINT
-[Install]
-WantedBy=multi-user.target
-</code>
-Create a group for key access:
-  sudo groupadd pki
-  sudo chgrp pki /etc/vault/pki
-  sudo chmod g+rx /etc/vault/pki
-  sudo gpasswd -a vault pki
-====== Démarrage ======
-  $ sudo systemctl start vault
-  $ sudo systemctl status vault
-[[https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04|Source]]