美文网首页
【vault】vault管理应用公私钥

【vault】vault管理应用公私钥

作者: 不务正业的coder | 来源:发表于2021-03-18 17:37 被阅读0次

    启用KV机密引擎

    #启用多版本
    $ vault secrets enable -path=kv kv-v2
    或
    $ vault kv enable-versioning kv/
    

    注:启用多版本后,配置policy和接口调用读写时,path需以【kv/data/】为前缀,否则只有【kv/】

    ACL Policy配置

    1. default policy

    # Allow all app to read RSA public key
    path "kv/data/rsa/public/*" {
      capabilities=["read"]
    }
    

    2.应用私有policy

    示例:user应用policy

    # Allow app to read own RSA private key
    path "kv/data/rsa/private/user" {
      capabilities = ["read"]
    }
    

    示例:devops应用policy (可以读写所有应用公私钥)

    path "kv/data/rsa/public/*" {
      capabilities = ["create", "update","read","delete","list"]
    }
    path "kv/data/rsa/private/*" {
      capabilities = ["create", "update","read","delete","list"]
    }
    

    vault客户端调用

    • vault cli 调用 path无需/data
    • java sdk 调用 path需/data
    #1.读数据: version为空或0,读取默认版本 (返回版本号)
    VaultResponse response=vaultApiTemplate.read(path,version);
    
    #2.写数据:
    Map<String,String> map=new HashMap<>();
    map.put("key","123456");
    VaultResponse response=vaultApiTemplate.write(path,map);
    

    相关文章

      网友评论

          本文标题:【vault】vault管理应用公私钥

          本文链接:https://www.haomeiwen.com/subject/ctdpcltx.html