The latest articles on Debug School by Gandhalee (@shirkegandhalee). https://www.debug.school/shirkegandhalee https://www.debug.school/images/DaV0owp0ovfNX9M-BETGZtKkqcCcQF9tMh5JJJKHt00/rs:fill:90:90/g:sm/mb:500000/ar:1/aHR0cHM6Ly93d3cu/ZGVidWcuc2Nob29s/L3VwbG9hZHMvdXNl/ci9wcm9maWxlX2lt/YWdlLzEyOS84OTRl/NTg1OS0yMjhhLTQ2/NzUtOGE0Mi1hNzhh/Y2JhN2QwZWUucG5n https://www.debug.school/shirkegandhalee en Gandhalee Tue, 11 Oct 2022 19:29:59 +0000 https://www.debug.school/shirkegandhalee/hashicorp-vault-assignment-day-2-5ga3 https://www.debug.school/shirkegandhalee/hashicorp-vault-assignment-day-2-5ga3 <ol> <li>What is Policy and Process of creating sample Policy? <ul> <li>Policy defines permissions in vault. Policy syntax comprises of HCL , a path and capabilities. Policies are associated with tokens directly or indirectly, defining actions allowed by token. Standard polices are -Default policy and Root policy. </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- vault policy write sample-policy sample.hcl - Content of sample.hcl path "sys/dev/*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] } - vault policy read sample-policy` </code></pre> </div> <ol> <li> <p>What are types of Tokens and use case of it</p> <ul> <li>Service Token</li> <li>Batch Token Use Cases: </li> <li>Database system will use token for secrets access</li> <li>Tokens should not be able to create children.</li> <li>System does not support dynamically changing the token value.</li> <li>Tokens should have a limited lifetime and cannot be renewed.</li> </ul> </li> <li> <p>Top 5 Commands working with tokens</p> <ul> <li>vault token lookup TOKEN_VALUE</li> <li>vault token create -policy=default -ttl=60m</li> <li>vault token renew $batch_id</li> <li>vault token revoke -self</li> <li>vault write auth/userpass/users/ned token_max_ttl=2780000 password=tacos</li> </ul> </li> <li> <p>Top 5 Commands working with Policy</p> <ul> <li>vault token create -policy=accounting</li> <li>vault policy list </li> <li>vault policy write secrets-mgmt secrets-mgmt.hcl</li> <li>vault policy read secrets-mgmt</li> <li>vault policy delete accounting</li> </ul> </li> </ol> Gandhalee Mon, 10 Oct 2022 11:50:51 +0000 https://www.debug.school/shirkegandhalee/hashicorp-vault-assignment-46h3 https://www.debug.school/shirkegandhalee/hashicorp-vault-assignment-46h3 <ol> <li> <p>What is top 10 use cases of Hashicorp Vault?</p> <ul> <li>Secrets Management.</li> <li>Dynamic Secrets.</li> <li>Kubernetes Secrets.</li> <li>Database Credential Rotation.</li> <li>Automated PKI Infrastructure.</li> <li>Identity-based Access.</li> <li>Data Encryption &amp; Tokenization.</li> <li>Key Management.</li> <li>Transit Secrets Engine</li> <li>Transform Secrets Engine</li> </ul> </li> <li> <p>List of Authentication Methods in Hashicorp Vault</p> <ul> <li>Token</li> <li>Approle</li> <li>Userpass</li> </ul> </li> <li> <p>5 Use Case of Approle and Userpass Authentication Methods</p> <ul> <li>PAT on GitHub</li> <li>Oracle Cloud Infrastructure</li> <li>AWS</li> <li>Azure</li> <li>Google Cloud</li> </ul> </li> <li> <p>Top 10 Commands for Hashicorp Vault Learnt Today?</p> <ul> <li>vault login</li> <li>vault version</li> <li>vault status</li> <li>vault server -dev</li> <li>vault auth enable userpass</li> <li>vault auth disable userpass/</li> <li>vault auth list</li> <li>vault path-help auth/userpass/</li> <li>vault write auth/userpass/users/ned password=tacos</li> <li>vault read auth/userpass/role/webapp/role-id</li> <li>vault -help</li> </ul> </li> </ol>