Debug School


Posted on

HashiCorp Vault Assignment -Day 2

  1. What is Policy and Process of creating sample Policy?
    • Policy defines permissions in vault. Policy syntax comprises of HCL , a path and capabilities. Policies are associated with tokens directly or indirectly, defining actions allowed by token. Standard polices are -Default policy and Root policy.
- vault policy write sample-policy sample.hcl
- Content of sample.hcl
path "sys/dev/*"
  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
- vault policy read sample-policy`
Enter fullscreen mode Exit fullscreen mode
  1. What are types of Tokens and use case of it

    • Service Token
    • Batch Token Use Cases:
    • Database system will use token for secrets access
    • Tokens should not be able to create children.
    • System does not support dynamically changing the token value.
    • Tokens should have a limited lifetime and cannot be renewed.
  2. Top 5 Commands working with tokens

    • vault token lookup TOKEN_VALUE
    • vault token create -policy=default -ttl=60m
    • vault token renew $batch_id
    • vault token revoke -self
    • vault write auth/userpass/users/ned token_max_ttl=2780000 password=tacos
  3. Top 5 Commands working with Policy

    • vault token create -policy=accounting
    • vault policy list
    • vault policy write secrets-mgmt secrets-mgmt.hcl
    • vault policy read secrets-mgmt
    • vault policy delete accounting

Top comments (0)