- What is Policy and Process of creating sample Policy?
- Policy defines permissions in vault. Policy syntax comprises of HCL , a path and capabilities. Policies are associated with tokens directly or indirectly, defining actions allowed by token. Standard polices are -Default policy and Root policy.
- vault policy write sample-policy sample.hcl
- Content of sample.hcl
path "sys/dev/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
- vault policy read sample-policy`
-
What are types of Tokens and use case of it
- Service Token
- Batch Token Use Cases:
- Database system will use token for secrets access
- Tokens should not be able to create children.
- System does not support dynamically changing the token value.
- Tokens should have a limited lifetime and cannot be renewed.
-
Top 5 Commands working with tokens
- vault token lookup TOKEN_VALUE
- vault token create -policy=default -ttl=60m
- vault token renew $batch_id
- vault token revoke -self
- vault write auth/userpass/users/ned token_max_ttl=2780000 password=tacos
-
Top 5 Commands working with Policy
- vault token create -policy=accounting
- vault policy list
- vault policy write secrets-mgmt secrets-mgmt.hcl
- vault policy read secrets-mgmt
- vault policy delete accounting
Top comments (0)