"brew services start vault",但解封密钥和根令牌是什么?
"brew services start vault", but what's the unseal key and root token?
在我的 mac 上安装 vault 时,我收到如下提示:
==> Pouring vault-1.6.1.catalina.bottle.tar.gz
==> Caveats
To have launchd start vault now and restart at login:
brew services start vault
Or, if you don't want/need a background service you can just run:
vault server -dev
==> Summary
如果我使用 vault server -dev
启动保管库,它会直接给我解封密钥和根令牌,但如果我选择在 mac、
上启动保管库作为服务
brew services start vault
我可以通过 https://127.0.0.1:8200
访问保险库
但是从哪里获得它的解封密钥和根令牌?
我自己得到了答案。
$ brew services list
Name Status User Plist
...
vault started bill /Users/bill/Library/LaunchAgents/homebrew.mxcl.vault.plist
$ cat /Users/bill/Library/LaunchAgents/homebrew.mxcl.vault.plist
...
<key>WorkingDirectory</key>
<string>/usr/local/var</string>
<key>StandardErrorPath</key>
<string>/usr/local/var/log/vault.log</string>
<key>StandardOutPath</key>
<string>/usr/local/var/log/vault.log</string>
所以保管库日志位于 /usr/local/var/log/vault.log
,带有解封密钥和根令牌。
$ cat /usr/local/var/log/vault.log
...
2020-12-25T22:07:01.747+1100 [INFO] secrets.kv.kv_516b0983: upgrading keys finished
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: XhctKSIXlx2zjd1arUGBucprBXxXmzoygjpGR0S62T4=
Root Token: s.Gd5HSuBB87nSeYMOsdwaMOCk
Development mode should NOT be used in production installations!
在我的 mac 上安装 vault 时,我收到如下提示:
==> Pouring vault-1.6.1.catalina.bottle.tar.gz
==> Caveats
To have launchd start vault now and restart at login:
brew services start vault
Or, if you don't want/need a background service you can just run:
vault server -dev
==> Summary
如果我使用 vault server -dev
启动保管库,它会直接给我解封密钥和根令牌,但如果我选择在 mac、
brew services start vault
我可以通过 https://127.0.0.1:8200
访问保险库但是从哪里获得它的解封密钥和根令牌?
我自己得到了答案。
$ brew services list
Name Status User Plist
...
vault started bill /Users/bill/Library/LaunchAgents/homebrew.mxcl.vault.plist
$ cat /Users/bill/Library/LaunchAgents/homebrew.mxcl.vault.plist
...
<key>WorkingDirectory</key>
<string>/usr/local/var</string>
<key>StandardErrorPath</key>
<string>/usr/local/var/log/vault.log</string>
<key>StandardOutPath</key>
<string>/usr/local/var/log/vault.log</string>
所以保管库日志位于 /usr/local/var/log/vault.log
,带有解封密钥和根令牌。
$ cat /usr/local/var/log/vault.log
...
2020-12-25T22:07:01.747+1100 [INFO] secrets.kv.kv_516b0983: upgrading keys finished
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: XhctKSIXlx2zjd1arUGBucprBXxXmzoygjpGR0S62T4=
Root Token: s.Gd5HSuBB87nSeYMOsdwaMOCk
Development mode should NOT be used in production installations!