如何重新初始化 hashicorp 保险库
How to reinitialize hashicorp vault
我正在研究一个自动化的 hashicorp 保管库进程,我需要重复 运行 保管库操作员初始化命令,因为反复试验,我尝试卸载保管库并重新安装它,但是它似乎这并没有删除它生成的先前的解封密钥+根令牌,我该怎么做?
我在某处读到我需要删除我已经删除的存储“文件”路径,但它不起作用(实际上我的 /opt/vault/data/ 目录是空的),这是我的 vault.hcl 文件:
# Full configuration options can be found at
https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}
# Enterprise license_path
# This will be required for enterprise as of v1.8
#license_path = "/etc/vault.d/vault.hclic"
# Example AWS KMS auto unseal
#seal "awskms" {
# region = "us-east-1"
# kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
# lib = "/usr/vault/lib/libCryptoki2_64.so"
# slot = "0"
# pin = "AAAA-BBBB-CCCC-DDDD"
# key_label = "vault-hsm-key"
# hmac_key_label = "vault-hsm-hmac-key"
#}
如果您只想进行测试,为什么不在开发模式下使用保管库?
此类设置的最佳实践实际上是 terraform 或 chef 或任何其他有状态转换器。这样你就可以将环境带到理想状态(terraform apply)并轻松移除(terraform destroy)。
要重新初始化保管库,您可以将其关闭,删除数据文件夹:在您的情况下为“/opt/vault/data”。再举一个例子。
我正在研究一个自动化的 hashicorp 保管库进程,我需要重复 运行 保管库操作员初始化命令,因为反复试验,我尝试卸载保管库并重新安装它,但是它似乎这并没有删除它生成的先前的解封密钥+根令牌,我该怎么做?
我在某处读到我需要删除我已经删除的存储“文件”路径,但它不起作用(实际上我的 /opt/vault/data/ 目录是空的),这是我的 vault.hcl 文件:
# Full configuration options can be found at
https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}
# Enterprise license_path
# This will be required for enterprise as of v1.8
#license_path = "/etc/vault.d/vault.hclic"
# Example AWS KMS auto unseal
#seal "awskms" {
# region = "us-east-1"
# kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
# lib = "/usr/vault/lib/libCryptoki2_64.so"
# slot = "0"
# pin = "AAAA-BBBB-CCCC-DDDD"
# key_label = "vault-hsm-key"
# hmac_key_label = "vault-hsm-hmac-key"
#}
如果您只想进行测试,为什么不在开发模式下使用保管库?
此类设置的最佳实践实际上是 terraform 或 chef 或任何其他有状态转换器。这样你就可以将环境带到理想状态(terraform apply)并轻松移除(terraform destroy)。
要重新初始化保管库,您可以将其关闭,删除数据文件夹:在您的情况下为“/opt/vault/data”。再举一个例子。