Skip to content

benschw/vault-demo

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

POC Vault cluster

6 vms

  • consul consul server to coordinate discovery and provide a backend for vault
  • vault0 vault server
  • vault1 a second vault server to demonstrate how HA works
  • mysql a mysql-server for the todo service to utilize. credentials are managed by vault
  • todo0 the demo service to see everything come together
  • todo1 a second demo service for HA

not just a simple vagrant up:

For vault to be secure, the bootstrapping process for a new vault server must be done out of band. Key shards must be provided to unseal the vault, and these should be entrusted to trusted people (by entrusting them to an automated process, you haven't secured anything - just added another turtle to the stack).

That said, for this POC we are automating it (but keeping the work separate from the normal automation to illustrate the separation). So that's what all the bash scripts coming up are all about.

Setup

Install puppet deps:

./puppet-deps.sh

Bring up the infrastructure:

vagrant up consul vault0 vault1 mysql

Initialize, Unseal, and configure Vault:

./01-init.sh
./02-unseal.sh
./03-configure.sh

Stand up the todo instances:

./04-provision-todo.sh

Verify everything came up correctly:

curl -X POST http://172.20.20.14:8080/todo -d '{"status": "new", "content": "Hello World"}'
curl http://172.20.20.14:8080/todo/1

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •