The vault service, store key/value pair in a central store. It's used to not hardcode data in worker's scripts, like password or constant.
- Get your JWT auth token from a ezb_sta.
- Create header and body.
- Call the vault.
$a = Invoke-RestMethod -Uri http://ezb_sta.fqdn/token -UseDefaultCredentials
if($a) {
$h = @{}
$h.Authorization = "bearer "+ $a.access_token
$h."EZB-VAULT-KEY" = "AEScryptKEY"
$key = @{}
$key.key = "firstkey"
$key.value = "firstvalue"
Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn -Method Post -Body $( $key | ConvertTo-Json -Compress) -ContentType "application/json"
}
- one
Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey
- all
Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn
Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey -Method Put -Body $( $key | ConvertTo-Json -Compress) -ContentType "application/json"
Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey -Method Delete
1. Download ezb_vault from GitHub
PS E:\ezbastion\ezb_vault> ezb_vault init
this commande will create folder and the default config.json file.
{
"listen": ":5100",
"privatekey": "cert/ezb_vault.key",
"publiccert": "cert/ezb_vault.crt",
"cacert": "cert/ca.crt",
"dbpath": "db/ezb_vault.db",
"servicename": "ezb_vault",
"servicefullname": "Easy Bastion Vault",
"loglevel": "warning"
}
/!\ Don't forget to copy all public STA certificat to the cert folder /!
cert name must match jwt ISS value.
PS E:\ezbastion\ezb_vault> ezb_vault install
PS E:\ezbastion\ezb_vault> ezb_vault start
Copyright (C) 2018 Renaud DEVERS info@ezbastion.com
Used library:
Name | Copyright | version | url |
---|---|---|---|
gin | MIT | 1.2 | github.com/gin-gonic/gin |
cli | MIT | 1.20.0 | github.com/urfave/cli |
gorm | MIT | 1.9.2 | github.com/jinzhu/gorm |
logrus | MIT | 1.0.4 | github.com/sirupsen/logrus |
go-fqdn | Apache v2 | 0 | github.com/ShowMax/go-fqdn |
jwt-go | MIT | 3.2.0 | github.com/dgrijalva/jwt-go |
gopsutil | BSD | 2.15.01 | github.com/shirou/gopsutil |