Skip to content

Commit

Permalink
Updates example vault script
Browse files Browse the repository at this point in the history
  • Loading branch information
@froque
froque committed Jan 3, 2023
1 parent c3a1193 commit 71d4353
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions docker-postgres-vault-example.sh 100644 → 100755
View file
@@ -1,11 +1,12 @@
#!/usr/bin/env bash
# https://learn.hashicorp.com/tutorials/vault/database-secrets

docker run \
--detach \
--name learn-postgres \
-e POSTGRES_USER=root \
-e POSTGRES_PASSWORD=rootpassword \
-p 5433:5432 \
-p 5434:5432 \
--rm \
postgres

Expand All @@ -17,16 +18,16 @@ docker exec -i \
learn-postgres \
psql -U root -c "GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"ro\";"

vault server -dev -dev-root-token-id root -dev-listen-address=127.0.0.1:8201

export VAULT_ADDR='http://127.0.0.1:8201'
export VAULT_TOKEN=root

vault server -dev -dev-root-token-id root -dev-listen-address=127.0.0.1:8201

vault secrets enable database

vault write database/config/postgresql \
plugin_name=postgresql-database-plugin \
connection_url="postgresql://{{username}}:{{password}}@localhost:5433/postgres?sslmode=disable" \
connection_url="postgresql://{{username}}:{{password}}@localhost:5434/postgres?sslmode=disable" \
allowed_roles=readonly \
username="root" \
password="rootpassword"
Expand All @@ -43,3 +44,13 @@ vault write database/roles/readonly \
max_ttl=24h

vault read database/creds/readonly

# Connection details:
# Postgres address: localhost
# Postgres port: 5434
# Vault address: http://127.0.0.1:8201
# Vault secret: database/creds/readonly
# Vault token: <empty or /home/froque/.vault-token>



0 comments on commit 71d4353

Please sign in to comment.