암호화 오픈소스 설치
1. 리눅스버전 파일 다운로드
wget https://releases.hashicorp.com/vault/1.9.1/vault_1.9.1_linux_amd64.zip
2. unzip을 하게되면 vault 파일이 생성 되어 있다.
아래와 같이 dev 실행
$ export VAULT_HOME=$HOME/usr/local/vault-1.9.1
$ vault server -dev
......
2021-12-13T11:32:56.792+0900 [INFO] identity: entities restored
2021-12-13T11:32:56.792+0900 [INFO] identity: groups restored
2021-12-13T11:32:56.792+0900 [INFO] core: post-unseal setup complete
2021-12-13T11:32:56.792+0900 [INFO] core: vault is unsealed
2021-12-13T11:32:56.800+0900 [INFO] core: successful mount: namespace="\"\"" path=secret/ type=kv
2021-12-13T11:32:56.808+0900 [INFO] expiration: lease restore complete
2021-12-13T11:32:56.810+0900 [INFO] secrets.kv.kv_d442597f: collecting keys to upgrade
2021-12-13T11:32:56.810+0900 [INFO] secrets.kv.kv_d442597f: done collecting keys: num_keys=1
2021-12-13T11:32:56.810+0900 [INFO] secrets.kv.kv_d442597f: upgrading keys finished
2021-12-13T11:32:56.813+0900 [INFO] rollback: starting rollback manager
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: BG/hRtl2nxC36hR4zoCNVI/QMuVUTZL32Jze27Iy2wM=
Root Token: s.Vi42J7ih1IRs40FEZdKTqbu1
Development mode should NOT be used in production installations!
3. 다른 터미널창을 열어서 아래와 같이 환경 구성
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ echo "BG/hRtl2nxC36hR4zoCNVI/QMuVUTZL32Jze27Iy2wM=" > unseal.key
$ export VAULT_DEV_ROOT_TOKEN_ID=s.Vi42J7ih1IRs40FEZdKTqbu1
4. 사용법 seal/unseal, 데이터 생성/조회
[eva@hadoop01 jjh]$ vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.9.1
Storage Type inmem
Cluster Name vault-cluster-e747d46a
Cluster ID 9e1f5b5a-fa55-0b72-bee4-f6e8c1519496
HA Enabled false
[eva@hadoop01 jjh]$
[eva@hadoop01 jjh]$ vault operator seal
Success! Vault is sealed.
[eva@hadoop01 jjh]$
[eva@hadoop01 jjh]$ vault operator unseal BG/hRtl2nxC36hR4zoCNVI/QMuVUTZL32Jze27Iy2wM=
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.9.1
Storage Type inmem
Cluster Name vault-cluster-e747d46a
Cluster ID 9e1f5b5a-fa55-0b72-bee4-f6e8c1519496
HA Enabled false
[eva@hadoop01 jjh]$ vault kv put secret/hello foo=woorld
Key Value
--- -----
created_time 2021-12-13T07:39:10.976376945Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 2
[eva@hadoop01 jjh]$ vault kv get secret/hello
======= Metadata =======
Key Value
--- -----
created_time 2021-12-13T07:39:10.976376945Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 2
=== Data ===
Key Value
--- -----
foo woorld
5. python hvac라이브러리 사용법
[eva@hadoop01 bin]$ python3
Python 3.9.9 (main, Dec 13 2021, 13:00:28)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hvac
>>> client = hvac.Client(url='http://127.0.0.1:8200', token='s.Vi42J7ih1IRs40FEZdKTqbu1')
>>> client.is_authenticated()
True
>>> client.sys.is_sealed()
False
>>> read_response = client.secrets.kv.read_secret_version(path='hello')
>>> print(read_response)
{'request_id': 'a94f3e8f-c6c1-f397-80f4-975f0950fd1c', 'lease_id': '', 'renewable': False, 'lease_duration': 0, 'data': {'data': {'foo': 'woorld'}, 'metadata': {'created_time': '2021-12-13T06:19:49.288796711Z', 'custom_metadata': None, 'deletion_time': '', 'destroyed': False, 'version': 1}}, 'wrap_info': None, 'warnings': None, 'auth': None}
>>> print(read_response['request_id'])
a94f3e8f-c6c1-f397-80f4-975f0950fd1c
>>> print(read_response['data']['data']['foo'])
woorld
'BIGDATA > LINUX' 카테고리의 다른 글
linux에 chrome 설치 방법 (0) | 2024.01.10 |
---|---|
리눅스 서버에서 사설인증서 생성 방법 (SAN필드 추가) (1) | 2023.05.17 |
centos7 Openldap 설치 (0) | 2023.04.11 |
버츄얼 박스로 centos7 설치 및 세팅 (0) | 2021.11.22 |
sqlite3 version upgrade 방법 (0) | 2021.08.06 |