{"id":21202522,"url":"https://github.com/infrablocks/end-to-end-vault","last_synced_at":"2026-03-19T19:17:41.820Z","repository":{"id":37436367,"uuid":"503426437","full_name":"infrablocks/end-to-end-vault","owner":"infrablocks","description":"An end-to-end example of InfraBlocks, by provisioning Vault.","archived":false,"fork":false,"pushed_at":"2024-08-22T20:25:25.000Z","size":59,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-01-21T15:11:18.848Z","etag":null,"topics":["end-to-end","example","hashicorp-vault","infrastructure","infrastructure-as-code","vault"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infrablocks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-14T15:55:05.000Z","updated_at":"2024-07-29T07:46:42.000Z","dependencies_parsed_at":"2024-07-29T09:11:19.233Z","dependency_job_id":"e7297c64-1ea0-4553-a582-4dbf199bc7bd","html_url":"https://github.com/infrablocks/end-to-end-vault","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infrablocks%2Fend-to-end-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infrablocks%2Fend-to-end-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infrablocks%2Fend-to-end-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infrablocks%2Fend-to-end-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infrablocks","download_url":"https://codeload.github.com/infrablocks/end-to-end-vault/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243655410,"owners_count":20326087,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["end-to-end","example","hashicorp-vault","infrastructure","infrastructure-as-code","vault"],"created_at":"2024-11-20T20:16:42.048Z","updated_at":"2025-12-30T11:36:37.670Z","avatar_url":"https://github.com/infrablocks.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# End to End Example - Vault\n\nThis example deploys a fully working Vault instance into an ECS Cluster\nusing KMS to auto unseal and PostgreSQL as the storage backend.\n\nOnly a single instance of Vault is deployed in this example.\n\nAs this is only an example your deployment strategy might differ, this is merely\nmeant as a start-off point.\n\n# How To Deploy\n\nThis project uses `Rake` as a build tool and nearly all necessary commands\nare run through rake. \nPlease note that the order in which to run the commands are reflected by the \norder of the blocks in `Rakefile`\n\n## Requirements\n\n* Domain\n* AWS Account \u0026 Access Credentials\n\n## Instructions\nThe following steps often require a deployment identifier and the domain you own.\nWe use `tungsten` (random element) and `replace.me.uk` in the instruction.\nOther identifiers that need to be replaced \n\nIdentifiers that need to be replaced are indicated with `{}`.\n`deployment-identifier` can be any random word; we like to use elements e.g. 'tungsten'.\n`domain` has to be the base name of the domain you own e.g. 'example.com'\n\n### Bootstrap\nThis deploys an S3 bucket in which all terraformstate files of the following steps\nare stored.\n\n`go \"bootstrap:provision[{deployment-identifier}]\"`\n\n### Deploy Domain\nDeploys a Route53 Domain.\n\n`go \"domain:provision[{deployment-identifier},{domain}]\"`\n\n### Update Nameserver on Domain to Point At Hosted Zone (Manual)\n\nThis is a manual step where you have to update the nameservers on your domain\nto point to the public hosted zone created by the previous step.\n\n### Deploy Certificate\n`go \"certificate:provision[{deployment-identifier},{domain}]\"`\n\n### Deploy Network\n`go \"network:provision[{deployment-identifier}]\"`\n\n### Generate SSH Key for Bastion (Manual)\n\n`ssh-keygen -t rsa -b 4096 -C bastion@{domain} -N '' -f config/secrets/bastion`\n\nRename the generated files to `ssh.private` and `ssh.public`\n\n### Deploy Bastion\n`go \"bastion:provision[{deployment-identifier}]\"`\n\n### Set Outbound Rules (Manual)\n\nCurrently infrablocks/bastion only allows outbound traffic on port 22. \nTo be able to connect to the database add an outbound rule\nfor port 5432.\n\n### Test Bastion Is Working\nThe following command should give you access to the bastion.\nThe public ip can be found in the info page of the EC2 instance in the AWS Console.\n\n`ssh -i config/secrets/bastion/ssh.private ec2-user@{bastion-public-ip}`\n\n### Deploy Database \n`go \"database:provision[{deployment-identifier}]\"`\n\nThis may take a few minutes.\n\n### Test Connecting to Database Via Bastion\nThe following command will create a tunnel on your machine's port `5432` to the \ndatabase in RDS.\n\nThe host name can be found in the info page of the RDS instance in the AWS Console.\n\n`ssh -i config/secrets/bastion/ssh.private -N -L 5432:{rds-host-name}:5432 ec2-user@{bastion-public-ip}`\n\nThere will be no output from this command and the terminal will keep the connection\nopen until the command is terminated.\n\nWhile the tunnel is open it should be possible to connect to the database \non `localhost:5432`.\n\n### Deploy Database Migrations\n`go \"database_migrations:provision[{deployment-identifier}]\"`\n\n### Deploy Cluster \n`go \"cluster:provision[{deployment-identifier}]\"`\n\n### Deploy Service\n`go \"service:provision[{deployment-identifier},{domain}]\"`\n\n### Test Vault Is Running\n\nAccess your Vault instance by accessing `https://vault-{deployment-identifier}.{domain}`\nin your browser.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfrablocks%2Fend-to-end-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfrablocks%2Fend-to-end-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfrablocks%2Fend-to-end-vault/lists"}