{"id":22370490,"url":"https://github.com/pollosp/vault-test","last_synced_at":"2026-03-19T22:35:50.693Z","repository":{"id":146700527,"uuid":"72925023","full_name":"pollosp/vault-test","owner":"pollosp","description":null,"archived":false,"fork":false,"pushed_at":"2016-11-06T09:36:55.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-31T21:11:24.365Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pollosp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-05T12:36:30.000Z","updated_at":"2016-11-05T12:38:00.000Z","dependencies_parsed_at":"2023-04-03T10:48:06.822Z","dependency_job_id":null,"html_url":"https://github.com/pollosp/vault-test","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pollosp%2Fvault-test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pollosp%2Fvault-test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pollosp%2Fvault-test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pollosp%2Fvault-test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pollosp","download_url":"https://codeload.github.com/pollosp/vault-test/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245697080,"owners_count":20657834,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-04T19:45:46.360Z","updated_at":"2026-01-05T19:45:49.808Z","avatar_url":"https://github.com/pollosp.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"#VAULT\nTest vault\n## Password Tokens\n- `docker network create vaulttest_default`\n- `docker-compose create` It builds the container\n- `docker-compose start` It starts the container\n- `docker-compose exec vault vault init` It initzialize the vault with 5 keys, you need this in order unseal the vault and it is goint to return root token in order unseal the vault\n- `docker-compose exec vault vault unseal`\n- `docker-compose exec vault vault auth` Root token required for this test\n- `docker-compose exec vault vault policy-write foo /hcl/foo-policy.hcl`\n- `docker-compose exec vault vault policy-write secret /hcl/renew-write-policy.hcl`\n- `docker-compose exec vault vault token-create -policy=\"secret\"`\n- `docker-compose exec vault vault token-create -policy=\"foo\"`\n- `docker-compose exec vault vault write secret/foo value=yes`\n- `docker-compose exec vault vault write secret/ardilla value=password`\n\n## MySQL\nThe MySQL secret backend for Vault generates database credentials dynamically based on configured roles. This means that services that need to access a database no longer need to hardcode credentials: they can request them from Vault, and use Vault's leasing mechanism to more easily roll keys.\n\n### MYSQL BACKEND\n- `docker-compose exec vault vault mount mysql`\n- `docker-compose exec vault vault write mysql/config/connection connection_url=\"root:verysecret@tcp(mysql:3306)/\"`\n- `docker-compose exec vault vault write mysql/config/lease lease=1h lease_max=24h`\n- This restricts each credential to being valid or leased for 1 hour at a time, with a maximum use period of 24 hours. This forces an application to renew their credentials at least hourly, and to recycle them once per day.\n\n### CREATE MYSQL USERS\n- `docker-compose exec vault vault write mysql/roles/readonly sql=\"CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';\"`\n- `docker-compose exec vault vault write mysql/roles/full sql=\"CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT ALL ON *.* TO '{{name}}'@'%';\"`\n- `docker-compose exec vault vault read mysql/creds/readonly`\n- `docker-compose exec mysql mysql -uread-root-6df374 -pa2332e92-d0be-fe5f-2be3-5e1b6a4a5fbd`\n- `docker-compose exec vault vault renew mysql/creds/readonly/1712c7e8-3611-3bfe-aafa-14becf7ccc3e` #Renews the Lease-id\n\n## SSH\nFor future tests\n- https://www.vaultproject.io/docs/secrets/ssh/index.html\n- https://github.com/hashicorp/vault-ssh-helper\n- https://releases.hashicorp.com/vault-ssh-helper/\n- https://github.com/sjourdan/vault-ssh-backend\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpollosp%2Fvault-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpollosp%2Fvault-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpollosp%2Fvault-test/lists"}