https://github.com/r3drun3/hashicorp-vault-provisioning
Spin up an Hashicorp Vault test instance with vagrant and Ansible 🔐🔐🔐
https://github.com/r3drun3/hashicorp-vault-provisioning
ansible python3 vagrant vault
Last synced: 1 day ago
JSON representation
Spin up an Hashicorp Vault test instance with vagrant and Ansible 🔐🔐🔐
- Host: GitHub
- URL: https://github.com/r3drun3/hashicorp-vault-provisioning
- Owner: R3DRUN3
- License: mit
- Created: 2022-06-17T11:31:20.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2022-06-27T17:43:53.000Z (about 4 years ago)
- Last Synced: 2025-01-05T09:30:10.448Z (over 1 year ago)
- Topics: ansible, python3, vagrant, vault
- Language: Python
- Homepage:
- Size: 76.2 KB
- Stars: 5
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: license
Awesome Lists containing this project
README
# HASHICORP VAULT PROVISIONING
[](https://opensource.org/licenses/MIT)
Spin up Hashicorp Vault with vagrant and Ansible 🔐🔐🔐

## Abstract
[HashiCorp Vault](https://www.vaultproject.io/) is a secrets management tool specifically designed to control access to sensitive credentials in a low-trust environment.
It can be used to store sensitive values and, at the same time, dynamically generate access for specific services/applications on lease.
This repo contains scripts to provision your own on-prem Vault test instance via Vagrant and Ansible
## Requirements
`vagrant` `ansible`
## Instructions
Clone this repo and start provisioning:
```console
git clone https://github.com/R3DRUN3/hashicorp-vault-provisioning.git \
&& cd hashicorp-vault-provisioning && sh provisioning.sh
```
Once provisioning is complete retrieve the token from the Ansible output, open your browser to the url `http://192.168.56.12:8200/ui`
and login to the Web UI:

Once you have logged in, go to `http://192.168.56.12:8200/ui/vault/secrets/kv/show/test-secret`
and verify that the test secret is present:

Now that your Vault is ready you can freely experiment with this fantastic tool, to test commands via CLI:
Login to the vault host:
```console
vagrant ssh vault
```
authenticate with the vault CLI:
```console
vault login token=INSERT_TOKEN_HERE
```
Retrieve test secret from CLI:
```console
vault kv get kv/test-secret
```
Add a new secret from CLI:
```console
vault kv put kv/new-secret secret-value=IamASecret!
```
This repo also contain a simple python script to demonstrate programmatic integration with Vault.
export token as an env var:
```console
export VAULT_TOKEN="INSERT_TOKEN_HERE"
```
Move into app folder and install requirements:
```console
cd app && pip3 install -r requirements.txt
```
launch app:
```console
python3 app.py
IS CLITENT AUTHENTICATED ===> True
RETRIEVING SECRET
Value under path test-secret : {'value': 'my_secret_value'}
WRITE A NEW K/V PAIR
DONE
```