[Video Course] HashiCorp Certified Vault Associate

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 6h 38m | 1.71 GB

// Vault UI is not available in this binary
$ http://127.0.0.1:8200/ui/

$ docker run --cap-add=IPC_LOCK -e 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}' -p 8200:8200 hashicorp/vault server

$ vault server -dev

$ export VAULT_ADDR='http://127.0.0.1:8200'

$ vault status

$ curl http://127.0.0.1:8200/v1/sys/init

$ vault kv put -mount=secret color-A red=1
$ vault kv get -mount=secret color-A

$ vault kv put -mount=secret color-B orange=2
$ vault kv list secret/

$ vault kv delete -mount=secret color-A
$ vault kv get -mount=secret color-A
$ vault kv undelete -mount=secret -versions=1 color-A
$ vault kv get -mount=secret color-A

// Vault UI is not available in this binary
$ http://127.0.0.1:8200/ui/

$ mkdir -p ~/vault/data
$ cd ~/vault/data

$ mkdir -p ~/vault/data
$ cd ~/vault/data

$ vi config.hcl
$ mkdir -p ./vault/data

ui = true
disable_mlock = true

storage "raft" {
  path = "./vault/data"
  node_id = "node1"
}

listener "tcp" {
  address = "<your_IP_address>:8200"
  tls_disable = "true"
}

api_addr = "http://<your_IP_address>:8200"
cluster_addr = "https://<your_IP_address>:8201"

$ vault server --config=config.hcl

$ export VAULT_ADDR='http://192.168.56.11:8200'

$ vault status

$ vault operator init

$ vault operator unseal

// root token
$ vault login

$ vault secrets list

$ vault secrets enable kv

$ vault secrets list

$ vault kv put -mount=kv solar_system planet1=mercury
$ vault kv list kv
$ vault kv get -mount=kv solar_system

$ vault operator seal

$ vault operator init
$ vault operator unseal
$ vault operator unseal
$ vault operator unseal

$ vault auth enable userpass
$ vault auth list
$ vault auth disable userpass

$ vault auth enable -path=local_logins -description="Local Username Authentication" userpass
$ vault auth disable local_logins
$ vault auth enable userpass

$ vault write auth/userpass/users/test_user password=test123
$ vault read auth/userpass/users/test_user

$ vault login -method=userpass \
username=test_user \
password=test123

// [OK!]
$ curl \
  --request POST \
  --data '{"password": "test123"}' \
  http://192.168.56.11:8200/v1/auth/userpass/login/test_user | jq

$ vault read sys/policy/default
$ vault read sys/policy/root

$ vault read sys/policy/default >> default.hcl

$ vault server -dev

$ export VAULT_ADDR='http://127.0.0.1:8200'
$ export VAULT_TOKEN=<Root Token>
$ vault status


$ git clone https://github.com/daveprowse/vac-course
$ cd vac-course/lab-05/

$ vault policy write admin admin-policy.hcl
$ vault policy list

$ vault policy read admin
$ vault read sys/policy/admin

$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/policies/acl/admin | jq

$ vault token create -policy=admin

ADMIN_TOKEN=$(vault token create -format=json -policy="admin" | jq -r ".auth.client_token")

$ echo ${ADMIN_TOKEN}

$ vault token lookup $ADMIN_TOKEN

$ vault token capabilities $ADMIN_TOKEN sys/auth/approle

$ vault token capabilities $ADMIN_TOKEN sys/auth
$ vault token capabilities $ADMIN_TOKEN auth/

$ vault server -dev
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ export VAULT_TOKEN=<ROOT_TOKEN>

$ vault token create
$ vault token revoke <CREATED_TOKEN>

$ vault token create -ttl=1h -use-limit=3 -policy=default
$ export LIMITED_TOKEN=<CREATED_TOKEN_ID>

$ vault token lookup $LIMITED_TOKEN
$ VAULT_TOKEN=$LIMITED_TOKEN vault token lookup
$ VAULT_TOKEN=$LIMITED_TOKEN vault token lookup
$ VAULT_TOKEN=$LIMITED_TOKEN vault token lookup
$ vault token lookup $LIMITED_TOKEN

$ vault token create -ttl=1h -policy=default
$ vault token renew <CREATED_TOKEN_ID>
$ vault token lookup <CREATED_TOKEN_ID>

$ vault list auth/token/accessors

$ vault token revoke <CREATED_TOKEN_ID>

$ vault list auth/token/accessors

$ vault token revoke ${ROOT_TOKEN}