首页 > 其他分享 >深入了解安全工具Vault、Vault根令牌和解封密钥,详细整理部署Vault的详细步骤

深入了解安全工具Vault、Vault根令牌和解封密钥,详细整理部署Vault的详细步骤

时间:2024-05-21 08:59:20浏览次数:26  
标签:INFO core 令牌 0800 00 详细 vault Vault

 


一、深入了解安全工具Vault


Vault是一种开源工具,用于安全地存储、管理和控制访问各种机密信息,如密码、API令牌、安全配置和其他敏感数据。Vault使用强大的加密和安全管理技术来保护这些机密信息,并为应用程序和服务提供安全的访问控制机制。该工具支持各种云平台和技术堆栈,并提供多种API和CLI接口,使其易于集成和使用。Vault的主要特点包括中心化管理、角色分配和权限控制、审计和日志记录、动态秘钥持续更新等。这些功能使得Vault成为一款颇受开发者和企业信赖的安全工具。


二、Vault根令牌和解封密钥的含义和作用


Vault 中的根令牌和解封密钥是用于管理和保护 Vault 中加密数据的重要凭据。

根令牌是 Vault 中的最高权限凭据,拥有此令牌的用户可以在 Vault 中进行任何操作,包括创建和删除机密、管理策略、配置身份验证等。因此,根令牌需要严格保密,并只在必要时进行使用。
解封密钥则是用于解密 Vault 中加密数据的重要凭据,可以用于解密 Vault 的存储密钥,解密后可以访问存储在 Vault 中的机密信息。因此,解封密钥也需要严格保密,通常会将其存储在冷存储中,以防止未经授权的访问和泄露。只有在必要时才使用解封密钥,例如在进行恢复操作或在创建新的存储密钥时。

三、centos7上部署和启动Vault的流程


在CentOS 7上部署和启动Vault可以按照以下步骤进行:

下载Vault二进制文件:可以从官网下载,也可以使用wget命令从Vault的GitHub页面下载。

安装Vault:将Vault二进制文件移到/usr/local/bin目录下,并添加执行权限。

配置Vault:可以在/etc目录下创建一个Vault配置文件,指定Vault的监听地址和端口,以及存储Vault数据的路径。

启动Vault:使用vault server命令启动Vault服务,会自动读取/etc目录下的配置文件并启动服务。

初始化Vault:使用vault init命令初始化Vault,生成一组Root Token和Unseal Key。

解封Vault:使用vault unseal命令输入Unseal Key解封Vault服务。

登录Vault:使用vault login命令输入Root Token登录Vault。

 

四、vault下载地址


vault下载地址:

vault官方下载地址
选择下载的版本

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install vault

五、安装vault


执行命令:

sudo yum install -y yum-utils
sudo yum install -y yum-utils
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
Determining fastest mirrors
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
hashicorp | 1.4 kB 00:00:00
os | 3.6 kB 00:00:00
pgdg-common/7/x86_64/signature | 198 B 00:00:00
pgdg-common/7/x86_64/signature | 2.9 kB 00:00:00 !!!
pgdg11/7/x86_64/signature | 198 B 00:00:00
pgdg11/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg12/7/x86_64/signature | 198 B 00:00:00
pgdg12/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg13/7/x86_64/signature | 198 B 00:00:00
pgdg13/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg14/7/x86_64/signature | 198 B 00:00:00
pgdg14/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg15/7/x86_64/signature | 198 B 00:00:00
pgdg15/7/x86_64/signature | 3.6 kB 00:00:00 !!!
updates | 2.9 kB 00:00:00
(1/2): pgdg-common/7/x86_64/primary_db | 181 kB 00:00:02
(2/2): hashicorp/7/x86_64/primary | 165 kB 00:00:05
hashicorp 1196/1196
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
Nothing to do


执行命令:sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
adding repo from: https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
grabbing file https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo to /etc/yum.repos.d/hashicorp.repo
repo saved to /etc/yum.repos.d/hashicorp.repo

执行命令:sudo yum -y install vault

sudo yum -y install vault
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vault.x86_64 0:1.13.3-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================
Installing:
vault x86_64 1.13.3-1 hashicorp 92 M

Transaction Summary
==================================================================================================================================================
Install 1 Package

Total download size: 92 M
Installed size: 234 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/hashicorp/packages/vault-1.13.3-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID a621e701: NOKEY00:00:00 ETA
Public key for vault-1.13.3-1.x86_64.rpm is not installed
vault-1.13.3-1.x86_64.rpm | 92 MB 00:00:24
Retrieving key from https://rpm.releases.hashicorp.com/gpg
Importing GPG key 0xA621E701:
Userid : "HashiCorp Security (HashiCorp Package Signing) <[email protected]>"
Fingerprint: 798a ec65 4e5c 1542 8c8e 42ee aa16 fcbc a621 e701
From : https://rpm.releases.hashicorp.com/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vault-1.13.3-1.x86_64 1/1Generating Vault TLS key and self-signed certificate...
Generating a 4096 bit RSA private key
.......................++
.................................................................................................++
writing new private key to 'tls.key'
-----
Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'.
Verifying : vault-1.13.3-1.x86_64 1/1

Installed:
vault.x86_64 0:1.13.3-1

Complete!

 

六、启动Vault


执行启动命令:

vault server -dev -dev-root-token-id=“dev-only-token”
vault server -dev -dev-root-token-id="dev-only-token"
==> Vault server configuration:

Api Address: http://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Environment Variables: CLASSPATH, FLINK_HOME, GODEBUG, HADOOP_HOME, HISTFILE, HISTSIZE, HISTTIMEFORMAT, HIVE_HOME, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, MONGODB_HOME, MSSQL_HOME, PATH, PROMPT_COMMAND, PWD, PYTHON3_HOME, QT_GRAPHICSSYSTEM, QT_GRAPHICSSYSTEM_CHECKED, SHELL, SHLVL, SPARK_HOME, SUDO_COMMAND, SUDO_GID, SUDO_UID, SUDO_USER, TERM, TMOUT, USER, USERNAME, XDG_SESSION_ID, ZOOKEEP_HOME, _
Go Version: go1.20.4
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level:
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.13.3, built 2023-06-06T18:12:37Z
Version Sha: 3bedf816cbf851656ae9e6bd65dd4a67a9ddff5e

==> Vault server started! Log data will stream in below:

2023-06-19T10:38:19.735+0800 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2023-06-19T10:38:19.735+0800 [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2023-06-19T10:38:19.736+0800 [INFO] core: Initializing version history cache for core
2023-06-19T10:38:19.736+0800 [INFO] core: security barrier not initialized
2023-06-19T10:38:19.736+0800 [INFO] core: security barrier initialized: stored=1 shares=1 threshold=1
2023-06-19T10:38:19.737+0800 [INFO] core: post-unseal setup starting
2023-06-19T10:38:19.751+0800 [INFO] core: loaded wrapping token key
2023-06-19T10:38:19.751+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T10:38:19.751+0800 [INFO] core: no mounts; adding default mount table
2023-06-19T10:38:19.753+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T10:38:19.753+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T10:38:19.754+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T10:38:19.755+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T10:38:19.756+0800 [INFO] rollback: starting rollback manager
2023-06-19T10:38:19.757+0800 [INFO] core: restoring leases
2023-06-19T10:38:19.758+0800 [INFO] expiration: lease restore complete
2023-06-19T10:38:19.758+0800 [INFO] identity: entities restored
2023-06-19T10:38:19.759+0800 [INFO] identity: groups restored
2023-06-19T10:38:19.759+0800 [INFO] core: Recorded vault version: vault version=1.13.3 upgrade time="2023-06-19 02:38:19.759135384 +0000 UTC" build date=2023-06-06T18:12:37Z
2023-06-19T10:38:19.981+0800 [INFO] core: post-unseal setup complete
2023-06-19T10:38:19.981+0800 [INFO] core: root token generated
2023-06-19T10:38:19.981+0800 [INFO] core: pre-seal teardown starting
2023-06-19T10:38:19.981+0800 [INFO] rollback: stopping rollback manager
2023-06-19T10:38:19.982+0800 [INFO] core: pre-seal teardown complete
2023-06-19T10:38:19.982+0800 [INFO] core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2023-06-19T10:38:19.982+0800 [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2023-06-19T10:38:19.982+0800 [INFO] core: post-unseal setup starting
2023-06-19T10:38:19.982+0800 [INFO] core: loaded wrapping token key
2023-06-19T10:38:19.982+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T10:38:19.984+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T10:38:19.984+0800 [INFO] rollback: starting rollback manager
2023-06-19T10:38:19.984+0800 [INFO] core: restoring leases
2023-06-19T10:38:19.985+0800 [INFO] identity: entities restored
2023-06-19T10:38:19.985+0800 [INFO] identity: groups restored
2023-06-19T10:38:19.985+0800 [INFO] expiration: lease restore complete
2023-06-19T10:38:19.985+0800 [INFO] core: post-unseal setup complete
2023-06-19T10:38:19.985+0800 [INFO] core: vault is unsealed
2023-06-19T10:38:19.987+0800 [INFO] expiration: revoked lease: lease_id=auth/token/root/h272562f04a210e20b2b4d865e2a84db2d53929c149d30e4e06dcd93ebe88dbac
2023-06-19T10:38:19.989+0800 [INFO] core: successful mount: namespace="" path=secret/ type=kv version=""
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

$ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: DY/t5B7OSPzH1XZq5RJoEr0o7l4Ea5epNl9h0b/zaF4=
Root Token: dev-only-token

Development mode should NOT be used in production installations!


如上所示,成功启动Vault,至此成功安装部署Vault

注意命令行输出的解封密钥和根令牌,要妥善保存解封密钥和根令牌:

Unseal Key: DY/t5B7OSPzH1XZq5RJoEr0o7l4Ea5epNl9h0b/zaF4=
Root Token: dev-only-token

[root@mcw02 ~]# curl   https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo -o /etc/yum.
yum.conf     yum.repos.d/ 
[root@mcw02 ~]# curl   https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo -o /etc/yum.repos.d/hashicorp.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   381  100   381    0     0     54      0  0:00:07  0:00:06  0:00:01    86
[root@mcw02 ~]# yum -y install vault
Loaded plugins: fastestmirror
base                                                                                                                                            | 3.6 kB  00:00:00     
epel                                                                                                                                            | 4.3 kB  00:00:00     
extras                                                                                                                                          | 2.9 kB  00:00:00     
glusterfs                                                                                                                                       | 2.9 kB  00:00:00     
hashicorp                                                                                                                                       | 1.4 kB  00:00:00     
salt-3004-repo                                                                                                                                  | 2.9 kB  00:00:00     
selfmcw                                                                                                                                         | 2.9 kB  00:00:00     
updates                                                                                                                                         | 2.9 kB  00:00:00     
zabbix                                                                                                                                          | 2.9 kB  00:00:00     
zabbix-non-supported                                                                                                                            | 2.9 kB  00:00:00     
(1/6): epel/x86_64/group                                                                                                                        | 399 kB  00:00:00     
(2/6): extras/7/x86_64/primary_db                                                                                                               | 253 kB  00:00:00     
(3/6): epel/x86_64/updateinfo                                                                                                                   | 1.0 MB  00:00:01     
(4/6): hashicorp/7/x86_64/primary                                                                                                               | 243 kB  00:00:01     
(5/6): epel/x86_64/primary_db                                                                                                                   | 8.7 MB  00:00:10     
(6/6): updates/7/x86_64/primary_db                                                                                                              |  27 MB  00:00:33     
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
hashicorp                                                                                                                                                    1762/1762
Resolving Dependencies
--> Running transaction check
---> Package vault.x86_64 0:1.16.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================
 Package                               Arch                                   Version                                  Repository                                 Size
=======================================================================================================================================================================
Installing:
 vault                                 x86_64                                 1.16.2-1                                 hashicorp                                 143 M

Transaction Summary
=======================================================================================================================================================================
Install  1 Package

Total download size: 143 M
Installed size: 402 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/hashicorp/packages/vault-1.16.2-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID a621e701: NOKEY] 7.2 MB/s | 141 MB  00:00:00 ETA 
Public key for vault-1.16.2-1.x86_64.rpm is not installed
vault-1.16.2-1.x86_64.rpm                                                                                                                       | 143 MB  00:00:25     
Retrieving key from https://rpm.releases.hashicorp.com/gpg
Importing GPG key 0xA621E701:
 Userid     : "HashiCorp Security (HashiCorp Package Signing) <[email protected]>"
 Fingerprint: 798a ec65 4e5c 1542 8c8e 42ee aa16 fcbc a621 e701
 From       : https://rpm.releases.hashicorp.com/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : vault-1.16.2-1.x86_64                                                                                                                               1/1Generating Vault TLS key and self-signed certificate...
Generating a 4096 bit RSA private key
.......................................................................................................................................................++
............................................++
writing new private key to 'tls.key'
-----
Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'.
  Verifying  : vault-1.16.2-1.x86_64                                                                                                                               1/1 

Installed:
  vault.x86_64 0:1.16.2-1                                                                                                                                              

Complete!
[root@mcw02 ~]# vault server -dev -dev-root-token-id=“dev-only-token”
==> Vault server configuration:

Administrative Namespace: 
             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
   Environment Variables: HADOOP_HOME, HISTCONTROL, HISTIMEFORMAT, HISTSIZE, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, PATH, PORMPT_COMMADN, PWD, SHELL, SHLVL, SSH_CLIENT, SSH_CONNECTION, SSH_TTY, TERM, USER, XDG_RUNTIME_DIR, XDG_SESSION_ID, _
              Go Version: go1.21.9
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", disable_request_limiter: "false", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: 
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.16.2, built 2024-04-22T16:25:54Z
             Version Sha: c6e4c2d4dc3b0d57791881b087c026e2f75a87cb

==> Vault server started! Log data will stream in below:

2024-05-21T08:40:29.857+0800 [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-05-21T08:40:29.857+0800 [INFO]  incrementing seal generation: generation=1
2024-05-21T08:40:29.857+0800 [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2024-05-21T08:40:29.857+0800 [INFO]  core: Initializing version history cache for core
2024-05-21T08:40:29.857+0800 [INFO]  events: Starting event system
2024-05-21T08:40:29.858+0800 [INFO]  core: security barrier not initialized
2024-05-21T08:40:29.858+0800 [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
2024-05-21T08:40:29.858+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:40:29.873+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:40:29.873+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:40:29.873+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:40:29.873+0800 [INFO]  core: no mounts; adding default mount table
2024-05-21T08:40:29.874+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:40:29.875+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:40:29.875+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:40:29.878+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:40:29.878+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:40:29.879+0800 [INFO]  core: restoring leases
2024-05-21T08:40:29.880+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:40:29.880+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:40:29.880+0800 [INFO]  identity: entities restored
2024-05-21T08:40:29.880+0800 [INFO]  identity: groups restored
2024-05-21T08:40:29.881+0800 [INFO]  core: Recorded vault version: vault version=1.16.2 upgrade time="2024-05-21 00:40:29.881043663 +0000 UTC" build date=2024-04-22T16:25:54Z
2024-05-21T08:40:29.881+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:40:29.881+0800 [INFO]  core: root token generated
2024-05-21T08:40:29.881+0800 [INFO]  core: pre-seal teardown starting
2024-05-21T08:40:29.881+0800 [INFO]  rollback: stopping rollback manager
2024-05-21T08:40:29.881+0800 [INFO]  core: pre-seal teardown complete
2024-05-21T08:40:29.882+0800 [INFO]  core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2024-05-21T08:40:29.882+0800 [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2024-05-21T08:40:29.882+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:40:29.882+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:40:29.882+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:40:29.882+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:40:29.884+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:40:29.884+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:40:29.884+0800 [INFO]  core: restoring leases
2024-05-21T08:40:29.884+0800 [INFO]  identity: entities restored
2024-05-21T08:40:29.884+0800 [INFO]  identity: groups restored
2024-05-21T08:40:29.884+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:40:29.884+0800 [INFO]  core: vault is unsealed
2024-05-21T08:40:29.886+0800 [INFO]  expiration: revoked lease: lease_id=auth/token/root/h3514d1c95b4d2e0108dc129ebd305e12342b57fb544e4ccd978af76ebfdb3b5d
2024-05-21T08:40:29.930+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:40:29.930+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:40:29.932+0800 [INFO]  core: successful mount: namespace="" path=secret/ type=kv version="v0.17.0+builtin"
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: +sPbWdhzUK3Xr+s4SiW4Jvy7T7iGkW1rNsdTtCnXo78=
Root Token: “dev-only-token”

Development mode should NOT be used in production installations!

夯住不动

 

 

 

七、总结和延伸


总结:

至此成功安装部署Vault
延展:

下一篇详细了解下如何应用安全工具Vault

 

 

 

 

 


原文链接:https://blog.csdn.net/zhengzaifeidelushang/article/details/131283430

 

标签:INFO,core,令牌,0800,00,详细,vault,Vault
From: https://www.cnblogs.com/machangwei-8/p/18203229

相关文章

  • web259(超详细)
    SoapClient看完之后还不是很懂的话就可以去下面的两个网址去补充一下SoapClient是PHP中用于与SOAP(SimpleObjectAccessProtocol)服务进行通信的内置类。SOAP是一种基于XML的协议,用于在分布式环境中交换结构化信息。以下是关于SoapClient类的详细解释:创建SoapClien......
  • 跨平台应用开发进阶(八) :uni-app 实现Android原生APP-云打包集成极光推送(JG-JPUSH)详
    跨平台应用开发进阶(八):uni-app实现Android原生APP-云打包集成极光推送(JG-JPUSH)详细教程:https://blog.csdn.net/sunhuaqiang1/article/details/124337987?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522171619616916800182772309%2522%252C%2522scm%2522%253A%252......
  • 无法加载文件 C:\Program Files\nodejs\pnpm.ps1,因为在此系统上禁止运行脚本。有关
    无法加载文件C:\ProgramFiles\nodejs\pnpm.ps1,因为在此系统上禁止运行脚本。有关详细信息,请参阅https:/go.micros  原因:现用执行策略是Restricted(默认设置)解决方法:1、使用管理员的身份打开powershell, win+x2、输入set-executionpolicyremotesigned后按y,问题得......
  • Spring 对于事务上的应用的详细说明
    1.Spring对于事务上的应用的详细说明@目录1.Spring对于事务上的应用的详细说明每博一文案2.事务概述3.引入事务场景3.1第一步:准备数据库表3.2第二步:创建包结构3.3第三步:准备对应数据库映射的Bean类3.4第四步:编写持久层3.5第五步:编写业务层3.6第六步:编写Spring配置......
  • GoF之代理模式(静态代理+动态代理(JDK动态代理+CGLIB动态代理带有一步一步详细步骤))
    1.GoF之代理模式(静态代理+动态代理(JDK动态代理+CGLIB动态代理带有一步一步详细步骤))@目录1.GoF之代理模式(静态代理+动态代理(JDK动态代理+CGLIB动态代理带有一步一步详细步骤))每博一文案2.代理模式的理解3.静态代理4.动态代理4.1JDK动态代理4.1.1JDK动态代理中(获取到目......
  • Spring IoC注解式开发无敌详细(细节丰富)
    1.SpringIoC注解式开发无敌详细(细节丰富)@目录1.SpringIoC注解式开发无敌详细(细节丰富)每博一文案2.注解回顾3.Spring声明Bean的注解3.1Spring注解的使用3.1.1特别的:如果要扫描的是多个包3.1.2Spring选择性实例化Bean对象3.2通过注解实现“Spring的注入”3.2.1@Value......
  • Spring 面向切面编程AOP 详细讲解
    1.Spring面向切面编程AOP详细讲解@目录1.Spring面向切面编程AOP详细讲解每博一文案2.AOP介绍说明2.1AOP的七大术语2.2AOP当中的切点表达式3.使用Spring对AOP的实现使用3.1准备工作3.2Spring基于AspectJ的AOP注解式开发3.2.1实现步骤3.2.2各个通知类型的说明3......
  • 免费解锁Windows 11的HEVC支持:轻松播放4K电影的详细步骤
    Windows11安装完成后,用电影和电视这个应用打开4K或者8K的MP4文件时,提示缺少解码器以下就是本人解决过程第一步:查找HEVC扩展的页面直接浏览器打开:https://apps.microsoft.com/,搜索HEVC扩展,得到以下页面)复制地址栏的网址,如上图红框第二步:获取HEVC扩展的下载链接直接浏览器......
  • WordPress古腾堡编辑器和经典编辑器详细对比,哪个好用?
    WordPress古腾堡编辑器(GutenbergEditor)是WordPress5.0版本引入的默认编辑器,取代了之前的经典编辑器。古腾堡编辑器的设计理念是基于“块”(blocks),让用户能够更直观、灵活地编辑内容。WordPress经典编辑器是WordPress5.0版本之前的默认编辑器,它采用传统的单个文本框界面,用户可以......
  • CommunityToolkit从入门到精通(详细版)
    MVVM基础 Model:负责存储数据,以及对数据的处理。View:负责展示数据,以及与用户的交互。ViewModel:负责将Model的数据在View中显示出来,同时也负责将View中的事件传递给Model。可以说,ViewModel是Model和View之间的桥梁。组件模型(ComponentModel)ObservableObject......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99